A System Policy To Control Access To a csf-key At The OSB Project Level Does Not Work

(Doc ID 2318348.1)

Last updated on OCTOBER 17, 2017

Applies to:

Oracle Web Services Manager - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Goal

Using a Business service where the policy "oracle/wss_username_token_client_policy" has been attached.  An override value has been set to point to the csf-key that has been created in particular for the OSB project.
Configured a System Policy with the resource being the project name.  This does not work correctly.

If the map is added under the System Policies and set with resource "osb" for Permission class "oracle.wsm.security.WSIdentityPermission", it works without any issues.

For the override setup, the following documentation is being followed:

https://docs.oracle.com/middleware/1221/osb/develop/GUID-EBE2E5A7-973A-439E-888A-F592B77A02FA.htm#OSBDV87962
49.2 Security and Security Policies for Business and Proxy Services
49.2.2 Policy Overrides

https://docs.oracle.com/middleware/1221/osb/develop/GUID-1CE01E95-8B9B-4369-AAC9-28F4C5B6EF63.htm#OSBDV1713
52.2.1 Attaching Oracle Web Services Manager Policies to Oracle Service Bus Services
52.2.1.1 Policy Overrides

According to the documentation Service Bus does not provide well-known keys for override, such as sign key alias or CSF key, which points to user credentials in a CSF store. (Service Bus provides user credentials in the service account.)

This approach works for SOA at the project level but only at a higher level for OSB, and not at the project level.

Is there a way to set this up in OSB similar to how it works in SOA?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms