My Oracle Support Banner

Oauth2 Invocation - Secure Access To The Csf Keys (Doc ID 2703979.1)

Last updated on AUGUST 02, 2023

Applies to:

Oracle Web Services Manager - Version and later
Information in this document applies to any platform.


While following the steps mentioned in this blog, to authorize access to BPEL web services through OAuth2, an issue is encountered.

It is not possible to restrict access to a specific composite using step 11 of the blog:

11. In the “Resource Name” enter the SOA Composite name in the following format exactly,

substituting your composite name for <composite_name>:“resource=<composite_name>,”).

Whether the default map or the custom map, this is not possible.

The goal is to get it working in a custom map in order to secure access to the keys by the map.

In the default map, every process/composite would have access to the key, and the WSIdentityPermission applies for a map.

While doing the invocation using resource=<composite_name>,”, the following error is generated:


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.