Failed To Invoke Secured UCM11g(Cloud) Webservice From SOA Composite Using CSF Key (Doc ID 2046122.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Fusion Global Human Resources Cloud Service - Version 11.1.9.2.0 and later
Information in this document applies to any platform.

Symptoms

When  invoking the Cloud hosted UCM11g Webservice from a SOA composite for uploading and downloading files from UCM developers have problems.

Developers call the Service WSDL : https://fs-<host>.oracleoutsourcing.com/idcws/GenericSoapPort?wsdl (hosted in Cloud). The Service is secured by OWSM policy(wss11_saml_or_username_token_with_message_protection_service_policy) and X509Certificate.  Administrators configured the SOA environment Security section using the cloud certificate , configured the credentials and security provider configuration in Enterprise Manager console and generated the CSF key.

An error is returned while invoking "GenericSoapPort?wsdl" using the same CSF key. When Invoking the "GenericSoapPort?wsdl" by hard-coding the same "Username" and "Password" used in CSF key in Composite.xml of the SOA composite one is able to invoke the service properly.


 "The following Fault Message is received at the client side from the service:- [[
GenericFault : generic error.

 
The issue can be reproduced at will with the following steps:
1. Configure  the SOA environment security section using the cloud certificate,  configured the Credentials and Security Provider Configuration in the Enterprise Manager console and generate the CSF key .

2. Develop one SOA Composite to invoke the WSDL("GenericSoapPort?wsdl" ) and attach the wss11_username_token_with_message_protection_client_policy and the csf key .

3. Call https://fs-<host>.oracleoutsourcing.com/idcws/GenericSoapPort?wsdl from a composite.

Note : The same CSF key is working for other Oracle seeded Webservices shown below:
https://hcm-<host>.oracleoutsourcing.com/hcmCommonBatchLoader/LoaderIntegrationService?wsdl
https://hcm-<host>.oracleoutsourcing.com/hcmProcFlowCoreController/FlowActionsService?wsdl )

4. Invoke the "GenericSoapPort?wsdl" by hard-coding the same "Username" and "Password" used in the CSF key in Composite.xml of the SOA composite and one can invoke the service properly.

Hard-coding Username" and "Password" is not standard and for authentication CSF key is best option which is not working for this service.

5. User's reviewed the manual below but do not want to use key exchange. The developer wants to use the OWSM policy. Document Transfer Utility is working but we trying to load file using UCM Webservice i.e GenericSoapPort?wsdl


HCM_Connect_User_Guide.pdf page 29
4.0 managing the transfer yourself

6. User's did try exporting the certificate in different way by following section "Manually create the certificate file" of Doc Id 1563366.1 (Developing a SOA client to invoke secure DOO service) without success.

soa_server1-diagnostic.log

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms