Thursday, October 31, 2013

Disabling AIA FP WS Security Policyset

AIA FP comes with global web services security policy set as part of foundation pack installation as below.






Policy sets gets attached to your composite based on name. e.g. "oracle/aia_wss10_saml_token_client_policy_OPT_ON" policy gets attached to all composites with ABCS in it, as per below screen shots. 



WS security header would be required if it is getting called from outside (as I believe internal calls would be supplied with WS security stuff as part of client policies). If you have policy enabled, you can use blog to when you are calling the service from external source.

To disable the policy set attached to your Composites, you can individually goto each Policy Set, and disable it, or run following script:




cd $SOA_HOME/common/bin
wlst
connect('weblogic','***','t3://admin-host:admin-port')

beginRepositorySession()
modifyPolicySet('AIA_EBS_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_EBF_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_ABCS_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_Producer_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_ABF_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_B2BCS_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_Consumer_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_Producer_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_ABCS_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_ABF_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_EBF_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_Adapter_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_EBS_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_B2BCS_WSServicePolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_Adapter_WSClientPolicySet')
enablePolicySet(false)
commitRepositorySession() 

beginRepositorySession()
modifyPolicySet('AIA_Consumer_WSServicePolicySet')                          
enablePolicySet(false)
commitRepositorySession() 


In EM console, sometime you have to re-login or go to one of the policy sets, so that it will refresh the flag and it will show all policy sets disabled.

We also ended up disabling Policy attached to individual Composite, as it doesn't allow disabling Policy via WLST like it does for Policy Set

enableWebServicePolicy(None, 'default/AIASessionPoolManager[1.0]', 'soa', 'client', 'AIASessionPoolManager', 'oracle/aia_wss_saml_or_username_token_service_policy_OPT_ON', false, None )
enableWebServicePolicy(None, 'default/AIAErrorTaskAdministrationProcess[1.0]', 'soa', 'aiaerrortaskadministrationprocess_client_ep', 'AIAErrorTaskAdministrationProcess_pt', 'oracle/aia_wss_saml_or_username_token_service_policy_OPT_ON', false, None )
enableWebServicePolicy(None, 'default/AIAAsyncErrorHandlingBPELProcess[1.0]', 'soa', 'client', 'AIAAsyncErrorHandlingBPELProcess', 'oracle/aia_wss_saml_or_username_or_http_token_service_policy_OPT_ON', false, None )



if you get error : "Try to use server name with application name. Multiple server targets deployed for application", refer to this blog

No comments: