In a previous post, I discussed some general topics relating to the usage of HTTPS and certificates within Oracle Public Cloud. In this follow up piece, I will...
In a previous post, I discussed some general topics relating to the usage of HTTPS and certificates within Oracle Public Cloud. In this follow up piece, I will work through a concrete example and explain how to set up a Java Cloud Service instance in such a way that Integration Cloud Service can consume a service deployed to that platform over HTTPS. The use case we have in mind here is a simple one. A custom REST-based service is deployed to WebLogic on JCS (I'll use a...
In a previous post, I discussed some general topics relating to the usage of HTTPS and certificates within Oracle Public Cloud. In this follow up piece, I will work through a concrete example and...
Introduction Oracle Fusion Applications offers a number of WebServices to allow other applications to incorporate the Fusion Applications functionality. To...
Introduction Oracle Fusion Applications offers a number of WebServices to allow other applications to incorporate the Fusion Applications functionality. To prevent data leakage, these WebServices follow a common security pattern that requires access authentication and message protection using message signing and/or message encryption. To use such a WebService, the WSDL of each service provides all the information that tells the WebService client what needs to be provided to...
Introduction Oracle Fusion Applications offers a number of WebServices to allow other applications to incorporate the Fusion Applications functionality. To prevent data leakage, these WebServices...
Introduction While working on my previous post "Configure SAML 2 for SSO with Oracle BAM Dashboard", I noticed an issue. After SSO to BAM happens from...
Introduction While working on my previous post "Configure SAML 2 for SSO with Oracle BAM Dashboard", I noticed an issue. After SSO to BAM happens from mywebapp1, if I reload the mywebapp1 page, I get prompted for login again. A little debugging pointed me to the session overwrite issue, in which I will get into more detail next. This issue puts a significantly limitation on WebLogic SAML SSO. While it has been documented several times out on the internet, a solution to this...
Introduction While working on my previous post "Configure SAML 2 for SSO with Oracle BAM Dashboard", I noticed an issue. After SSO to BAM happens from mywebapp1, if I reload the mywebapp1 page, I get...
Introduction In a recent customer POC, there is requirement for SSO between an OBIEE dashboard and an Oracle BAM dashboard. SAML is a potential candidate for...
Introduction In a recent customer POC, there is requirement for SSO between an OBIEE dashboard and an Oracle BAM dashboard. SAML is a potential candidate for this kind of point to point SSO. After some googling, I was able to find blogs on configuring SAML1.1 SSO by Vikrant Sawant and SAML 2.0 SSO by Puneeth, but nothing with BAM. So with the guidance of these blogs, I started my own tests with BAM. After several trial and error attempts, I managed to get SAML2 SSO working...
Introduction In a recent customer POC, there is requirement for SSO between an OBIEE dashboard and an Oracle BAM dashboard. SAML is a potential candidate for this kind of point to point SSO. After...
The shift to cloud computing offers a huge number of benefits, but also does introduce some potential risks; the most obvious of these is the need to enable...
The shift to cloud computing offers a huge number of benefits, but also does introduce some potential risks; the most obvious of these is the need to enable integrations - and by implication, the need to transmit sensitive data - across public networks. Fortunately, we already have a pretty good set of standards and techniques for doing this, with the HTTPS (Secure HTTP) protocol taking care of the grunt-work of encryption and server authentication at the transport layer. The...
The shift to cloud computing offers a huge number of benefits, but also does introduce some potential risks; the most obvious of these is the need to enable integrations - and by implication, the...
Introduction On a previous post, I described the usage of OAM's SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to...
Introduction On a previous post, I described the usage of OAM's SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to take advantage of it for securely propagating the end user identity from the client to the backend services. However, that post is written with the assumption that both the JavaScript code and the REST services are protected by the same WebGate. Speaking in HTTP protocol terms, we say they have same origin. Modern web...
Introduction On a previous post, I described the usage of OAM's SAML Identity Assertion in the context of SPA (Single Page Applications) and how easy it is to take advantage of it for securely...
Introduction When you look at the list of Technologies listed in ODI 12.2.1 Topology, you can see a new entry: SOAP Web Services. Prior to having this...
Introduction When you look at the list of Technologies listed in ODI 12.2.1 Topology, you can see a new entry: SOAP Web Services. Prior to having this Technology defined here, developers connecting to Web Services in ODI had to enter all the connectivity details in their packages when they designed the Web Service call. Now they can predefine the connection parameters and security policies, and then focus separately on the implementation of the Web Service call. We will see...
Introduction When you look at the list of Technologies listed in ODI 12.2.1 Topology, you can see a new entry: SOAP Web Services. Prior to having this Technology defined here, developers connecting to...
Know Which Versions of TLS are Supported in Recent Java Versions NOTE: A more comprehensive examination of TLS and what to examine when setting up web service...
Know Which Versions of TLS are Supported in Recent Java Versions NOTE: A more comprehensive examination of TLS and what to examine when setting up web service integrations in Oracle Cloud Saas extensions has been published. See Transport Layer Security (TLS) and Web Service Connections in SaaS Integrations In the twenty-plus years of the Internet’s interaction with the Secure Sockets Layer (SSL) and Transport Level Security (TLS) protocols, there have been some rough...
Know Which Versions of TLS are Supported in Recent Java Versions NOTE: A more comprehensive examination of TLS and what to examine when setting up web service integrations in Oracle Cloud Saas...
Introduction At any given time, organizations are gathering, storing, and transferring millions of records about their customers across multiple enterprise...
Introduction At any given time, organizations are gathering, storing, and transferring millions of records about their customers across multiple enterprise environments. There are various operational settings within Oracle GoldenGate (OGG) that should be set to ensure Personally Identifiable Information (PII), or Sensitive Personal Information (SPI) is not compromised. This article will discuss OGG configuration settings you should employ when replicating data to ensure...
Introduction At any given time, organizations are gathering, storing, and transferring millions of records about their customers across multiple enterprise environments. There are various operational...
