This chapter describes setting up the Oracle Communications Services Gatekeeper SDK for use. The chapter includes information on:
To install the Oracle Communications Services Gatekeeper SDK:
|Note:||The sample domain that is provided with the Oracle Communications Services Gatekeeper SDK can be used directly. Separate domain configuration is unnecessary.|
If you are using the GUI-based installer on a Windows machine, do the following:
|Note:||You can also include the
If you are using the GUI-based installer on a UNIX/Linux machine, do the following:
|Note:||You can also include the
The installation program prompts you to enter specific information about your system and configuration. For instructions on responding to the prompts during installation, see the following table.
Specify the BEA Home directory that will serve as the central support directory for the installed on the target system. If you already have a BEA Home directory on your system, you can select that directory (recommended) or create a new BEA Home directory.
Specify the directory in which you want to install the Oracle Communications Services Gatekeeper software. This is the directory from which information will be copied during the domain configuration phase. Once you have chosen your directory, click Next. You can accept the default product directory (ocsg_4.1) or create a new product directory.
Specify the Start menu folder in which you want the Start menu shortcuts created. You can select from the following options:
Selecting this option provides all users registered on the machine with access to the installed software. However, only users with Administrator privileges can create shortcuts in the All Users folder. Therefore, if a user without Administrator privileges uses the Configuration Wizard to create domains, Start menu shortcuts to the domains are not created. In this case, users can manually create shortcuts in their local Start menu folders, if desired. Press ALT+Y on the keyboard to select the All Users Start Menu.
Selecting this option ensures that other users registered on this machine will not have access to the Start menu entries for this installation. Press ALT+N on the keyboard to select the Local User's start menu.
Specify whether you want to run the QuickStart application. QuickStart, designed to assist first-time users in evaluating, learning, and using the software, provides quick access to domain configuration wizard. Clear the check box for this option if you do not want to launch QuickStart.
One of the first things you must do in setting up Oracle Communications Services Gatekeeper SDK is to establish Web Services security. Web Services security controls Oracle Communications Services Gatekeeper Simulator’s interactions with Application Service Providers
Web Services Security provides end-to-end message-level security for web services through an implementation of the WS-Security standard. WS-Security defines a mechanism for adding three levels of security to SOAP messages:
Oracle Communications Services Gatekeeper uses WebLogic Server mechanisms for Web Services security- see:
Message level security for SOAP messages is achieved by applying WS-Security and WS-Security policy standards. Authentication is handled transparently by WS-Security and subsequently by the configured authentication providers and login modules of the WebLogic Security framework. WS-Security also supports signing and encrypting a message by providing a security token hierarchy associated with the keys used for signing and encryption (for message integrity and confidentiality).
The following steps outline the general WebLogic security configurations that have to be performed, either automatically using a script or manually from the Administration Console.
This section outlines how to apply an existing WS-Policy and where to find more information about creating and using custom WS-Policies.
This section outlines how to apply a WSSE policy to a Web Service endpoint in the Oracle Communications Services Gatekeeper Simulator.
Standard WebLogic Server mechanisms are used. See Oracle WebLogic Server Management Console On-line Help atfor a full description on how to configure a policy file for a Web Service.
The Oracle Communications Services Gatekeeper Simulator must be started, see Start the Oracle Communications Services Gatekeeper Simulator.
Starting in WebLogic Console:
|Note:||Applying a security policy to a Web Service establishes, by default, both inbound and outbound security policies. Because there is no way for Oracle Communications Services Gatekeeper Simulator to know what security policies may be required by a client to which it is returning a notification, outbound security must be turned off. If you wish to secure the link by which Oracle Communications Services Gatekeeper Simulator returns notifications, you should use SSL.|
|Note:||To turn off outbound security associated with a particular WS-Policy file, you must edit the plan.xml file that is created when you attach Policy to a Web Service, as in step 8 above. Make sure the <value> element is set to
See Oracle WebLogic Server Securing WebLogic Web Services at http://download.oracle.com/docs/cd/E12840_01/wls/docs103/webserv_sec/ for information on how to create and use a custom WS-Policy file.
Also see Oracle WebLogic Server Management Console On-line Help atfor a full description on how to configure a policy file for a Web Service
WS-Policy files can be used to require applications clients to authenticate, digitally encrypt, or digitally sign SOAP messages. Out-of-the-box Oracle Communications Services Gatekeeper supplies files to do those three things, respectively: auth.xml, encrypt.xml, and sign.xml. If the built-in WS-Policy files do not meet your security needs, you can build custom policies.
WS-Policy assertions are used to specify a Web Services’ requirements for digital signatures and encryption, along with the security algorithms and authentication mechanisms that it requires, for example Policy for SAML.