API Gateway User Guide
11g Release 2 (11.1.2.1.0)
Oracle API Gateway User Guide, 11g Release 2 (11.1.2.1.0)
Copyright © 1999, 2013, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. This documentation is in prerelease status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.
The information contained in this document is for informational sharing purposes only and should be considered in your capacity as a customer advisory board member or pursuant to your beta trial agreement only. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.
This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle Software License and Service Agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
Contents
- 1. Getting Started
-
- Oracle API Gateway Overview
- Oracle API Gateway Architecture
- Oracle API Gateway Concepts
- Starting the API Gateway Tools
- Virtualizing a Service
-
- Overview
- Accessing the Example Service
- Creating a Workspace in API Service Manager
- Step 1—Basic Information
- Step 2—Service Exposure
- Step 3—Request Processing
- Step 4—Routing
- Step 5—Response Processing
- Step 6—Monitoring
- Step 7—Tags
- Deploying to a Group
- Accessing the Virtualized Service
- Monitoring a Service
- Monitoring Services
- Troubleshooting
- License Acknowledgments
- Oracle Contact Details
- 2. Sample Policies
- 3. Managing API Services
- 4. Governance
- 5. Managing Deployments
-
- Getting Started with Managing Deployments
- Deploying Configuration
-
- Overview
- Creating a Deployment Archive in the Policy Studio
- Deploying a Deployment Archive in the Policy Studio
- Deploying a Factory Configuration in the Policy Studio
- Deploying a Currently Loaded Configuration in the Policy Studio
- Deployment Summary in the Policy Studio
- Deploying an Archive in API Gateway Manager
- Deploying on the Command Line
- Deploying the API Gateway in Multiple Environments
- Managing Admin Users
- Configuring Role-Based Access Control (RBAC)
- Using Active Directory for Authentication and RBAC of Management Services
-
- Overview
- Step 1: Create an Active Directory Group
- Step 2: Create an Active Directory User
- Step 3: Create an LDAP Connection
- Step 4: Create an LDAP Repository
- Step 5: Create a Test Policy for LDAP Authentication and RBAC
- Step 6: Use the LDAP Policy to Protect Management Services
- Adding an LDAP User with Limited Access to Management Services
- Using OpenLDAP for Authentication and RBAC of Management Services
-
- Overview
- Step 1: Create an OpenLDAP Group for RBAC Roles
- Step 2: Add RBAC Roles to the OpenLDAP RBAC Group
- Step 3: Add Users to the OpenLDAP RBAC Group
- Step 4: Create an LDAP Connection
- Step 5: Create an OpenLDAP Repository
- Step 6: Create a Test Policy for LDAP Authentication and RBAC
- Step 7: Use the OpenLDAP Policy to Protect Management Services
- 6. General Configuration
-
- Startup Instructions
- Connection Details
- Global Configuration
- Server Configuration
- API Gateway Settings
- Policy Studio Preferences
- Policy Studio Viewing Options
- Web Service Repository
- Setting the Encryption Passphrase
- Default Settings
- Namespace Settings
- MIME/DIME Settings
- Session Settings
- Exporting API Gateway Configuration
- Importing API Gateway Configuration
- 7. Reporting
- 8. API Gateway Instances
-
- Configuring API Gateway Instances
- Configuring HTTP Services
- Configuring SMTP Services
-
- Overview
- Adding an SMTP Service
- Adding an SMTP Interface
- Configuring Policy Handlers for SMTP Commands
- Adding an HELO/EHLO Policy Handler
- Adding an AUTH Policy Handler
- Adding a MAIL Policy Handler
- Adding a RCPT Policy Handler
- Adding a DATA Policy Handler
- SMTP Authentication
- SMTP Content-Transfer-Encoding
- Deployment Example
- File Transfer Service
- Policy Execution Scheduling
- FTP Poller
- Directory Scanner
- Packet Sniffers
- Messaging System
- Remote Host Settings
- Configuring an HTTP Watchdog
- Configuring Conditions for HTTP Interfaces
- POP Client
- TIBCO Integration
- Cryptographic Acceleration
- Cryptographic Acceleration Conversation: Request-Response
- TIBCO Rendezvous Daemon
- TIBCO Rendezvous Listener
- TIBCO Enterprise Messaging Service Consumer
- Oracle Security Service Module Settings (10g)
- 9. Resources
-
- Certificates and Keys
- API Gateway Users
- Global Schema Cache
- External Connections
-
- Overview
- Authentication Repository Profiles
- Connection Sets
- Database Connections
- ICAP Servers
- JMS Services
- Kerberos Connections
- LDAP Connections
- OCSP Connections
- Proxy Servers
- RADIUS Clients
- SiteMinder
- SMTP Servers
- SOA Security Manager
- Syslog Servers
- TIBCO
- Tivoli
- URL Connection Sets
- XKMS Connections
- Global Caches
- 10. Attributes
-
- Compare Attribute
- Extract REST Request Attributes
- Extract WSS Timestamp
- Extract WSS UsernameToken
- Extract WSS Header
- Get Cookie
- Retrieve Attribute from Database
- Retrieve Attributes from Directory Server
- Retrieve Attribute from HTTP Header
- Insert SAML Attribute Assertion
- Retrieve Attributes with JSON Path
- Retrieve Attribute from Message
- Retrieve Attribute from SAML Attribute Assertion
- SAML PDP Attributes
- Retrieve Attribute from User Store
- 11. Authentication
-
- Attribute Authentication
- Authenticate API Key
- CA SOA Security Manager Authentication
- HTML Form-based Authentication
- HTTP Basic Authentication
- HTTP Digest Authentication
- HTTP Header Authentication
- IP Address
- SAML Authentication
- SAML PDP Authentication
- Insert SAML Authentication Assertion
- Insert Timestamp
- Insert WS-Security Username Token
- Kerberos Client Authentication
- Kerberos Service Authentication
- Kerberos Configuration
- Kerberos Clients
- Kerberos Services
- Kerberos Principals
- Kerberos Keytab
- SAML Authentication XML-Signature Verification
- XML Signature Authentication
- SSL Authentication
- Security Token Service Client
- WS-Security Username Authentication
- 12. Authorization
-
- Attributes
- Certificate Attributes
- RSA Access Manager Authorization
- Entrust GetAccess Authorization
- Insert SAML Authorization Assertion
- RBAC Filter
- SAML Authorization Assertion
- SAML PDP Authorization
- Tivoli Integration
- Tivoli Authorization
- Retrieve Attributes from Tivoli
- CA SOA Security Manager Authorization
- SAML Authorization XML-Signature Verification
- XACML Policy Enforcement Point
- 13. CA SiteMinder
- 14. Certificates
-
- Static CRL Certificate Validation
- Dynamic CRL Certificate Validation
- CRL LDAP Validation
- CRL Responder
- Create Thumbprint from Certificate
- Certificate Validity
- Find Certificate
- Extract Certificate Attributes
- Certificate Chain Check
- OCSP Certificate Validation
- OCSP Certificate Validation Connection
- Validate Server's Certificate Store
- XKMS Certificate Validation
- XKMS Certificate Validation Connection
- 15. Cache
- 16. Content Filtering
-
- ClamAV Anti-Virus
- Content Type Filtering
- Content Validation
- HTTP Header Validation
- ICAP Filter
- McAfee Anti-Virus
- Message Size
- Query String Validation
- Schema Validation
- JSON Schema Validation
- Sophos Anti-Virus
- Threatening Content
- Throttling
- Validate Message Attributes
- Validate REST Request
- Validate Timestamp
- WS-SecurityPolicy Layout
- XML Complexity
- 17. Conversion
-
- Add HTTP Header
- JSON Add Node
- Add XML Node
- Contivo Transformation
- Multipart Bodypart Conversion
- Create Cookie
- Create REST Request
- Set HTTP Verb
- Insert MTOM Attachment
- JSON to XML
- Extract MTOM Attachment
- Load File
- Remove Attachments
- Remove HTTP Header
- JSON Remove Node
- Remove XML Node
- Restore Message
- Store Message
- Set Message
- XSLT Transformation
- XML to JSON
- 18. Encryption
- 19. Integrity
- 20. Fault Handlers
- 21. Monitoring
- 22. OAuth
-
- API Gateway OAuth 2.0 Introduction
- Configuring and Managing OAuth 2.0
- API Gateway OAuth 2.0 Authentication Flows
- OAuth Access Token Information
- Access Token using Authorization Code
- Access Token using Client Credentials
- Access Token using JWT
- Authorization Code Flow
- Authorize Transaction
- Refresh Access Token
- Resource Owner Credentials
- Revoke a Token
- Validate Access Token
- 23. Oracle Access Manager
- 24. Oracle Entitlements Server
- 25. Resolvers
- 26. Routing
-
- Getting Started with Routing Configuration
-
- Overview
- Proxy or Endpoint Server
- Service Virtualization
- Choosing the Correct Routing Filters
- Case 1: Proxy without Service Virtualization
- Case 2: Proxy with Service Virtualization
- Case 3: Endpoint without Service Virtualization
- Case 4: Endpoint with Service Virtualization
- Case 5: Simple Redirect
- Case 6: Routing on to an HTTP Proxy
- Summary
- Routing Wizard
- Call Internal Service
- Connection
- Connect to URL
- Dynamic Router
- Extract Path Parameters
- File Download
- File Upload
- HTTP Redirect
- HTTP Status Code
- Insert WS-Addressing
- Messaging System Filter
- Read WS-Addressing
- Rewrite URL
- Save to File
- SMTP Routing
- Static Router
- TIBCO Rendezvous Routing
- TIBCO Enterprise Messaging Service Routing Filter
- TIBCO Enterprise Messaging Service Connection
- Wait for Response Packets
- Proxy Servers
- 27. Security Services
- 28. WS-Trust
- 29. Extensibility
-
- Advanced Filter View
- Selecting Configuration Values at Runtime
- Key Property Stores
- Scripting Language Filter
- Writing a Custom Filter using the Oracle API Gateway SDK
-
- Overview
- Policies, Filters, and Message Attributes
- Oracle API Gateway SDK Overview
- Tutorial Prerequisites
- Oracle API Gateway SDK Sample Overview
- Step 1: Create the Typedocs
- Step 2: Create the Filter Class
- Step 3: Create Processor Class
- Step 4: Create Policy Studio Classes
- Step 5: Build Classes
- Step 6: Load TypeDocs
- Step 7: Construct a Policy
- Step 8: Configure the SimpleFilter
- Conclusion
- 30. Utility
-
- Abort Filter
- Check Group Membership
- Configuration Web Service
- Copy/Modify Attributes
- Evaluate Expression
- Execute External Process
- False Filter
- HTTP Parser
- Insert BST
- Invoke Policy per Message Body
- Locate XML Nodes
- Pause Filter
- Policy Shortcut
- Policy Shortcut Chain
- Quote of the Day
- Reflect Message Filter
- Reflect Message And Attributes Filter
- Remove Attribute
- Set Response Status
- Set Attribute
- String Replace Filter
- Switch on Attribute Value
- Time Filter
- Trace Filter
- True Filter
- 31. Web Services
- 32. Common Configuration
-
- Authentication Repository
- Certificate Chain Check
- Certificate Validation
- Compressed Content Encoding
- Configuring Connection Groups
- Configuring Cron Expressions
- Database Connection
- Database Query
- Configuring ICAP Servers
- Configuring LDAP Directories
- RADIUS Clients
- SAML PDP Response XML-Signature Verification
- Signature Location
- SMTP Servers
- Configuring a Transparent Proxy
- Retrieving WSDL Files from a UDDI Registry
- Connecting to a UDDI Registry
- Publishing WSDL Files to a UDDI Registry
-
- Overview
- Finding WSDL Files
- Publishing WSDL Files
- Step 1: Enter Virtualized Service Address and WSDL URL for Publishing in UDDI Registry
- Step 2: View WSDL to UDDI Mapping Result
- Step 3: Select a Registry for Publishing
- Step 4: Select a Duplicate Publishing Approach
- Step 5: Create or Search for Business
- Step 6: Publish WSDL
- LDAP User Search
- Configuring URL Groups
- What To Sign
- Configuring XPath Expressions
- 33. Reference
