Skip navigation.

eDocs Home > BEA WebLogic Network Gatekeeper 1.0 Documentation > User's Guide > Application Connection - Web Services

User's Guide

  Previous Next vertical dots separating previous/next from contents/index/pdf Contents View as PDF  
Get
Adobe Reader

Application Connection - Web Services

The following sections describe connecting to BEA WebLogic Network Gatekeeper through Web Services:

 

About Web Services applications

For an application to connect to BEA WebLogic Network Gatekeeper through Web Services, the application must have access to the Extended API or Parlay X WSDL files deployed in BEA WebLogic Network Gatekeeper's web server. Both the Extended API and Parlay X WSDL consist of one file for each service and the file's are deployed in BEA WebLogic Network Gatekeeper's web server at BEA WebLogic Network Gatekeeper installation.

If the application have been implemented using WSDL files with the same version but from another source than BEA WebLogic Network Gatekeeper to connect to, the application developer has to re-generate the Java (or other programming language) interface with WSDL files from BEA WebLogic Network Gatekeeper the application will connect to.

 

Distributing the WSDL files

The Parlay X WSDL files, can be downloaded from :

http:/<IP-address>/parlayx/servlet/AxisServlet

The Extended Web Services WSDL files can be downloaded from:

http:/<IP-address>/wespa/servlet/AxisServlet

The Parlay X WSDL files for the notification interfaces can be downloaded from:

http:/<IP-address>/parlayX/wsdl

The Extended APIs Web Services WSDL files for the notification interfaces can be downloaded from:

http:/<IP-address>/wespa/wsdl

Where <IP-address> is the IP address of BEA WebLogic Network Gatekeeper host where the axis servlet engine executes. The files are named <serviceName>Listener.wsdl and parlayx_<serviceName>.wsdl.

 

Registering service providers and applications

See Service Provider and Application Administration.

 

Enabling a secure SSL connection to an application

The connection between BEA WebLogic Network Gatekeeper and an application can be encrypted using SSL.

Two variants are supported:

Both variants use X.509 certificates, with a private key and a public certificate.

One-way authenticated connections

When an application uses a Web Service provided by BEA WebLogic Network Gatekeeper, the WebLogic Network Gatekeeper must import it's own private key and the application needs the WebLogic Network Gatekeeper's public certificate.

When an application provides a Web Service, the application's public certificate must be imported to the WebLogic Network Gatekeeper and the application needs it's own private key.

The WebLogic Network Gatekeeper acts as a...

WebLogic Network Gatekeeper must import

An Application needs

Server (provides a Web Service)

WebLogic Network Gatekeeper's private key

WebLogic Network Gatekeeper's public certificate

Client (uses a Web Service)

Application's public certificate

Application's private key

Table 4-1 Certificate exchange for one-way authenticated sessions

Two-way authenticated connections

In addition to the setup necessary for one-way authenticated sessions, the following must also be configured for two-way authenticated sessions.

When an application uses a Web Service provided by BEA WebLogic Network Gatekeeper, the WebLogic Network Gatekeeper must import the application's certificate and the application needs it's own private key.

When an application provides a Web Service, the WebLogic Network Gatekeeper's private key must be imported to the WebLogic Network Gatekeeper and the application needs the WebLogic Network Gatekeeper's public certificate.

The WebLogic Network Gatekeeper acts as a...

WebLogic Network Gatekeeper must import

An Application needs

Server (provides a Web Service)

WebLogic Network Gatekeeper's private key

Application's public certificate

WebLogic Network Gatekeeper's public certificate

Application's private key

Client (uses a Web Service)

WebLogic Network Gatekeeper's private key

Application's public certificate

Application's private key

Application's public certificate

Table 4-2 Certificate exchange for two-way authenticated sessions

 

About the certificate builder

The certificate builder is a tool for generating user certificates and private keys. It can be used stand alone and through an Network Gatekeeper Management Tool. The same functions are provided in both cases. The stand alone version of the certificate builder is shown in Figure 4-1.


 

Some fields in the certificate builder are used differently depending on what function the user certificate and private key is generated for. The specific usage of all fields are described in Table 4-3.

Table 4-3 Description of the Fields in the Certificate Builder

Field

Description

Filename

Specifies the file names of the generated user certificate and private key pair.

Example:

If Filename is set to myApplication, your files will be named:

  • myApplication.key (the private key)

  • myApplication.der (the user certificate).

Domain ID

A descriptive name.

Country

The country BEA WebLogic Network Gatekeeper is located in.

Province

The province or state BEA WebLogic Network Gatekeeper is located in.

City

The city BEA WebLogic Network Gatekeeper is located in.

Name

Contact person at your organization.

E-mail

The contact person's e-mail address.

Start date

The first date (YYYY-MM-DD) the certificate will be valid.

End date

The last date (YYYY-MM-DD) the certificate will be valid.

Path

The path to the directory where the user certificate and private key will be stored. Only existing directories can be specified.

When importing a private key from a directory there must be only two files in the directory. That is, the private key and its user certificate. Therefore, it is recommended that you create a new directory for each pair of private key and user certificate you create.

Password

Defines a password that will be needed when importing the private key. Keep a note of the password, you will need it later.

Note that this is the private key's password. When you import the private key in the keystore, you will also need the keystore's password. The keystore's password is defined the first time you import a private key or user certificate in the keystore.

Using the certificate builder stand alone

Follow the instruction below to generate a user certificate and private key pair.

If you perform the task through an Network Gatekeeper Management Tool, remember that the user certificate and private key will be stored on the server the Network Gatekeeper Management Tool is connected to. That is, where the SLEE runs.

  1. Start the certificate builder.
    1. Open a command window.
  2. Go to the /usr/local/slee/bin/ directory.
  3. Start the certificate builder. Enter command: ./runCertBuilder.sh
  4. Enter the user certificate and private key data according to Table 4-3.
  5. Generate the user certificate and private key. Click the Build button.

    6. The user certificate and private key files are stored in the specified directory.

Using the certificate builder through an Network Gatekeeper Management Tool

Follow the instruction below to generate a user certificate and private key pair.

If you perform the task through an Network Gatekeeper Management Tool, remember that the user certificate and private key will be stored on the server the Network Gatekeeper Management Tool is connected to. That is, where the SLEE runs.

  1. Start an Network Gatekeeper Management Tool and log in.
  2. Select any SLEE.
  3. Double-click the cert_builder service.
  4. Double-click the buildCertificate method.
  5. Enter the user certificate and private key data according to Table 4-3.
  6. Click Invoke.

    7. The user certificate and private key files are stored in the specified directory.

 

Configuring the WebLogic Network Gatekeeper for SSL connections

Follow the instruction below to configure the WebLogic Network Gatekeeper for SSL. The task includes generating certificates an private keys.

Create certificates

  1. Follow the instructions given in Using the certificate builder through an Network Gatekeeper Management Tool or Using the certificate builder stand alone.

    2. Import the private key of the WebLogic Network Gatekeeper

  2. Double-click the Embedded_Tomcat service.
  3. Double-click the importServerKey method.
  4. Enter the password for the key, as defined when it was generated, in the
    keyPassword field.
  5. Enter the path to where the private key is located in the directory field.
  6. Click Invoke.

Now the WebLogic Network Gatekeeper's private key is imported to the WebLogic Network Gatekeeper's keystore and the WebLogic Network Gatekeeper is configured for SSL. In order setup an SSL connection for an individual application, continue with Setting up a one-way authenticated SSL connection or Setting up a two-way authenticated SSL connection, depending on the type of connection to use.

 

Setting up a one-way authenticated SSL connection

Follow the instruction below to setup a one-way authenticated secure SSL connection between an application and BEA WebLogic Network Gatekeeper. The task includes generating certificates an private keys, exchanging necessary certificates and to setup a HTTPS connection.

Configure the SSL connection when the WebLogic Network Gatekeeper acts as a server

This step is only necessary if the WebLogic Network Gatekeeper acts a server (provider of a a Web service). This is done for each application that shall use SSL connections.

Distribute certificates

  1. Distribute the WebLogic Network Gatekeeper's public certificate to the service provider hosting the application.

    2. Add an HTTPS connector

  2. Double-click the Embedded_Tomcat service.
  3. Double-click the addHTTPSConnector method.
  4. Enter parameters according to the table below.

Field

Type

Explanation

port

int

Port number for the HTPPS connection. Default port for HTTPS is 443.

acceptCount

int

Maximum number of connections to accept.

minThreads

int

Minimum number of threads to assign to Embedded Tomcat.

Recommended value is 20.

maxThreads

int

Maximum number of threads to assign to Embedded Tomcat.

Recommended value is 50.

sslClientAuth

boolean

If the SSLclient should be authenticated.

In the case of one-way authentication use FALSE.

In the case of two-way authentication use TRUE.

  1. Click Invoke.

Configure the SSL connection when the WebLogic Network Gatekeeper acts as a client

This step is only necessary if the WebLogic Network Gatekeeper acts a client (user of a a Web service). This is done for each application that shall use SSL connections.

Retieve certificates from the application

  1. Retrieve the application's public certificate.

    2. Note: The Certificate Builder can be used to generate the applications private key and public certificate.

    Import the application's certificate

  2. Start an Network Gatekeeper Management Tool and log in.
  3. Select any SLEE.
  4. Double-click the Embedded_Tomcat service.
  5. Double-click the importSingleUserCertificate method.
  6. Enter the path to where the application's public certificate is located in the directory field.

    7. Note: The directory must contain only the certificate.

  7. Enter the alias for the application's public certificate in the alias field. The alias must be unique.
  8. Click Invoke.

    9. Register HTTPS endpoints (Parlay X only)

  9. If using Parlay X, make sure that the URLs of the endpoints are registered as HTTPS addresses. The endpoints are registered in the SESPA layer of the respective service capability.
    Refer to section Optional - Enable network initiated call notifications for Parlay X and Optional - Enable incoming message notification for Parlay X SMS and MMS.

 

Setting up a two-way authenticated SSL connection

This is done for each application that shall use two-way authenticated SSL connectons.

Enable one-way authentication

  1. As a first step, set up a one-way authenticated SSL connection as described in Configure the SSL connection when the WebLogic Network Gatekeeper acts as a server.

    2. Retrieve the application's certificate

  2. Retrieve the file with the application's public certificate and store it in a directory that the WebLogic Network Gatekeeper has access to.

    3. Import the application's certificate

  3. Start an Network Gatekeeper Management Tool and log in.
  4. Select any SLEE.
  5. Double-click the Embedded_Tomcat service.
  6. Double-click the importSingleUserCertificate method.
  7. Enter the path to where the application's public certificate is located in the directory field.

    8. Note: The directory must contain only the certificate.

  8. Enter the alias for the application's public certificate in the alias field. The alias must be unique.
  9. Click Invoke.

Note: Make sure that the application import it's own private key.

 

Skip navigation bar  Back to Top Previous Next