The sample domain that is provided with the Network Gatekeeper SDK can be used directly. Separate domain configuration is unnecessary.
Launch the GUI Installer - Windows
If you are using the GUI-based installer on a Windows machine, do the following:
Log in to the Windows system.
Go to the directory where you have copied the installation program. You acquire this program either from a WebLogic Network Gatekeeper SDK CD or the Download Center.
If you are using Explorer to find the file, double-click the installation file, wlng_sdk300_win32.exe
If you are using the console window to find the file, enter the following command:
wlng_sdk300_win32
Note:
You can also include the -log=full_path_to_log_file option in the command line to create a verbose installation log. For example:
If you are using the GUI-based installer on a UNIX/Linux machine, do the following:
Log into the target UNIX system
Go to the directory where you have copied the installation program. You acquire this program either from the WebLogic Network Gatekeeper SDK CD or the Download Center.
Launch the installation by entering the following commands:
The installation program prompts you to enter specific information about your system and configuration. For instructions on responding to the prompts during installation, see the following table.
In this window...
Perform the following action...
Welcome
Click Next to proceed with the installation. You may cancel the installation at any time by clicking Exit.
BEA License Agreement
Read the BEA Software License Agreement and indicate your acceptance of the terms of the agreement by selecting Yes. To continue with the installation, you must accept the terms of the license agreement and then click Next.
Choose BEA Home Directory
Specify the BEA Home directory that will serve as the central support directory for all BEA products installed on the target system. If you already have a BEA Home directory on your system, you can select that directory (recommended) or create a new BEA Home directory. If you choose to create a new directory by typing a new directory name in the BEA Home Directory field, the installation program automatically creates one for you. You can also click Browse and select a directory from the BEA Home Directory Selection window.
Choose Product Installation Directory
Specify the directory in which you want to install the Network Gatekeeper software. This is the directory from which information will be copied during the domain configuration phase. Once you have chosen your directory, click Next. You can accept the default product directory (sdk300) or create a new product directory.
Choose Shortcut Location
This window is displayed only under the following conditions:
You have Administrator privileges.
You are performing an initial installation.
You are installing on a Windows platform.
Specify the Start menu folder in which you want the Start menu shortcuts created. You can select from the following options:
All Users Start menu folder
Selecting this option provides all users registered on the machine with access to the installed software. However, only users with Administrator privileges can create shortcuts in the All Users folder. Therefore, if a user without Administrator privileges uses the Configuration Wizard to create domains, Start menu shortcuts to the domains are not created. In this case, users can manually create shortcuts in their local Start menu folders, if desired. Press ALT+Y on the keyboard to select the All Users Start Menu.
Local user's Start menu folder
Selecting this option ensures that other users registered on this machine will not have access to the Start menu entries for this installation. Press ALT+N on the keyboard to select the Local User's start menu.
Status
Read the information displayed about BEA products and services. When the installation program has finished copying the specified files to your system, click Next.
Installation Complete
Specify whether you want to run the QuickStart application. QuickStart, designed to assist first-time users in evaluating, learning, and using the software, provides quick access to domain configuration wizard. Clear the check box for this option if you do not want to launch QuickStart.
Unless you wish to make changes to the standard sample domain, a separate domain configuration is not necessary.
Note:
When you install and configure WebLogic Network Gatekeeper SDK, a temporary 90 day evaluation license is generated for you automatically. You are responsible for acquiring a permanent license for your installation. Contact your Local BEA Sales Representative or Order Management Representative and they will assist you in acquiring the appropriate license.
Setting up WS-Policy
One of the first things you must do in setting up Network Gatekeeper SDK is to establish Web Services security. Web Services security controls Network Gatekeeper Simulator's interactions with Application Service Providers
Web Services Security
Web Services Security provides end-to-end message-level security for web services through an implementation of the WS-Security standard. WS-Security defines a mechanism for adding three levels of security to SOAP messages:
Authentication tokens. WS-Security authentication tokens lets an application provide a user name and password or X509 certificate for the purpose of authentication headers.
XML encryption. WS-Security's use of W3C's XML encryption standard enables the XML body or portion of it to be encrypted to ensure message confidentiality.
XML digital signatures. WS-Security's use of W3C's XML digital signatures lets the message be digitally signed to ensure message integrity. The signature is based on the content of the message itself (by applying a hash function and public key), so if the message is altered en route, the signature becomes invalid.
Network Gatekeeper uses WebLogic Server mechanisms for Web Services security- see:
Message level security for SOAP messages is achieved by applying WS-Security and WS-Security policy standards. Authentication is handled transparently by WS-Security and subsequently by the configured authentication providers and login modules of the WebLogic Security framework. WS-Security also supports signing and encrypting a message by providing a security token hierarchy associated with the keys used for signing and encryption (for message integrity and confidentiality).
The following steps outline the general WebLogic security configurations that have to be performed, either automatically using a script or manually from the Administration Console.
Configure Policies for WS-Security as described below.
If using SAML tokens, configure WebLogic SAML Identity Assertion Provider which authenticates users based on SAML assertions and SAML credential mapping provider. A SAML Identity Assertion Provider is required only if you are using SAML assertions.
Configuration workflow: Policies for WS-Security
This section outlines how to apply an existing WS-Policy and where to find more information about creating and using custom WS-Policies.
Apply a WS-Policy to a Web Service: Quick start
This section outlines how to apply a WSSE policy to a Web Service endpoint in the Network Gatekeeper Simulator.
Click on a Web Service to apply Web Services security to, for example SendSmsService. All Web Services are named according to the interface they implement.
This shows the page Settings for <Web Service>
Click the Configuration tab.
Click WS-Policy sub-tab.
Click Service endpoint <Web Service>.
Choose which security policy to apply for the endpoint:
Move it to the list in Chosen Endpoint Policies by clicking on the arrow button.
When the WS-Policy files have been chosen, click OK.
In the Save Deployment Plan Assistant you choose where to store the deployment plan.
Apply the changes.
Note:
Applying a security policy to a Web Service establishes, by default, both inbound and outbound security policies. Because there is no way for Network Gatekeeper Simulator to know what security policies may be required by a client to which it is returning a notification, outbound security must be turned off. If you wish to secure the link by which Network Gatekeeper Simulator returns notifications, you should use SSL.
Note:
To turn off outbound security associated with a particular WS-Policy file, you must edit the plan.xml file that is created when you attach Policy to a Web Service, as in step 8 above. Make sure the <value> element is set to inbound as in the following stanza:
WS-Policy files can be used to require applications clients to authenticate, digitally encrypt, or digitally sign SOAP messages. Out-of-the-box Network Gatekeeper supplies files to do those three things, respectively: auth.xml, encrypt.xml, and sign.xml. If the built-in WS-Policy files do not meet your security needs, you can build custom policies.
WS-Policy assertions are used to specify a Web Services' requirements for digital signatures and encryption, along with the security algorithms and authentication mechanisms that it requires, for example Policy for SAML.