| Oracle® Communications Service Broker Subscriber Store User's Guide Release 6.0 Part Number E23529-02 | 
 | 
| 
 | View PDF | 
This chapter describes how to configure the SOAP endpoint settings that control how clients access the Subscriber Provisioning API served by Oracle Communications Service Broker.
By default, Service Broker is not configured to serve Subscriber Provisioning API requests. You must configure SOAP endpoint settings to enable the service.
The general configuration tasks for enabling the Subscriber Provisioning API service are as follows:
Enable HTTP network access by opening an HTTP listening port.
Configure common SOAP connection settings.
Configure specific end point settings for SOAP and the Subscriber Provisioning service end point.
Add an incoming routing rule that directs requests to the Subscriber Provisioning service application.
Test the connection.
The following steps provide more information about performing the configuration.
General HTTP connection and Web service settings are also used by other Service Broker features. In some cases, parts of the following configuration may already exist in your Processing Domain, depending on the features that have been implemented.
Client connections to the Subscriber Provisioning API are subject to the security requirements applicable to the underlying HTTP connection. That is, if the HTTP port on which Service Broker serves the Subscriber Provisioning API requires HTTP Basic Authentication credentials, SOAP requests to the service must meet the same requirement.
In addition, you can apply Web service-specific requirements for the port. For example, you can configure SOAP-specific timeout settings or authentication requirements. Service Broker supports SOAP authentication in the form of WSSE UsernameToken authentication.
Web service connection settings are configurable by Service Broker application. For example, you can use UsernameToken authentication for the Subscriber Provisioning service API while using Basic Authentication for the Top-Up service API.
Service Broker SOAP Web Services supports UsernameToken authentication as defined by the Basic Security Profile standard:
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#UsernameToken
When UsernameToken authentication is enabled, each SOAP request must contain a valid UsernameToken security element. The element must include a password that matches the password of the specified credential in the Service Broker credential store.
The following sections include procedural information for configuring security for both the HTTP connection and for the Subscriber Provisioning service end point. For general information about securing the Service Broker implementation, see Oracle Communications Service Broker System Administrator's Guide.
Service Broker serves the Subscriber Provisioning API over an HTTP listen port you open in the Signaling Tier domain.
To configure HTTP connectivity for the Subscriber Provisioning API:
In the navigation tree, expand OCSB.
Expand the Signaling Tier node.
Expand the SSU Web Services node.
Click the General item.
Select the HTTP tab.
In the Server subtab, select the Network Access subtab.
Click New.
In the dialog box, set the properties for the HTTP listener as follows:
Server Address: The local IP address or host name to which the port is bound. This should be the address of the Signaling Tier server or server cluster in your deployment.
Server Port: An available listening port on Service Broker serves API client requests, such as 8989. This is the port number on which the Signaling Tier servers will listen for incoming HTTP requests to the Subscriber Provisioning API.
Protocol: The protocol used by the service. Choose HTTPS for secure HTTP or HTTP for unsecured HTTP. Oracle recommends using HTTPS for production deployments.
SSL Client Auth: Whether SSL client certificate authentication is required for the connection. Enter false to disable SSL client certificate authentication, or true to require it. Enter true only if using HTTPS for the Protocol, in which case you will also need to set the key store and trust store identifiers.
Keystore Id: The key you used when loading the keystore in the Credential Store. Use only with HTTPS. If you are using HTTP, this field can be left blank. If you have not already, load the keystore associated with the ID into the credential store. See Oracle Communications Service Broker System Administrator's Guide for more information about the credential store.
Truststore Id: The key you used when loading the trust store into the Credential Store. Use only with HTTPS. If using HTTP, this field can be left blank. See Oracle Communications Service Broker System Administrator's Guide for more information about the credential store.
Target: The managed server to which this configuration applies. Leave blank to apply the configuration to all managed server in the deployment. Specify a managed server name only if you want custom settings for individual managed servers.
Click OK.
For more information, see the discussion of routing rules for the Web Services Signaling Server Unit (SSU) in Oracle Communications Service Broker Signaling Domain Configuration Guide.
The Subscriber Provisioning service end point settings specify the URI path at which Service Broker serves API requests. It also defines specific connection settings for the path.
The Signaling Tier domain contains a pre-configured Subscriber Provisioning end point definition, which you should verify and modify if needed.
To verify and modify the pre-configured end point settings for the Subscriber Provisioning service:
In the Administration Console interface navigation tree, expand the OCSB node.
Expand the Signaling Tier node.
Expand SSU Web Services node.
Click the Subscriber Provisioning item.
In the End Point tab, select the existing Subscriber Provisioning configuration.
Click the Update button.
In the dialog box, configure the following properties:
URI: The path of the Subscriber Provisioning API service relative to the root SOAP path. By default, the path is:
/SubscriberProvisioning
Implementation Class: The class that implements the Subscriber Provisioning API service. Unless you have implemented a custom service class, the value should be the following default value:
oracle.ocsb.app.rcc.service.subscriber_store.ws.SubscriberProvisioningService
Authentication Method: Whether Service Broker authenticates incoming SOAP requests. Set to either:
NONE: Specifies no authentication by the endpoint. Choose this option to rely on the authentication mechanism of the underlying HTTP connection (such as Basic Authentication or client certificate authentication) or to bypass authentication requirements.
USERNAME_TOKEN for WSSE UsernameToken password authentication.
credentialKey: If using UsernameToken password authentication, the credential key for the password. The credential key is the identifier for this credential in the credential store.
If you have not already done so, store the password for the UsernameToken credential in the credential store.
The UsernameToken password should be stored in the Credential Store as a one-way credential. It is used to validate incoming credentials and not added to outgoing requests. See Oracle Communications Service Broker Installation Guide for more information about the Credential Store.
Click OK.
The new settings appear in the end point definition.
An incoming routing rule controls how Service Broker Signaling Tier route incoming messages to the Service Broker application or interworking module.
To create the incoming routing rule for the Subscriber Provisioning service:
In the navigation tree, expand OCSB.
Expand the Signaling Tier node.
Expand the SSU Web Services node.
Click the General item.
Click the SSU WS tab.
Select the Incoming Routing Rules subtab.
Click the New button.
In the dialog box, set the incoming routing rules as follows:
Name: A unique name for the incoming routing rule. You can choose any descriptive name.
Service Name: Set this value to SubscriberService, the internal service identifier for the Subscriber Provisioning service.
Alias: Set this value to ssu:ocsb/provisioning, the internal application address for the Subscriber Provisioning service application.
Click OK.
After committing the changes to the configuration, restart the managed servers to have the new settings take effect. You can then access the WSDL for the Subscriber Provisioning service (as described in "Testing Web Service Access").
For more information on the Web Services SSU settings, see Oracle Communications Service Broker Signaling Domain Configuration Guide.
You can test your HTTP and Web service connectivity configuration from a Web browser by navigating to the Subscriber Provisioning WSDL. Before starting, ensure that you have committed your configuration changes to the running servers in your environment.
To navigate to the WSDL, go to the following address:
http://host:port/soap/SubscriberProvisioning?wsdl
Where host is the host name or IP address and port is the server port number you specified as the server address (as described in "Enabling HTTP Network Access").
If the WSDL is accessible, you can start developing your API client applications. Many integrated development environments (IDEs) can generate client code you can use as a starting point for your application by importing the WSDL into the IDE.
If the WSDL is not accessible, you can test the HTTP port by navigating to the service index page, at the following address:
http://host:port/soap
The page lists the SOAP interfaces exposed in the domain. If unavailable, double-check your Web Services SSU configuration.
In addition, you can view the server.log file at the following location to identify run-time configuration errors, such as listening port conflicts.
Oracle_home/ocsb/managed_server