Oracle API Gateway User Guide
11g Release 2 (11.1.2.3.0)
Oracle API Gateway User Guide, 11g Release 2 (11.1.2.3.0)
Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. This documentation is in prerelease status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.
The information contained in this document is for informational sharing purposes only and should be considered in your capacity as a customer advisory board member or pursuant to your beta trial agreement only. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.
This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle Software License and Service Agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
27 May 2014
Contents
- 1. Getting Started
-
- API Gateway management with Policy Studio
- Start the API Gateway tools
- Configuring the Sample Policies
- Conversion Sample Policy
- Security Sample Policies
- Throttling Sample Policy
- Virtualized Service Sample Policy
- Stress Testing with Send Request (SR)
- Sending a Request with API Gateway Explorer
- License Acknowledgments
- 2. Managing Policies
-
- Configure policies from WSDL files
-
- Overview
- API Gateway as the web service initiator
- API Gateway as the web service recipient
- Import WSDL summary
- Import a WSDL file
- Configure a security policy
- Configure recipient security settings
- Configure initiator security settings
- Configure recipient policy filters
- Configure initiator policy filters
- Edit the recipient or initiator WS-Policy
- Configure a recipient WCF WS-Policy
- Remove security tokens
- Related information
- Configure policies manually
- Configure global policies
- Configure policy assemblies
- 3. Managing Deployments
-
- Manage API Gateway deployments
- Deploy API Gateway configuration
-
- Overview
- Create a package in Policy Studio
- Configure package properties in Policy Studio
- Deploy packages in Policy Studio
- Deploy a factory configuration in Policy Studio
- Deploy currently loaded configuration in Policy Studio
- Push configuration to a group in Policy Studio
- View deployment results in Policy Studio
- Deploy on the command line
- Deploy packages in API Gateway Manager
- Compare and merge API Gateway configurations
- Manage Admin users
- 4. General Configuration
- 5. API Gateway Instances
-
- Configure API Gateway instances
- Configure HTTP services
- Configure relative paths
- Configure virtual hosts
- Configure SMTP services
- Configure a file transfer service
- Policy execution scheduling
- Configure Amazon SQS queue listener
- Configure an FTP poller
- Configure directory scanner
- Packet sniffers
- Configure remote host settings
- Configure WebSocket connections
- Configure HTTP watchdog
- Configure conditions for HTTP interfaces
- Configure a POP client
- TIBCO integration
- Cryptographic acceleration
- Cryptographic acceleration conversation: request-response
- TIBCO Rendezvous listener
- 6. External Connections
-
- External connections
-
- Overview
- Authentication repository profiles
- Client credentials
- Connection sets
- Database connections
- ICAP servers
- JMS services
- Kerberos connections
- LDAP connections
- Proxy servers
- RADIUS clients
- SiteMinder
- SMTP servers
- SOA security manager
- Syslog servers
- TIBCO
- Tivoli
- URL connection sets
- XKMS connections
- Authentication repository
-
- Overview
- Axway PassPort repositories
- CA SiteMinder repositories
- Database repositories
- Entrust GetAccess repositories
- Local repositories
- LDAP repositories
- Oracle Access Manager repositories
- Oracle Entitlements Server 10g repositories
- RADIUS repositories
- RSA Access Manager repositories
- Tivoli repositories
- Axway PassPort Authentication Repository
- Configuring client credentials
- Configure Sentinel servers
- Database Connection
- Database Query
- Configuring ICAP Servers
- JMS Services
- Kerberos Clients
- Kerberos Principals
- Kerberos Services
- Kerberos Keytab
- Configuring LDAP Directories
- Proxy Servers
- RADIUS Clients
- SiteMinder/SOA Security Manager Connection
- SMTP Servers
- TIBCO Rendezvous Daemon
- XKMS Certificate Validation Connection
- 7. Resources and Libraries
-
- Manage certificates and keys
- Manage API Gateway users
- Manage WSDL and XML schema documents
-
- Overview
- Structure of the global cache
- View cached WSDL or XML schema documents
- Add XML schemas to the cache
- Add WSDL documents to the cache
- Update cached WSDL or XML schema documents
- XML schema and WSDL document validation
- XML schema and WSDL document limitations
- Version and duplicate management
- Validate messages against XML schemas
- Test a WSDL for WS-I compliance
- Global caches
- Cross-Origin Resource Sharing
- 8. Amazon Web Services Filters
- 9. Attribute Filters
-
- Compare attribute
- Extract REST request attributes
- Extract WSS timestamp
- Extract WSS UsernameToken element
- Extract WSS header
- Get cookie
- Insert SAML attribute assertion
- LDAP attribute authorization
- Retrieve attribute from database
- Retrieve attribute from directory server
- Retrieve attribute from HTTP header
- Retrieve attributes from JSON message
- Retrieve attribute from message
- Retrieve attribute from SAML attribute assertion
- Retrieve attribute from SAML PDP
- Retrieve attribute from user store
- 10. Authentication Filters
-
- Attribute Authentication
- Authenticate API Key
- CA SOA Security Manager Authentication
- HTML Form-based Authentication
- HTTP basic authentication
- HTTP digest authentication
- HTTP Header Authentication
- IP Address
- SAML Authentication
- SAML PDP Authentication
- Insert SAML Authentication Assertion
- Insert Timestamp
- Insert WS-Security Username Token
- Kerberos Client Authentication
- Kerberos Service Authentication
- SSL Authentication
- Security Token Service Client
- WS-Security Username Authentication
- 11. Authorization Filters
-
- RSA Access Manager Authorization
- Attribute Authorization
- Axway PassPort Authorization
- CA SOA Security Manager Authorization
- Certificate Attributes
- Entrust GetAccess Authorization
- Insert SAML Authorization Assertion
- Management Services RBAC filter
- SAML Authorization Assertion
- SAML PDP Authorization
- Tivoli Authorization
- Retrieve Attributes from Tivoli
- XACML Policy Enforcement Point
- 12. CA SiteMinder Filters
- 13. Certificate Filters
- 14. Cache Filters
- 15. Content Filters
-
- Scan with ClamAV anti-virus
- Content type filtering
- Content validation
- HTTP header validation
- Send to ICAP
- Scan with McAfee anti-virus
- Message size filtering
- Query string validation
- Schema validation
- JSON schema validation
- Scan with Sophos anti-virus
- Threatening content
- Throttling
- Validate selector expression
- Validate REST request
- Validate timestamp
- Verify the WS-Policy security header layout
- XML complexity
- 16. Conversion Filters
-
- Add HTTP Header
- JSON Add Node
- Add XML Node
- Contivo Transformation
- Multipart Bodypart Conversion
- Create Cookie
- Create REST Request
- Set HTTP Verb
- Insert MTOM Attachment
- JSON to XML
- Extract MTOM Attachment
- Load File
- Remove Attachments
- Remove HTTP Header
- JSON Remove Node
- Remove XML Node
- Restore Message
- Store Message
- Set Message
- XSLT Transformation
- XML to JSON
- 17. Encryption Filters
- 18. Integrity Filters
- 19. Fault Handler Filters
- 20. Monitoring Filters
- 21. Oracle Access Manager Filters
- 22. Oracle Entitlements Server Filters
- 23. Resolver Filters
- 24. Routing Filters
-
- Getting Started with Routing Configuration
-
- Overview
- Proxy or Endpoint Server
- Service Virtualization
- Choosing the Correct Routing Filters
- Case 1: Proxy without Service Virtualization
- Case 2: Proxy with Service Virtualization
- Case 3: Endpoint without Service Virtualization
- Case 4: Endpoint with Service Virtualization
- Case 5: Simple Redirect
- Case 6: Routing on to an HTTP Proxy
- Summary
- Call Internal Service
- Connection
- Connect to URL
- Dynamic Router
- Extract Path Parameters
- File Download
- File Upload
- HTTP Redirect
- HTTP Status Code
- Insert WS-Addressing
- Messaging System Filter
- Read WS-Addressing
- Rewrite URL
- Save to File
- SMTP Routing
- Static Router
- TIBCO Rendezvous Routing
- Wait for Response Packets
- 25. Security Service Filters
- 26. WS-Trust Filters
- 27. Utility Filters
-
- Abort Filter
- Check Group Membership
- Configuration Web Service
- Copy/Modify Attributes
- Evaluate Selector
- Execute External Process
- False Filter
- HTTP Parser
- Insert BST
- Invoke Policy per Message Body
- Locate XML Nodes
- Pause Filter
- Policy Shortcut
- Policy Shortcut Chain
- Quote of the Day
- Reflect Message Filter
- Reflect Message And Attributes Filter
- Remove Attribute
- Set Response Status
- Set Attribute
- String Replace Filter
- Switch on Attribute Value
- Time Filter
- Trace Filter
- True Filter
- 28. Web Services Filters
- 29. Extending Filters
- 30. Configuring Common Settings
-
- Certificate Chain Check
- Certificate validation
- Compressed Content Encoding
- Configuring Connection Groups
- Configuring Cron Expressions
- Signature Location
- Configuring a Transparent Proxy
- Retrieving WSDL files from a UDDI registry
- Connecting to a UDDI registry
- Publishing WSDL files to a UDDI registry
-
- Overview
- Finding WSDL files
- Publishing WSDL files
- Step 1: Enter virtualized service address and WSDL URL for publishing in UDDI registry
- Step 2: View WSDL to UDDI mapping result
- Step 3: Select a registry for publishing
- Step 4: Select a duplicate publishing approach
- Step 5: Create or search for business
- Step 6: Publish WSDL
- LDAP User Search
- Configuring URL Groups
- What To Sign
- Configuring XPath Expressions
- 31. Reference