(Chapter 24, section 4)
This section addresses our ability to make our services call out to secured services. SOA composites references and Service Bus business services invoke internal and external services that may require communication over SSL and authentication using a username token to also enforce role based authorization. We will discuss in this section how we can leverage OWSM policies in an outbound direction to handle the security aspects of the interaction with the invoked service. The Service Key provider that we can use with Service Bus provides a means to use a predefined identity for calls to secured services.
Configuration of (outbound) OWSM policies and special actions with regard to passing identity in service calls are the primary topic.
The sources for this section are found in folder ch24.
Blog by Edwin Biemond: Do SAML with OWSM
Edwin Biemond on HTTP Basic authentication with SOA Suite 11g
Again, Edwin Biemond: The things you need to do for OWSM 11g policies
Web Services Manager – OWSM