Is it possible to configure Oracle SOA composite service for authentication by client certificate? For instance, we have Oracle composite service and WCF service. Composite service should be ensured that only clients with valid certificate have access. How does it should be configured?
You can configure 2-way SSL on weblogic server which hosts Oracle SOA suite. This ensures that only certified clients can make use of your service.
Other option is to use OWSM policies which can be configured for each service. Here is a good link to start with
http://docs.oracle.com/cd/E15523_01/integration.1111/e10226/soacompapp_secure.htm
Related
I have a spring boot application which runs on Azure Kubernetes Service and it exposes a private IP, using this IP I have configured this API on Azure API Manager. All the traffic will be coming to this spring boot application via API manager. Client to APIM connection is secured with SSL certificate coming from azure API manager. But from API manager to back end API application is not secured it is plain http. Is there any security issues for this architecture?
For your situation, since you already use SSL certificate to protect your APIM, I think the architecture is no problem even though there isn't any security configuration between APIM and backend api. APIM will not expose your backend, so others can't get your backend IP or backend url according to the APIM. So I think you do not need to add any other security configuration for your architecture.
For the comment about Azure AD mentioned by Tiny, you can also use Azure AD to protect your api or APIM, but I think it is unnecessary.
I am creating a Spring Boot application with oauth2 (openid Connect with ADFS) authentication.
The application's server and the ADFS server reside in two different private networks that cannot communicate with each others.
The client (web browser) resides in a third network that can connect to the two others.
Is it possible to set up open id in this configuration?
I cannot figure out how to configure the SpringBoot application to avoid communication between the two servers, like it is with Saml for instance.
you could consider to use OpenID Connect implicit flow which avoids direct communication between application server and identity provider.
I have couple of spring boot applications which constitute a micro service architecture and need to use WSO2 IS(which is hosted on CLOUD) authentication for authenticating the services(service to service authentication).
I could not find any sample program with Spring oauth2 client crdential grant with WSO2 Identity server combination yet.
Any direction would be of help.
Check the link below. It guides you to achieve your requirement step-by-step.
https://medium.com/#balaajanthan/oauth2-login-for-spring-boot-application-with-wso2-identity-server-da0a88893987
I am creating a Spring Boot integration with Tomcat for Soap WebService application
We are calling other Soap WebServices inside it, which are running in https protocol.
Could you please help me how to config SSL for external servers?
First of all, if these external servers have their own legal trusted certificates, you don't need to do anything.
But if not and you trust these external servers, you can skip certificates verification for those servers as How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?.
Or just skip specific host as SSLHandshakeException: No subject alternative names present.
Wish it could help.
We are implementing a web service on WCF. The service is consumed by Oracle weblogic. Communication is done through mutual authentication over HTTPS. The only way the communication is successful is when JSSE is enabled on Weblogic server. However this makes other web services incompatible. Is there a way to enable JSSE on the web service level instead of the server level?
In other words, we need the Weblogic server to enable JSSE only for this specific web service.