Thursday, July 7, 2011

Enterprise Gateway (OEG) External Service Calls

I’ve had the opportunity recently to work with the Oracle Enterprise Gateway (OEG) for a DoD opportunity. For those that aren’t familiar, OEG is an OEM from Vordel. The definitive blog on Vordel is at http://xmlgateway.blogspot.com/ where our old friend Josh Bregman writes. There were a couple of patterns that emerged in my work that I wanted to post.

One pattern is the need to make an external call to a service. In my case, I needed to call to an attribute sharing service (See Chris’ blog on XASP for more details on one approach for this) and a XACML PDP. Note, OEG has an embedded PDP solution using Oracle Entitlements Server (OES) that provides a faster service, but in my case, I had to stay with the standards-based solution. This is very easy to accomplish with OEG with a 3-step circuit:







The Set Message defines the parameters of the request. In my case, I have an attribute service that takes a user DN and returns specified attributes.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Body>

<orafed-arxs:AttributeRequest xmlns:orafed-arxs="http://www.oracle.com/fed/ar/10gR3" TargetIDP="SpaceFenceIDP">

<orafed-arxs:Subject>cn=${user.cn},ou=${user.physicalDeliveryOffice},dc=service,dc=mil</orafed-arxs:Subject>

<orafed-arxs:Attribute Name="mail"/>

<orafed-arxs:Attribute Name="clearance"/>

</orafed-arxs:AttributeRequest>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

Notice the wildcards with ${variable}. These were attained earlier in the circuit with a “Retrieve from Directory Server” node after authentication to the Gateway. In the Policy Editor, create a policy and drag the Set Message onto the easel. Enter “text/xml” for the Content-type and optimally, import the request from a file, then save.








Setting the URL is very straightforward, just enter the URL and any trust certificates if necessary.

The response from the attribute service (Oracle Identity Federation in this case) is:

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Body>

<orafed-arxs:AttributeResponse CacheFor="1499" xmlns:orafed-arxs="http://www.oracle.com/fed/ar/10gR3">

<orafed-arxs:Status>Success</orafed-arxs:Status>

<orafed-arxs:Subject>cn=Jane Wilson,ou=CDC,dc=service,dc=mil</orafed-arxs:Subject>

<orafed-arxs:Attribute Name="mail">

<orafed-arxs:Value>jwilson@service.mil</orafed-arxs:Value>

</orafed-arxs:Attribute>

<orafed-arxs:Attribute Name="businessCategory">

<orafed-arxs:Value>Secret</orafed-arxs:Value>

</orafed-arxs:Attribute>

</orafed-arxs:AttributeResponse>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

Knowing this response format will help in parsing the response in OEG. When editing “Retrieve from Message”, re-name the node appropriately and select “Add” under the attribute location.





Name the attribute (arbitrary) and select magic wand button. Browse to the response file saved on disk, and you should see the contents in the XPATH Wizard. Select the node which you wish to have returned to the gateway.









Select “Use this path” and the XPath Expression should show up in the XPath field. Select OK. Name the attribute you want to populate in the gateway and save the node.

Debugging on OEG typically consists of adding a “Trace” node to your circuit and putting the listener in DEBUG or DATA mode. This gives you the “System.out” visibility into what’s going on in the Gateway.

Thanks to Dave Roberts from Vordel for getting me over the humps and for stealing second in 2004.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.