Wednesday, 25 January 2017

Webservice invocation failed, Unable to access the following endpoint(s) – Oracle SOA Suite 11g

Webservice invocation failed, Unable to access the following endpoint(s) – Oracle SOA Suite 11g:

Some of the time we used to receive the following exception while invoking the webservice endpoints in Oracle SOA 11g. There could be a multiple reason behind this exception.

This blog explains the different ways to narrow down the issue and to fix the issue.

An exception occured while invoking the webservice operation. Please see logs for more details.
oracle.sysman.emSDK.webservices.wsdlapi.SoapTestException: Unable to access the following endpoint(s): http://hostname:50000/XISOAPAdapter/MessageServlet?channel=:SalesForce:CC_Out_Soap_SFDC_order

Steps:-   

Ping the host name: 
    • If the host is alive then the connectivity looks fine

    •  If we received Unknown host error then verify whether the host entry is available in the server host  file for the host.


    •   If the host is configured to lookup by DNS server then verify the DNS server configuration.

Telnet to the server with the corresponding port:
    • If the telnet is success then the connectivity looks fine.
    •  If the telnet is failed then check the network connectivity between the server and the webservice host in that particular port

Check the webservice status:
    • If the network connectivity between the two servers are looks fine then check whether the webservice is up and running.
    • Some cases the status of the service in the target system shows as up and running but due to some internal errors with the service the source system may not able to connect to the target service . For e.g. sometime the client will not be able to connect to the Siebel services due to some internal table locking but the status of the service will be shown as up and running in Siebel system. 
Check the webservice authentication configured properly:
    • If the webservice up and running properly then check whether the service is protected with username/password. If the service is protected with username/password then check the username/password configuration in the composite.xml file. 
                    You will be receiving the same exception if the username/password is not configured properly. 

Sometimes we used to get the exception in the em console

oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): https://sap.int.com/XISOAPAdapter/MessageServlet?channel=*:Markets_Siebel_QA:CC_Out_Soap_SalesOrder

But the actual exception in the server log

Caused By: javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Verify the certificate installed properly in the server and also the certificate not expired.

Friday, 13 January 2017

Adding authentication to your webservice in SOA Suite 11G

When you build a component which has an exposed service, you want to make sure that it is secure. This means we have to apply authentication and authorization to the service in question. Lets see how we can get this done in the SOA Suite 11G (PS2).
First of all we have already created a webservice which we are going to expose in my example an EventDispatcher which sends out events using the EDN.
Now lets say we want to secure this webservice using WS-Security, the username-token variant. The only thing we need to do is to right-click the service and choose: Configure WS Policies
In the next screen you can choose different policies for your webservice but the one we are looking for in under security. Click the green + sign at the Security tab and choose: oracle/wss_username_token_service_policy.
Click OK and check that your policy is selected in the Security section. If so, click OK. This policy will now make sure that if you send a ws-s header with your request, it will be processed. Adding this policy can also be done in the Enterprise Manager by the way. Select you component under SOA and select the Policies tab. Here you can do the same.
Now al we need to do is to make a user of which the credentials will be checked when he/she wants to make use of this service..
Go to your Weblogic administration console and click on Security Realms.
Next click in on ‘myrealm’ and click on the ‘Users and Groups’ tab. Click ‘New User’ and enter the information for the user you want to authenticate. Make sure your password if 8 characters long and contains at least 1 number.

Click OK if you are ready. The next thing is to create a group of which the user is a member. Select the ‘Groups’ tab and click ‘New’. Now insert the info of your group.
If your done, click on OK. You can now use this user to check if we have access to the service. In SoapUI you can create configurations which you can use to call a webservice. Make one for the user you have just created.
Now let’s try to call the service without a security configuration. It should look something like this.
Now select the Test configuration


and make the call again. You should now get a proper response from the server. This is the end of part 1 of this small tutorial…..authentication of a webservice in SOA Suite 11g using ws-security. In the next post, I will show you how you can make sure only users which are a member of the created group, can make use of the service.

Calling a webservice using the wss-username-token policy from a SOA Suite composite

When you are building a composite using the SOA Suite you quite often want to call an external webservice. These services can have a form of security on them….wss-username-token in our example. To attach the policy to the service in the SOA Suite is quite straight forward.
  • Right-click the service in the ‘External Reference’ swimlane and click ‘Configure WS Policies’
  • Choose the correct policy under Security. In my case oracle/wss_username_token_client_policy
  • Next we need to supply a username and password. The easiest way is to go to the source of the composite.xml and add 2 properties to the binding. See below for an example. This will ensure you can call your service using ws-security:username-token.
1
2
3
4
5
6
7
8
9
<reference name="CardManagementService" ui:wsdlLocation="v1.wsdl">
    <interface.wsdl interface="http://www.rbx.nl/wsdl/cardmanagement/service#wsdl.interface(CardManagementServicePortType)"/>
    <binding.ws port="http://www.rbx.nl/wsdl/cardmanagement/service#wsdl.endpoint(CardManagementServiceQSService/CardManagementServiceQSPort)"location="v1.wsdl" soapVersion="1.2">
        <wsp:PolicyReference URI="oracle/wss_username_token_client_policy" orawsp:category="security" orawsp:status="enabled"/>
        <property name="weblogic.wsee.wsat.transaction.flowOption" type="xs:string" many="false">WSDLDriven</property>
        <property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">MyUsername</property>
        <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">MyPassword</property>
    </binding.ws>
</reference>