I am trying to build a simple OIM Webservice adapter.
OIM -> calls ICF WS -> calls Partner Link WS
From BPEL, I have the following mapping
/ns2:create/userAccount/__PASSWORD__ -> /ns3:createUser/password
PASSWORD comes encrypted, so I've added a policy to decrypt the password before calling the Partner Link WS, as described here
The problem comes from this specific instruction from the OIM documentation
Configure the SOA composite in the composite.xml file. To do so, add the following entries within the tags of the webservice that requires password decryption.
The example provided in the documentation looks like this
<wsp:PolicyReference URI="oimcp/WS_CONNECTOR_OUTBOUND"
orawsp:category="security" orawsp:status="enabled"/>
<property name="passcode" type="xs:string">abcd1234</property>
<property name="password.field.xpath.locations"
type="xs:string">/ns6:ListOfUser/ns6:User/ns6:Password</property>
<property name="target.payload.namespaces"
type="xs:string">ns6=urn:/acme/xml/password</property>
target.payload.namespaces examples are provided by error messages when you provide something wrong
<12/03/2015 19h24min21s UTC> <Error> <oracle.soa.bpel.engine.ws>
<BEA-000000> <got FabricInvocationException java.lang.IllegalArgumentException:
target.payload.namespaces property validation failed.
Correct format is : ns1=http://a.com,ns2=http://b.com
Also, mr Grigoryev in this thread says
(...)the policy should be attached to the target partner link, not the connector composite(...)
which makes some sense. So I've tried several variations here, like
<property name="password.field.xpath.locations" type="xs:string">
/ns3:createUser/password
</property>
<property name="target.payload.namespaces" type="xs:string">
ns3=http://ws.xyz.com
</property>
but all I get in the process is a message like this
<12/03/2015 19h54min24s UTC> <Warning> <ORG.IDENTITYCONNECTORS.GENERICWS>
<BEA-000000>
<Node /soap:Envelope/soap:Body//ns3:createUser/password is null.
Ignoring decryption of masked fields.>
And then, the request comes in the partner link with the password encrypted (which is useless).
How should I properly configure this thing? I could not find any decent example on the web. Even this example (from a question that is said "answered") is clearly wrong.
problem solved
<wsp:PolicyReference URI="oimcp/WS_CONNECTOR_OUTBOUND" orawsp:category="security" orawsp:status="enabled"/>
<property name="passcode" type="xs:string">passcode</property>
<property name="password.field.xpath.locations" type="xs:string">/password</property>
<property name="target.payload.namespaces" type="xs:string">ns3=http://ws.xyz.com</property>