Search code examples
javasoaoracle-fusion-middlewareoim

How to configure xpath for OIM Webservice adapter?

I am trying to build a simple OIM Webservice adapter.

OIM -> calls ICF WS -> calls Partner Link WS

From BPEL, I have the following mapping

/ns2:create/userAccount/__PASSWORD__ -> /ns3:createUser/password

PASSWORD comes encrypted, so I've added a policy to decrypt the password before calling the Partner Link WS, as described here

The problem comes from this specific instruction from the OIM documentation

Configure the SOA composite in the composite.xml file. To do so, add the following entries within the tags of the webservice that requires password decryption.

The example provided in the documentation looks like this

<wsp:PolicyReference URI="oimcp/WS_CONNECTOR_OUTBOUND"
orawsp:category="security" orawsp:status="enabled"/>
<property name="passcode" type="xs:string">abcd1234</property>
<property name="password.field.xpath.locations"
type="xs:string">/ns6:ListOfUser/ns6:User/ns6:Password</property>
<property name="target.payload.namespaces"
type="xs:string">ns6=urn:/acme/xml/password</property>

target.payload.namespaces examples are provided by error messages when you provide something wrong

<12/03/2015 19h24min21s UTC> <Error> <oracle.soa.bpel.engine.ws>        
<BEA-000000> <got FabricInvocationException java.lang.IllegalArgumentException: 
target.payload.namespaces property validation failed.
Correct format is : ns1=http://a.com,ns2=http://b.com

Also, mr Grigoryev in this thread says

(...)the policy should be attached to the target partner link, not the connector composite(...)

which makes some sense. So I've tried several variations here, like

<property name="password.field.xpath.locations" type="xs:string">
/ns3:createUser/password
</property>
<property name="target.payload.namespaces" type="xs:string">
ns3=http://ws.xyz.com
</property>

but all I get in the process is a message like this

<12/03/2015 19h54min24s UTC> <Warning> <ORG.IDENTITYCONNECTORS.GENERICWS> 
<BEA-000000> 
<Node /soap:Envelope/soap:Body//ns3:createUser/password is null. 
Ignoring decryption of masked fields.>

And then, the request comes in the partner link with the password encrypted (which is useless).

How should I properly configure this thing? I could not find any decent example on the web. Even this example (from a question that is said "answered") is clearly wrong.

Solution

  • problem solved

    <wsp:PolicyReference URI="oimcp/WS_CONNECTOR_OUTBOUND" orawsp:category="security" orawsp:status="enabled"/>

<property name="passcode" type="xs:string">passcode</property>

<property name="password.field.xpath.locations" type="xs:string">/password</property>

<property name="target.payload.namespaces" type="xs:string">ns3=http://ws.xyz.com</property>

    see https://community.oracle.com/message/12947258