API Gateway (OAG) : Concept & marriage with SOA & Mobile by Sudipto Desmukh

clip_image002

Oracle API Gateway is a standards-based, policy-driven, standalone software security solution that provides first line of defense in Service-Oriented Architecture (SOA) environments.

It enables organizations to securely and rapidly adopt Cloud, Mobile and SOA Services by bridging the gaps and managing the interactions between all relevant systems.

Oracle Web Services Manager(OWSM) is generally used for application security of a particular service,most customers have any use cases around DMZ or Perimeter Security for Web Services. This product serves as a part of the enterprise security solution.

This would be typically for customers needing access to web services from the internet, similar to how we access a web application. OAG can do a  lot of validations
and route the requests only once those checks have passed. This may also be a typical use case for Mobile Applications which use REST Web Services at the backend.

I have seen a strong value in this security product for all SOA and Mobile projects.

Here’s a high-level request flow :

There are many advantages that OAG can provide :

–   Authentication, Authorization (Leverages existing LDAP like AD ; existing IDM platforms for this – RSA AM, CA Site Minder, Oracle Access Mgr) Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

About Jürgen Kress
As a middleware expert Jürgen works at Oracle EMEA Alliances and Channels, responsible for Oracle’s EMEA Fusion Middleware partner business. He is the founder of the Oracle SOA & BPM and the WebLogic Partner Communities and the global Oracle Partner Advisory Councils. With more than 5000 members from all over the world the Middleware Partner Community is the most successful and active community at Oracle. Jürgen manages the community with monthly newsletters, webcasts and conferences. He hosts his annual Fusion Middleware Partner Community Forums and the Fusion Middleware Summer Camps, where more than 200 partners get product updates, roadmap insights and hands-on trainings. Supplemented by many web 2.0 tools like twitter, discussion forums, online communities, blogs and wikis. For the SOA & Cloud Symposium by Thomas Erl, Jürgen is a member of the steering board. He is also a frequent speaker at conferences like the SOA & BPM Integration Days, JAX, UKOUG, OUGN, or OOP.

2 Responses to API Gateway (OAG) : Concept & marriage with SOA & Mobile by Sudipto Desmukh

  1. Anil says:

    Hi,

    Its valuable post and i have an issue with OAG, if possible could you please help me in solving the below issue.

    – OSB proxy used to check for the balance and fund transfer.
    – Whenever we try testing the service, OSB proxy will send request to OAG to get the Authorization token.
    – OSB successfully sends request and OAG fetching the token from STS but while sending response from OAG to OSB is failing.
    – We are working in cluster environment, and this request and response is working fine in OSB1 of production and both servers in UAT environment, and the issue lies only in OSB2 of production environment.
    – And nothing working in PROD backup environment, means, in both OSB1 and OSB2.
    – It’s the same configuration and project that we have imported/migrated from UAT to Production and in PROD backup.

    Error log from OAG:

    “ErrorCode” : “Unexpected error”,
    “ErrorDescription” : “An unexpected error occoured with error id 9b8bfbb4-2948-49df-9b72-ae5b96b602ad. Please contact support”,

    Error log from OSB:

    OSB-382568
    OSB JavaScript action failed: TypeError: undefined is not an xml object. (<OSB JavaScript expression>#7)

    PreTransferValidation Node
    request-a004b01.N30efd8d4.0.15bf910c212.N6d90
    TokenValidation
    request-pipeline

Leave a Reply to Jürgen Kress Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: