OSB - Proxy Service is SOAP, Business Service is REST, Security?

Question

• Proxy Service is SOAP - is secured using an OWSM usernameToken, so the request soap message has a username and password.

• (Middle step)

• Business Service is REST - Expects a username and password to be base64 encoded string.

So what I need to find out is how to do the Middle step:

Extract the username and password values from the soap header in the request message.

Then pass them in the correct format to the business service as HTTP Header: Authorization Basic username:password (NOTE: the username:password must be base64 encoded and look something like this XNNHKbjjkHJ=)

If you need any more clarification just ask.

Answer 1

Unfortunately there is no way to do this with configuration, but you have to add functionality in the message flow.

Answer 2

if you can extract the username and password from your proxy service, you can use a service Account to send username and password in a base 64 encoded format. A Service Account is a simple mechanism provided in OSB, which can help in securing both business Services and Proxy Services. the Good things is that the service accounts are re-usable.

Please let me know if you need any more information on this.

Oracle Documentation for Service Accounts: http://docs.oracle.com/cd/E14571_01/admin.1111/e15867/service_accounts.htm#OSBAG977