Service Accounts in OSB

Service Account is an authentication feature provided by Oracle Service Bus. This feature can be used when an outbound proxy/business service connection or a local/remote resource connection like JMS/FTP/SFTP authentication is needed.

The configuration can be done by entering user names and password for this service account which resides in the Security Configuration module of the Oracle Service Bus Console.

OSB provides 3 types of service accounts below:

  • Static: The specified credentials will be encoded in outbound request.
  • Pass-through: The specified credentials in the custom token will be used for outbound WS-Security Username Token authentication.
  • Mapping: The credentials mentioned in the inbound request will be mapped to other credentials that are remote.

The Service Account can be used during the design time or at the runtime in the message flow of the business service.

Creating and Using Service Account in Design Time:

In this section we will have a look at how to create and use the service account in the design time while creating the business service.

1)    Create a simple proxy and route it to the business service.

2)    Select Project Explorer, then select a project or folder in which to add the service account. The Project/Folder View page is displayed.

3)    From the Create Resource list, select Service Account to display the Create a New Service Account page.

Service Account – Cap.1

Service Account – Cap.1

Service Account – Cap.2

Service Account – Cap.2


4)    In the Resource Name field, enter a unique name for this service account.

Service Account – Cap.3

Service Account – Cap.3

5)    In the Resource Description field, enter a description for the service account.

Service Account – Cap.4

Service Account – Cap.4

6)    Under Resource Type, do one of the following: Pass Through, Basic or Mapping.

Service Account – Cap.5

Service Account – Cap.5

7)    If you choose Pass Through, you can continue with Last

8)    if you click Static , you should keep on with Next button. Then, Enter the user name and password in the User Name field, Password, and Confirm Password fields.

Service Account – Cap.6

Service Account – Cap.6

Service Account – Cap.7

Service Account – Cap.7


9)    To create a service account that maps the user name from one or more clients to user names and passwords that you specify, do the following:

  • Click Next.
  • In the Enter Authorized Remote User table, do the following:
    • In the Remote User Name, Password, and Confirm Password fields, enter the user name and password that you want to send in outbound requests.
    • Click Add. The user mapping is added to the Remote Users table.
    • (Optional) Add additional remote users in the Enter Authorized Remote User table.
Service Account Map

Service Account Map

  • Click Next.
  • To map authorized clients to remote user names and passwords, do the following in the Enter Authorized Local User table:
    • In the Local User Name field, enter the name that identifies a client that has been authenticated on its inbound request.
    • If you have not already added this user in the Security Configuration module of the Oracle Service Bus Console, do so before you use this mapping in a runtime environment. Oracle Service Bus lets you create a mapping for a non-existent local user, but the mapping will never match an authenticated user and will never be used.
    • From the Remote User Name list, select the user name that you want to send in outbound requests for the authenticated user you specified in the Local User Name field.
    • Click Add.
  • Click Last.

10)  Find the service to use service account.

Service Account – Cap.8

Service Account – Cap.8

11) In HTTP Transport Configuration tab, Create session and add Authentication for  service account.

12) Finally, In authentication tab, choose basic. Browse service account, then Click Last , Save and Activate.


About the Author

Ayten Sarifakioglu is a Middleware Consultant and works onsite at Turk Telekom, Ankara. She daily operates high level, mission critical OSB and SOA domains successfully.

1 Enlightened Reply

Trackback  •  Comments RSS

  1. Niren Bhattarai says:

    Hello Ayten, I really liked your post. I have a unique scenario. I have 2 weblogic servers running WebTier and OSB in one and EJB(Backend businness) running in another one.

    My EJB(Backendservices) is based on usertokename webservice policy.So in order to work with that, I had to configure OWSM policy via Enterprise manager for both Proxy/Business service.

    Now the weird thing is if I deploy my whole code base and osb in one weblogic, it works fine. I am doing it for locally and it is working fine.

    Now in my UAT enviroment,

    Where I have 2 weblogic running,

    I have to deploy EJB package in weblogic and webtier with osb in one weblogic. Now, when I test it, it is failing where my webtier requests that has Webservice policy.

    Could you please help me or give me some suggesion on the root cause and its solution?


Post a Reply

Your email address will not be published. Required fields are marked *