Administrative Reference

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Administrative Utilities

Oracle Entitlements Server includes a number of helpful administrative utilities. This section provides a reference to the following utilities:

Note: “Configuration Files” on page 4-1 describes which configuration files are used by a particular utility.

Observe these conventions when reading these sections:

 

install_ales_schema

Installs the policy database schema into the database server. If the schema already exists, it will be replaced, including existing policy. On UNIX, the program prompts you to input the arguments. Make sure the current working directory is BEA_HOME\ales32-admin\bin before running the tool.

Usage 

BEA_HOME\ales32-admin\bin\install_ales_schema.bat <db-username> <db-password> 
BEA_HOME\ales32-admin/bin/install_ales_schema.sh

Options

db-username

Login ID, usually same as owner

db-password

Password for the db-username

Example 

install_ales_schema.bat username password

 

asipassword

A secure password utility tool. Encrypts the password with the key and saves it using based64 encoding into the password file with corresponding alias. You can use this tool to store or update the password for the system user or the database user. The ASIAuthorizer and BLM both look into the password.xml for the correct password to connect to the policy database.

Usage 

OES_ADMIN_HOME\bin\asipassword.bat <alias> [passwordFilename] [keyFilename]
OES_ADMIN_HOME/bin/asipassword.sh <alias> [passwordFilename] [keyFilename]

Options

alias

The alias for the password, often the username.

passwordFileName

The filename for the xml password file. The default (BEA_HOME/ales32-shared/keys/password.xml) is used if you do not supply a different value for this option.

keyFileName

The filename for the password key file. The default (BEA_HOME/ales32-shared/keys/password.key) is used if you do not supply a different value for this option.

Example

In this example, the command is issued from the bin directory: 

asipassword admin ../keys/password.xml ../keys/password.keycd keys

 

asisignal

Sends an action command to the server via a Web Service interface.

Usage

OES_ADMIN_HOME\bin\asisignal.bat -url server_url [-action ping|comtest|wait|waitready|status] [-reps 1] [-interval 1000] [-?] [-dbg]

OES_ADMIN_HOME/bin/asisignal.sh -url server_url [-action ping|comtest|wait|waitready|status] [-reps 1] [-interval 1000] [-?] [-dbg]

Options

-action ping, comtest

Send a simple SOAP call to the server, and see if server returns a valid SOAP result.

-action status

Get the server status. Could be INITING or READY.

-action wait

Continuously ping the server until the server replies. If you use this option together with the -reps option, sends ping until the server replies or the number of pings specified by the -reps option has been sent.

-action waitready

Like wait, but waits for the server to reach READY status, not just to respond to the SOAP communication.

-url

The Managed Server SOAP service URL (endpoint), usually ends with /ManagedServer. For example, https://host:7011/ManagedServer.

-reps

Repeat count. Used with the -wait and -waitready actions.

-interval

Sleep interval between each action, in milliseconds. Default is 1000 msecs (1s).

-?

Print a help message.

-dbg

Turn on debug for this utility.

Example

Ping the BLM Server running on the default port:

asisignal.bat – action ping – url https://host:7011/ManagedServer

 

policy2XACML

A utility to translate policy rules from the ASIAuthorizer format to XACML. It reads policies from an input file in policyloader format, translates rules to XACML, and stores the XACML rules to an output file.

Usage 

OES_ADMIN_HOME\bin\policy2XACML.bat [-in filename] [-out filename] [-?]
OES_ADMIN_HOME/bin/policy2XACML.sh [-in filename] [-out filename] [-?]

Options

-in

The input policy file name. If not provided, read standard input, until EOF is detected.

-out

The output policy file name. If not provided, print to standard output.

Example 

policy2XACML.bat – in rule – out rule.xacml

 

enroll

Enrolls an SSM instance by acquiring security certificates from the associated Administration Server. The enrollment is required to configure one-way or two-ways SSL communication (see Configuring SSL for Production Environments for more information). Before enrolling an SSM instance, make sure that the Administration Server is running.

Note: The Apache and IIS SSMs use a different version of this script. See Usage.

During the enrollment process, you will be asked for the administrator’s username and password to connect to the Administration Server. If the SSM is enrolled the first time, you will be asked to enter passwords for the SSM certificate private key and for key stores being generated by the tool.

Usage

For all SSMs except the IIS and Apache SSMs: 

BEA_Home\ales32-shared\bin\enroll.bat <demo|secure>
BEA_Home/ales32-shared/bin/enroll.sh <demo|secure>

For the IIS and Apache SSMs: 

BEA_Home\ales32-ssm\<ssm_type>\instance\<instance_name>\adm\enroll.bat <demo|secure>
BEA_Home/ales32-ssm/<ssm_type>/instance/<instance_name>/adm/enroll.sh <demo|secure>

where
<ssm_type> is apache-ssm or iis-ssm.
<instance_name> is the SSM instance name.

Options

demo

Enrolls the SSM instance and verifies Administration Server certificate using the demo CA certificate from the DemoTrust.jks key store. If this option is specified, the tool does not verify matching of the Administration Server host with the one from the certificate. This option should never be used in a production environment.

secure

Enrolls the SSM instance and verifies the Administration Server certificate using trusted CA certificates from the cacerts file in the BEA_HOME/jdk-version/jre/lib/security directory. If this option is specified, the tool verifies matching of the Administration Server host with the one from the certificate.

Example 

enroll demo

 

unenroll

Note: This tool has been deprecated and applies only to the Web Server SSM in this release.

Un-enrolls an SSM instance. As the result of the un-enrollment, the SSM identity certificate will be removed from the trusted-peer key stores of servers the SSM communicates to. Before un-enrolling an SSM instance, make sure that the Administration Server is running.

During the un-enrollment process, you will be asked for the administrator’s username and password to connect to the administration server.

Usage 

SSM_INSTANCE_HOME\adm\unenroll.bat <demo|secure>
SSM_INSTANCE_HOME/adm/unenroll.sh <demo|secure>

Options

demo

Un-enrolls the SSM instance and verifies the Administration Server certificate using the demo CA certificate from the DemoTrust.jks key store . If this option is specified, the tool does not verify matching of the Administration Server host with the one from the certificate. This option should never be used in a production environment.

secure

Un-enrolls the SSM instance and verifies the Administration Server certificate using trusted CA certificates from the file cacerts in directory BEA_HOME/jdk-version/jre/lib/security. If this option is specified, the tool verifies matching of the Administration Server host with the one from the certificate.

Example

unenroll demo


  Back to Top       Previous  Next