Oracle Entitlements Server includes a number of helpful administrative utilities. This section provides a reference to the following utilities:
Note: | “Configuration Files” on page 4-1 describes which configuration files are used by a particular utility. |
Observe these conventions when reading these sections:
Installs the policy database schema into the database server. If the schema already exists, it will be replaced, including existing policy. On UNIX, the program prompts you to input the arguments. Make sure the current working directory is BEA_HOME\ales32-admin\bin
before running the tool.
BEA_HOME\ales32-admin
\bin\install_ales_schema.bat <db-username> <db-password>BEA_HOME\ales32-admin
/bin/install_ales_schema.sh
install_ales_schema.bat username password
A secure password utility tool. Encrypts the password with the key and saves it using based64 encoding into the password file with corresponding alias. You can use this tool to store or update the password for the system
user or the database user. The ASIAuthorizer and BLM both look into the password.xml
for the correct password to connect to the policy database.
OES_ADMIN_HOME\bin\asipassword.bat <alias> [passwordFilename] [keyFilename]
OES_ADMIN_HOME/bin/asipassword.sh <alias> [passwordFilename] [keyFilename]
BEA_HOME/ales32-shared/keys/password.xml
) is used if you do not supply a different value for this option.
BEA_HOME/ales32-shared/keys/password.key
) is used if you do not supply a different value for this option.
In this example, the command is issued from the bin directory:
asipassword admin ../keys/password.xml ../keys/password.keycd keys
Sends an action command to the server via a Web Service interface.
OES_ADMIN_HOME\bin\asisignal.bat -url server_url [-action ping|comtest|wait|waitready|status] [-reps 1] [-interval 1000] [-?] [-dbg]
OES_ADMIN_HOME/bin/asisignal.sh -url server_url [-action ping|comtest|wait|waitready|status] [-reps 1] [-interval 1000] [-?] [-dbg]
-reps
option, sends ping until the server replies or the number of pings specified by the -reps
option has been sent.
wait
, but waits for the server to reach READY status, not just to respond to the SOAP communication.
/ManagedServer
. For example, https://host:7011/ManagedServer
.
Ping the BLM Server running on the default port:
asisignal.bat – action ping – url https://host:7011/ManagedServer
A utility to translate policy rules from the ASIAuthorizer format to XACML. It reads policies from an input file in policyloader format, translates rules to XACML, and stores the XACML rules to an output file.
OES_ADMIN_HOME\bin\policy2XACML.bat [-in filename] [-out filename] [-?]
OES_ADMIN_HOME
/bin/policy2XACML.sh [-in filename] [-out filename] [-?]
policy2XACML.bat – in rule – out rule.xacml
Enrolls an SSM instance by acquiring security certificates from the associated Administration Server. The enrollment is required to configure one-way or two-ways SSL communication (see Configuring SSL for Production Environments for more information). Before enrolling an SSM instance, make sure that the Administration Server is running.
Note: | The Apache and IIS SSMs use a different version of this script. See Usage. |
During the enrollment process, you will be asked for the administrator’s username and password to connect to the Administration Server. If the SSM is enrolled the first time, you will be asked to enter passwords for the SSM certificate private key and for key stores being generated by the tool.
For all SSMs except the IIS and Apache SSMs:
BEA_Home\ales32-shared\bin\enroll.bat <demo|secure>
BEA_Home/ales32-shared/bin/enroll.sh <demo|secure>
BEA_Home\ales32-ssm\<ssm_type>\instance\<instance_name>\adm\enroll.bat <demo|secure>
BEA_Home/ales32-ssm/<ssm_type>/instance/<instance_name>/adm/enroll.sh <demo|secure>
where
<ssm_type
> is apache-ssm
or iis-ssm
.
<instance_name
> is the SSM instance name.
DemoTrust.jks
key store. If this option is specified, the tool does not verify matching of the Administration Server host with the one from the certificate. This option should never be used in a production environment.
cacerts
file in the BEA_HOME/
jdk-version
/jre/lib/security
directory. If this option is specified, the tool verifies matching of the Administration Server host with the one from the certificate.
enroll demo
Note: | This tool has been deprecated and applies only to the Web Server SSM in this release. |
Un-enrolls an SSM instance. As the result of the un-enrollment, the SSM identity certificate will be removed from the trusted-peer key stores of servers the SSM communicates to. Before un-enrolling an SSM instance, make sure that the Administration Server is running.
During the un-enrollment process, you will be asked for the administrator’s username and password to connect to the administration server.
SSM_INSTANCE_HOME\adm\unenroll.bat <demo|secure>
SSM_INSTANCE_HOME/adm/unenroll.sh <demo|secure>
DemoTrust.jks
key store . If this option is specified, the tool does not verify matching of the Administration Server host with the one from the certificate. This option should never be used in a production environment.
cacerts
in directory BEA_HOME/
jdk-version
/jre/lib/security
. If this option is specified, the tool verifies matching of the Administration Server host with the one from the certificate.