Oracle Security Service Module Settings

Contents

Overview

An Oracle Security Service Module (SSM) integrates a secured application (in this case, the Enterprise Gateway) with an Oracle Entitlements Server (OES) so that security administration (for example, roles, resources, and policies) is delegated to the Oracle Entitlements Server. An SSM must be installed on the machine hosting the application to be secured by the Oracle Entitlements Server. The SSM runs in-process with the secured application, which improves performance and on-the-wire security.

In the Policy Studio, on the Services tab, you can right-click the Enterprise Gateway process, and select Oracle -> Security Service Module (SSM) Settings . The Oracle Security Service Module Settings dialog enables you to configure the Enterprise Gateway to act as a Java SSM. For more details Oracle Entitlements Server and SSMs, see the Oracle Entitlements Server website.

Note:
Oracle Entitlements Server was previously known as BEA AquaLogic Enterprise Security (ALES). Some items, such as schema objects, paths, and so on, may still use the ALES name.

Settings

Configure the following fields on the Settings tab:

Enable Oracle Security Service Module:
Select whether to enable the Enterprise Gateway process to act as an SSM. This setting is disabled by default.

Application Configuration Name:
Enter the Application Configuration name for the SSM instance. This is the name of your runtime application used by OES (for example, for monitoring purposes).

Configuration Name:
Enter the OES Configuration name for the SSM instance to be stored in the OES Configuration Repository. Configuration names share the same name as their Policy Domain names.

Application Configuration Properties:
Click Add to specify optional configuration properties as name-value pairs. Enter a Name and Value in the Properties dialog. Repeat to specify multiple properties.

Policy Domain Name:
Enter the OES Policy Domain name for the SSM instance. Policy Domains contain policy definitions (target resource, permission set, and policy). Policy Domain names share the same name as their Configuration names.

Name Authority Definition

Configure the following field on the Name Authority Definition tab:

Name Authority Definition File:
Click the Browse button at the bottom right to configure the Name Authority Definition file for the SSM. This is an XML file that specifies the naming authority definition required for the Enterprise Gateway. For example, a specified XML file named gatewayNameAuthorityDefinition.xml file should contain the following settings:

  
<AuthorityConfig>
   <AuthorityDefinition name="gatewayResource" delimiters="/\">
     <Attribute name="protocol" type="MULTI_TOKEN" authority="URLBASE" />
   </AuthorityDefinition>

   <AuthorityDefinition name="gatewayAction" delimiters="/">
     <Attribute name="action" type="SINGLE_VALUE_TERMINAL"/>
   </AuthorityDefinition>
</AuthorityConfig>

Further Information

When you have configured the settings in the Oracle Security Service Module Settings dialog, you can use the following filters to integrate the Enterprise Gateway with Oracle Entitlements Server: