Passphrases themselves must be placed in the Oracle Credential Store (OCS) to prevent unauthorized access to them.
To do this, follow these steps:
On each host in the Oracle Commerce distributed application, use the Oracle Wallet Manager to create an Oracle Wallet to hold the passphrases that you specify for the truststores and keystores on that host. For information about how to do this, refer to the Oracle documentation.
On each host,
run manage_credentials.bat(Windows) ormanage_credentials.sh(UNIX) to upload the passphrases for that host to the Oracle Wallet.
Because there is only one truststore and one keystore on each host,
manage_credentials must be run only once on each host.
Note
The Oracle Credential Store is shipped with no passphrases or other credentials in it.
The following sections describe the syntax of
manage-credentials for adding passphrases to and
deleting them from the Oracle Credential Store.
manage_credentials[.bat|.sh] add [--config
path_to_jps-config.xml] [--mapName
map_name] [--user
user_id] [--key
key_name] [--type (password|generic)]
where:
|
|
Required, to identify the operation to be performed. |
|
|
The path to the Oracle Wallet configuration
file
|
|
|
Specifies the map name under which trustStorePassword and
keyStorePassword are pushed into OCS. Omit to accept the required default
( |
|
|
The ID of the user who invokes the
|
|
|
Any arbitrary value by which the passphrase
can be accessed. If you do not specify a
|
|
|
Specify
|
manage_credentials[.bat|.sh] delete [--config <path to
jps-config.xml> ] [--mapName
map_name] [--key
key_name]
where:
|
|
Required, to identify the operation to be performed. |
|
|
The path to the Oracle Wallet configuration
file
|
|
|
Specifies the map name under which
trustStorePassword and keyStorePassword were pushed into OCS. Omit to accept
the required default ( |
|
|
Required to identify the passphrase to be deleted from the Oracle Credential Store. |
If you intend to use the JDBC or ODBC adapter with the Oracle
Credential Store, you must edit
DataIngest.xml
to specify the credentials map, jpsconfig file path and opss
directory path.
To do this, modify the following tags under "Forge" component
definition in
DataIngest.xml:
credentials-map- Specify the map name specified while adding the credentials information to Oracle Credential Store. The associated credentials key name has to be specified while creating the pipeline.jps-config-path- Specify the absolute path name to the JPS Config xml file.opss-jars-dir- Specify the absolute path name to the directory where OPSS jar files are located.
Example
<forge id="Forge" host-id="ITLHost"> . . . <credentials-map>mymap</credentials-map> <jps-config-path>C:\ToolsAndFrameworks\11.1.0\server\workspace\credential_store\jps-config.xml</jps-config-path> <opss-jars-dir>C:\PlatformServices\11.1.0\lib\java\opss</opss-jars-dir> . . . </forge>
In addition, while configuring ODBC adapter, you need to specify an
additional argument tag to place
$ENDECA_ROOT\lib\java\adapter.jar in the java
classpath.
To do this, add the following elements to the Forge Component
definition in
DataIngest.xml:
<forge id="Forge" host-id="ITLHost"> . . . <args> . . . <arg>--javaClasspath</arg> <arg>C:\PlatformServices\11.1.0\lib\java\adapter.jar</arg> . . . </args> ... </forge>
