This appendix describes the OWSM introspection plug-in for Oracle Virtual Assembly Builder.
This appendix includes the following sections:
Oracle Virtual Assembly Builder is a tool for virtualizing installed Oracle components, modifying those components, and then deploying them into an Oracle VM environment. Using Oracle Virtual Assembly Builder, you capture the configuration of existing software components in artifacts called software appliances. Appliances can then be grouped, and their relationships defined into artifacts called software assemblies which provide a blueprint describing a complete multi-tier application topology.
The OWSM introspection extension for Oracle Virtual Assembly Builder extends the functionality of the Oracle WebLogic Server Introspector, as described in "Using the Plug-in for Oracle Virtual Assembly Builder" in Administering Server Environments for Oracle WebLogic Server. The plug-in examines the configuration of OWSM-specific artifacts configured as part of a WebLogic domain.
The OWSM introspection plug-in extension works with Oracle WebLogic Server 12c version 12.1.2.0.
Table E-1 lists the OWSM introspection plug-in parameter. For more information about the parameters required by WebLogic Server, see "Introspection Plug-in Parameters" in Administering Server Environments for Oracle WebLogic Server.
Table E-1 OWSM Introspection Plug-in Parameter
| Parameter | Description |
|---|---|
|
|
Location of the Oracle Common Home directory. This parameter is optional. If specified, Oracle Virtual Assembly Builder checks for updates to the OWSM plug-in before instrospection. If not specified, the Oracle Virtual Assembly Builder does not check for updates before introspection. |
There are no additional prerequisites beyond those defined by Oracle WebLogic Server. For the prerequisites required by WebLogic Server, see "Reference System Prerequisites" in Administering Server Environments for Oracle WebLogic Server.
There are no additional usage requirements for OWSM beyond those defined by WebLogic Server. For the WebLogic Server requirements, see "Plug-in Usage Requirements" in Administering Server Environments for Oracle WebLogic Server. Table E-2 lists and describes the supported topologies for using the OWSM introspection plug-in.
Note:
Required security artifacts with valid data, including keystores and credential stores, must be present or manually created as a post-rehydration step.Table E-2 OWSM Introspection Plug-in Supported Topologies
| Topology | Description |
|---|---|
|
Single domain topology |
Introspection plug-in captures artifacts stored in document repository (MDS) and domain configuration directory ( |
|
Multiple domain topology |
Multiple domains can store data in the same policy repository (MDS). The OWSM Policy Manager application is installed on each domain and they share the same MDS. To support the multiple domain topology, MDS data for all domains is moved when any one of the domains is introspected and rehydrated. |
The OWSM plug-in does not create any resulting artifact or assembly. An assembly is created by the Oracle WebLogic Server plug-in and the OWSM plug-in only adds properties to the root assembly. For more information, see "Resulting Artifact Type" in Administering Server Environments for Oracle WebLogic Server.
No additional wiring is supported beyond that provided by the WebLogic Server plug-in. For more information, see "Wiring" in Administering Server Environments for Oracle WebLogic Server.
No additional wiring properties are supported beyond those provided by the WLS plug-in.
The following tables describe the properties for the OWSM appliance, including system and user properties.
Note:
If a user property is not modified for the introspected domain, it will not be added to the assembly.Table E-3 describes OWSM system properties.
Note:
System properties are not editable.Table E-3 OWSM System Properties
| Name | Type | Req'd | Default | Description |
|---|---|---|---|---|
|
|
String |
false |
none |
Oracle Common Home location at time of reconfiguration. |
Table E-4 describes OWSM user properties for the sts-trust-config policy assertions, including:
Table E-4 OWSM Appliance User Properties - STS Trust
| Name | Type | Req'd | Default | Display Name in Assembly Builder | Description |
|---|---|---|---|---|---|
|
|
String |
false |
none |
policyname.port-uri
|
Service port URL. |
|
|
String |
false |
none |
policyname.wsdl-uri
|
Service WSDL URL. |
Table E-5 describes OWSM user properties for the kerberos-security, wss11-kerberos-over-ssl-security, or spnego-http-security policy assertions, including:
oracle/wss11_kerberos_token_with_message_protection_client_template
oracle/wss11_kerberos_token_with_message_protection_service_template
Table E-5 OWSM User Properties - Kerberos and SPNEGO
| Name | Type | Req'd | Default | Display Name in Assembly Builder | Description |
|---|---|---|---|---|---|
|
|
String |
false |
none |
policyname.caller.principal.name
|
|
|
|
String |
false |
none |
policyname.keytab.location
|
See "keytab.location". |
|
|
String |
false |
none |
policyname.service.principal.name
|
Table E-6 describes OWSM appliance user properties for the wss11-sts-issued-token-with-certificates policy assertions, including:
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_template
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_template
Table E-6 OWSM User Properties - wss11-sts-issued-token-with-certificates
| Name | Type | Req'd | Default | Display Name in Assembly Builder | Description |
|---|---|---|---|---|---|
|
|
String |
false |
none |
policyname.sts.auth.caller.principal.name
|
|
|
|
String |
false |
none |
policyname.sts.auth.keytab.location
|
|
|
|
String |
false |
none |
policyname.sts.auth.service.principal.name
|
In OWSM, you can create configuration documents for a domain to override the configuration for that domain. These documents contain properties which might change on the target environment. For more information, see "Managing OWSM Domain Configuration".
If you specified bootstrap properties during installation of OWSM, an OWSM agent instance uses the bootstrap connection information (in the wsm-config.xml file in the fmwconfig directory) to connect to the OWSM Policy Manager. For more information, see "Managing OWSM Domain Configuration".
Table E-7 describes OWSM user properties for configuration bootstrapping.
Table E-7 OWSM Appliance User Properties - Configuration Bootstrapping
| Name | Type | Req'd | Default | Display Name in Assembly Builder | Description |
|---|---|---|---|---|---|
|
|
String |
false |
none |
bootstrap.ssl.keystore |
Configuration Manager keystore location. For more information, see "Managing OWSM Domain Configuration". |
|
|
String |
false |
none |
bootstrap.pm.url |
Configuration Manager PM URL, in the form |
|
|
String |
false |
none |
booostrap.ssl.truststore |
Configuration Manager trust store location. For more information, see "Managing OWSM Domain Configuration". |
The supported template type is Oracle Enterprise Linux (OEL).