Contents

Title and Copyright Information

Send Us Your Comments

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Customer Support
• Review Patch Documentation
• Improved Process for Oracle Retail Documentation Corrections
• Oracle Retail Documentation on the Oracle Technology Network
• Conventions

Part I Oracle Retail Applications

1 Pre-installation of Retail Infrastructure in WebLogic

• JDK Hardening for Use with Retail Applications
  • Upgrading JDK to Use Java Cryptography Extension
  • Disabling Weak SSL Protocols and Obsolete Ciphers in JDK7
• Pre-installation - Steps for Secured Setup of Oracle Retail Infrastructure in WebLogic
  • Certificate Authority
  • Obtaining an SSL Certificate and Setting up a Keystore
  • Creating a WebLogic Domain
  • Configuring the Application Server for SSL
  • Configuring WebLogic Scripts if Admin Server is Secured
  • Additional Configuration for WLS_FORMS (For forms server)
  • Adding Certificate to the JDK Keystore for Installer
  • Enforcing Stronger Encryption in WebLogic
    • SSL protocol version configuration
    • Upgrading JDK to Use Java Cryptography Extension
    • Enabling Cipher in WebLogic SSL Configuration
  • Securing Nodemanager with SSL Certificates
  • Using Secured Lightweight Directory Access Protocol (LDAP)
  • Connecting from Forms Application to Secured Database
  • Enabling Access to Secured Database from Forms Oracle Home - Optional
  • Webservice Security Policies
  • Additional Pre-requisite for Oracle Retail Service Backbone (RSB) Security Policies
• Advanced Infrastructure Security

2 Post Installation of Retail Infrastructure in Database

• Configuring SSL Connections for Database Communications
  • Configuring SSL on the Database Server
  • Configuring SSL on an Oracle Database Client
  • Configuring SSL on a Java Database Connectivity (JDBC) Thin Client
• Configuring the Password Stores for Database User Accounts
• Configuring the Database Password Policies
• Configuring SSL for Oracle Data Integrator (ODI)
• Creating an Encrypted Tablespace in Oracle 12c Container Database
• Additional Information

3 Post Installation of Retail Infrastructure in WebLogic

• Retail Application Specific Post installation Steps for Security
  • Batch Set Up for SSL Communication
  • Oracle Business Intelligence (BI) Publisher - Disable Guest User - Optional
  • Retail Merchandising System (RMS) - Forms Timeout Setting - Optional
• Asynchronous Task JMS Queue Security
  • Verifying and Creating Required Async Task Job Role and User
  • Securing the Asynchronous Task JMS Queue
  • Allowing Publishing to a Secured Asynchronous Task JMS Queue
• Hardening Use of Headers and Transport Layer Security
  • Virtual Host Configuration
  • Retail Applications web.xml Configurations
• Update weblogic.jdbc.remoteEnabled in setStartupEnv.sh

4 Troubleshooting

• Enabling TLS1.1 and 1.2 Protocols in Internet Explorer 11
• Hardening Local JRE for Use with Retail Applications
• Java Version 7 SSL Handshake Issue while Using Self Signed Certificates
  • Importing the Root Certificate in Local Client JRE
  • Importing the Root Certificate to the Browser
    • Importing the Root Certificate through Internet Explorer
    • Importing the Root Certificate through Mozilla Firefox
• Secure Cookies
• Changes to Web Application Descriptor
• Launching Issues with SIM
• Disabling Hostname Verification
• Verifying the Certificate Content
• Verifying the Keystore Content
• Integration Issues
• Errors in WLS_FORMS
• HTTPS Service Encountering Redirect Loop After Applying Policy A

5 Importing Topology Certificate

• Importing Certificates into Middleware and Repository of Oracle Retail Applications

6 Using Self Signed Certificates

• Creating a Keystore through the Keytool in Fusion Middleware (FMW) 11g
• Exporting the Certificate from the Identity Keystore into a File
• Importing the Certificate Exported into trust.keystore
• Configuring WebLogic
• Configuring Nodemanager
• Importing Self Signed Root Certificate into Java Virtual Machine (JVM) Trust Store
• Disabling Hostname Verification
• Converting PKCS7 Certificate to x.509 Certificate

Part II Oracle Retail Store Inventory Management

7 Overview of Store Inventory Management Security

• General Security Considerations
  • Software and Patches
  • Reducing the Scope for Security Breaches
    • General Principles
    • Securing the Environment
    • Separating Components
    • Network Access
    • User Access
    • Handheld Devices
• Installation
  • Pre-Installation
  • Installation
  • Post Installation
    • Role Based Security and User Management
    • Web Based Security

8 Security Features

• Overview of Security Features
• Dependent Applications
• Technical Overview of Security Features
  • Authentication
  • Authorization
  • Audit
  • User Management
• Encryption and Hashing

9 Administration

• Roles and Permissions
• Common Application Administration
• Extending/Customization
• References