Java Installation
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
This section covers tasks that you must perform after completing the installation.
Note: Some of the procedures described here require basic knowledge of WebLogic Enterprise Security products. If you need assistance with any task, see the Administration Console online help or the Administration Application Guide for more details. It is assumed that you know the location of the products you have installed, including the Security Service Module and the Administration Server.
This section describes how to enroll the Service Control Manager. Each machine on which you install a Security Service Module must have one (and only one) enrolled Service Control Manager. You only need to follow this procedure if you installed the Security Service Module on a machine other than the one that contains the Administration Application.
Note: While you can use the demonstration digital certificate in a development environment, you should never use it in a production environment.
To configure enrollment in demo mode, perform the following steps:
ENTER
> to register the domain, enter the following information, Type: 5 and press <ENTER>
again:Enter Enterprise Domain Name :> (For example: asi)
Enter Primary Admin URL :> (For example: https://adminmachine
:7010/asi)
Secondary Admin URL :> (This value is optional. Same format as primary URL)
SCM name :> (For example:ssmmachinename_ssm
)
SCM port :> (Default: 7010)
ssl\identity.jks
keystore. This keystore contains the identities for all the components you are enrolling.ssl\peer.jks
keystore. This keystore contains the certificates of components with which this Security Service Module can communicate.ssl\trust.jks
keystore. This keystore contains the WebLogic Enterprise Security CA certificate used for enrollment.
You configure a Service Control Manager (SCM) for each of the machines on which you have installed one of more Security Service Modules (SSM). Each machine must have one (and only one) configured Service Control Manager. For example, if you install an SSM on the same machine as the Administration Application, you must use the adminconfig
SCM, which was configured for you when you installed the Administration Application.
Note: When you use the Instance Wizard to create an instance of a SSM on a machine, you link the instance to a SCM by name. When you install multiple SSMs of different types (Web Server or Web Services, WebLogic Server 8.1, and Java) on the same machine, they all must use the same SCM.
To configure a SCM, see the Administration Application Console Help and use the WebLogic Enterprise Security Administration Console.
The instructions for performing this task are also available in Configuring a Service Control Manager" in the BEA WebLogic Enterprise Administration Application Guide.
Configure a SSM with the security providers that you require for the Java SSM and bind it to the SCM. You have the option of configuring either the default security providers that ship with the product or custom security providers, which you develop or purchase from third-party security vendors. The Java Security Service Module supports the following types of security providers:
To configure these providers and bind the configuration to the SCM, perform the following steps:
java_ssm
) and click Create.Note: Later, when you use the Instance Wizard to create an instance of the SSM to which this secruity configuration will be applied, you will use the Configuration ID to link the SSM instance to this security configuration.
Before starting a Java Security Service Module (SSM), you must create a named instance of the SSM using the Instance Wizard.
To create an instance of the Java Security Service Module:
instancewizard.sh
You must have the Administration Application services running prior to enrolling the Security Service Module.
Note: While you can use the demonstration digital certificate in a development environment, you should never use it in a production environment.
To enroll the Security Service Module:
/adm
directory: BEA_HOME/wles42-ssm/java-ssm/instance/
instancename
/adm
, where instancename
is the name you assigned to the instance when you created it.admin
username and password. This is the username and password of the Security Administrator doing the enrollment. ssl\identity.jks
keystore. This keystore contains the identities for all the components you are enrolling.ssl\peer.jks
keystore. This keystore contains the certificates of components with which this Security Service Module can communicate.ssl\trust.jks
keystore. This keystore contains the WebLogic Enterprise Security CA certificate used for enrollment.
After you install the Security Service Module, create the instance, and enroll it, you must start the necessary processes by running the appropriate batch or shell scripts. Before you start these processes, make sure that the Administration Server and all of its services are running.
For each machine, you must start the following processes:
For instructions on how to start and stop the required processes, see Starting and Stopping Processes for Security Service Modules in the Administration Application Guide.
You have completed the installation and configuration of the Java Security Service Module. Your Security Administrator can now configure your security services using the security providers for your Security Service Module, through the Administration Console.
Before you begin to configure security services, you should read the information on security configuration and administration in the Administration Console online help or in the Administration Application Guide. Descriptions of how to configure the Service Control Manager, the Security Service Module, and the providers, and then deploy your changes are provided there.
![]() ![]() |
![]() |
![]() |