This chapter describes how to install and configure Oracle Entitlements Server 11g Release 2 (11.1.2).
It discusses the following topics:
Installation and Configuration Roadmap for Oracle Entitlements Server
Creating Oracle Entitlement Server Schemas (For Apache Derby Only)
Configuring Oracle Entitlements Server Administration Server
Getting Started with Oracle Entitlements Server After Installation
Before you start installing and configuring Oracle Identity and Access Management products in any of the scenarios discussed in this guide, note that IAM_Home is used to refer to the Oracle Home directory that includes Oracle Identity Manager, Oracle Access Management, Oracle Adaptive Access Manager, Oracle Entitlements Server, Oracle Identity Navigator, Oracle Privileged Account Manager, and Oracle Access Management Mobile and Social. You can specify any name for this Oracle Home directory.
Oracle Entitlements Server, formerly AquaLogic Enterprise Security, is a fine-grained authorization and entitlement management solution that can be used to precisely control the protection of application resources. It simplifies and centralizes security for enterprise applications and SOA by providing comprehensive, reusable, and fully auditable authorization policies and a simple, easy-to-use administration model. For more information, see "Introducing Oracle Entitlements Server" in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server.
Oracle Entitlements Server 11g includes two distinct components:
Oracle Entitlements Server Administration Server
This component is included in the Oracle Identity and Access Management 11g Release 2 (11.1.2.0.0) installation and requires Oracle WebLogic Server that creates the Middleware Home directory.
Oracle Entitlements Server Client (Security Module)
This component has its own installer and it is not included in the Oracle Identity and Access Management 11g Release 2 (11.1.2.0.0) installation. The Oracle Entitlements Server Client does not require Oracle WebLogic Server.
Table 8-1 lists the tasks for installing and configuring Oracle Entitlements Server.
Table 8-1 Installation and Configuration Flow for Oracle Entitlements Server
No. | Task | Description |
---|---|---|
1 |
Review installation concepts in the Installation Planning Guide. |
Read the Oracle Fusion Middleware Installation Planning Guide, which describes the process for various users to install or upgrade to Oracle Fusion Middleware 11g (11.1.2) depending on the user's existing environment. |
2 |
Review the system requirements and certification documents to ensure that your environment meets the minimum installation requirements for the components you are installing. |
For more information, see Section 2.1, "Reviewing System Requirements and Certification". |
3 |
Obtain the Oracle Fusion Middleware Software. |
For more information, see Section 3.2.1, "Obtaining the Oracle Fusion Middleware Software" |
4 |
Install one of the following database for the Oracle Entitlements Server policy store:
|
Oracle recommends to install Oracle Database. If you are installing Oracle Database, see Section 3.2.2, "Database Requirements". |
5 |
Create and load the appropriate schemas for Oracle Entitlements Server. |
Depending on the policy store you choose for Oracle Entitlements Server, complete one of the following:
|
6 |
Review WebLogic Server and Middleware Home requirements. |
For more information, see Section 3.2.4, "WebLogic Server and Middleware Home Requirements". |
7 |
Start the Oracle Identity and Access Management Installer. |
For more information, see Section 3.2.6, "Starting the Oracle Identity and Access Management Installer". |
8 |
Install the Oracle Identity and Access Management 11g software. |
Oracle Entitlements Server is included in the Oracle Identity and Access Management Suite. You can use the Oracle Identity and Access Management 11g Installer to install Oracle Identity and Access Management Suite. For more information, see Section 3.2.7, "Installing Oracle Identity and Access Management (11.1.2)". |
9 |
Run the Oracle Fusion Middleware Configuration Wizard to configure Oracle Entitlements Server Administration Server. |
For more information, see Section 8.5, "Configuring Oracle Entitlements Server Administration Server". |
10 |
Install the Oracle Entitlements Server Client software. |
For more information, see Section 8.6, "Installing Oracle Entitlements Server Client". |
11 |
Configure Oracle Entitlements Server Client. |
For more information, see Section 8.7, "Configuring Oracle Entitlements Server Client". |
12 |
Get started with Oracle Entitlements Server. |
For more information, see Section 8.8, "Getting Started with Oracle Entitlements Server After Installation". |
If you are using Apache Derby for Oracle Entitlements Server policy store, then you must complete the following:
Open setNetworkServerCP
(located in wlserver_10.3/common/derby/bin
on UNIX) or setNetworkServerCP.bat
(located in wlserver_10.3\common\derby\bin
on Windows) in a text editor and specify the DERBY_HOME
as shown in the following example:
DERBY_HOME="Oracle/Middleware/wlserver_10.3/common/derby"
Start the Apache Derby database by running the following commands:
setNetworkServerCP
(UNIX) or setNetworkServerCP.bat
(Windows).
startNetworkServer
(located in wlserver_10.3/common/derby/bin
on UNIX) or startNetworkServer.bat
(located in wlserver_10.3\common\derby\bin
on Windows).
You can also run startDerby.sh
(located in wlserver_10.3/common/bin
) or startDerby.cmd
(located in wlserver_10.3\common\bin
) to start the Apache Derby database. The Apache Derby database also starts automatically when you start Oracle WebLogic Server.
Test the network server connection, by running ij
(located in wlserver_10.3/common/derby/bin
on UNIX) or ij.bat
(located in wlserver_10.3\common\derby\bin
on Windows) as follows:
bin/ij
Connect to the Apache Derby Server, as shown in the following example:
ij> connect 'jdbc:derby://127.0.0.1:1527/data/oesdb;create=true';
oesdb
is the name of database and data
is the relative path (based on the directory where you start the server. In this example, it is Oracle/Middleware/wlserver_10.3/common/derby/bin
where the database files will be saved.
Open opss_user.sql
(located in RCU_HOME/rcu/integration/apm/sql/derby
) in a text editor and replace &&1
with the schema user name.
Repeat the above steps for the following SQL files (located in RCU_HOME/rcu/integration/apm/sql/derby
):
opss_tables.sql
opss_version.sql
opss_gencatalog.sql
Note:
This is the schema name you will specify when you configure the Oracle Entitlements Server described in Configuring Oracle Entitlements Server Administration Server.
Run the following SQL files (located in RCU_HOME/rcu/integration/apm/sql/derby
) in the ij console:
run'opss_user.sql';
run'opss_tables
.sql';
run'opss_version.sql';
run'opss_gencatalog.sql';
Note:
Ensure that you run the SQL files in the same order listed above and make a note of the schema owner and password that you have created.
This topic describes how to configure Oracle Entitlements Server in a new WebLogic domain. It includes the following sections:
Configuring Oracle Entitlements Server in a New WebLogic Domain
Configuring Security Store for Oracle Entitlements Server Administration Server
Verifying Oracle Entitlements Server Administration Server Configuration
Performing the configuration in this section deploys the following:
WebLogic Administration Server
Oracle Entitlements Server application on the Administration Server
The following are the prerequisites for configuring Oracle Entitlements Server 11g Release 2 (11.1.2):
You must install Oracle Entitlements Server Administration Server as described in Section 8.3, "Installation and Configuration Roadmap for Oracle Entitlements Server".
If you are using Apache Derby, then you must extract the oracle.apm_11.1.1.3.0_template_derby.zip
file (located in IAM_HOME/common/templates/applications
) and save oracle.apm_11.1.1.3.0_template_derby.jar
file to the following location:
IAM_HOME\common\templates\applications
Perform the following steps to configure Oracle Entitlements Server in a new WebLogic domain:
Note:
You must have a dedicated Oracle WebLogic Server domain for Oracle Entitlements Server. Do not configure any other Oracle Identity and Access Management components in this domain.
Run the IAM_HOME/common/bin/config.sh
script (on UNIX), or IAM_HOME\common\bin\config.cmd
(on Windows).
The Fusion Middleware Configuration Wizard appears.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server for Admin Server- 11.1.1.0 [IAM_Home] option, and click Next.
Notes:
When you select the Oracle Entitlements Server for Admin Server- 11.1.1.0 [IAM_Home] option, the following options are also selected, by default:
Oracle Platform Security Service 11.1.1.0 [IAM_Home]
Oracle JRF 11.1.1.0 [oracle_common]
If you using Apache Derby, then select the Oracle Entitlements Server Derby template.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic
. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Configure JDBC Component Schema screen is displayed.
On the Configure JDBC Component Schema screen, select the OPSS Schema and specify the Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next.
Note:
You get the Schema information from the steps you completed in Section 8.4, "Creating Oracle Entitlement Server Schemas (For Apache Derby Only)".
The Test JDBC Component Schema screen appears.
Select the component schema you want to test, and click Test Connections. After the test succeeds, click Next.
The Select Optional Configuration screen appears.
On the Select Optional Configuration screen, you can configure the Administration Server, Managed Servers, Clusters, Machines, Deployments and Services, and RDBMS Security Store. Select the relevant check boxes, and click Next.
Note:
This step is optional.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
A new WebLogic domain to support Oracle Entitlements Server is created in the <MW_HOME>\user_projects\domains
directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains
directory.
You must run the configureSecurityStore.py
script to configure the security store for Oracle Entitlements Server Administration Server.
The configureSecurityStore.py
script is located in the <IAM_HOME>\common\tools
directory. You can use the -h
option for help information about using the script.
For example:
<MW_HOME>\oracle_common\common\bin\wlst.sh <IAM_HOME>\common\tools\configureSecurityStore.py -h
Configure the security store for Oracle Entitlements Server Administration Server as follows:
On Windows:
<MW_HOME>\oracle_common\common\bin\wlst.cmd <IAM_HOME>\common\tools\configureSecurityStore.py -d <domaindir> -s <datasource> -f <farmname> -t <servertype> -j <jpsroot> -m <mode> -p <password>
For example:
<MW_HOME>\oracle_common\common\bin\wlst.cmd <IAM_HOME>\common\tools\configureSecurityStore.py -d <MW_Home>\user_projects\domains\base_domain -t DB_ORACLE -j cn=jpsroot -m create -p welcome1
On UNIX:
<MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -s <datasource> -f <farmname> -t <servertype> -j <jpsroot> -m <mode> -p <password>
For example:
<MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <MW_Home>/user_projects/domains/base_domain -t DB_ORACLE -j cn=jpsroot -m create -p welcome1
Table 8-2 describes the parameters that you may specify on the command line.
Table 8-2 OES Administration Server Security Store Configuration Parameters
Parameter | Description |
---|---|
|
Location of the Oracle Entitlements Server Administration Server Domain. |
|
The data source of security store configured in domain. It is optional, default value is |
|
The security store farm name. It is optional, default value is the domain name. |
|
The policy store type. For example: It is optional, default value is |
|
The distinguished name of jpsroot. It is optional, default value is |
|
|
|
The configuration mode of the domain. For example: It is optional, default value is Note: If For example: If the OES Administration Server is deployed in the domain where other Oracle Identity and Access Management components (OIM, OAM, OAAM, OPAM, or OIN) are deployed, then the domain is configured in mixed mode. In this case, the OES Administration Server is used for managing the Oracle Identity and Access Management policies only. It should not be used to manage the policies for any other applications protected by OES Security Modules. If For example: If you want to use OES Administration Server to manage custom applications which are protected by OES Security Modules, then the OES Administration Server must be deployed in a domain with non-controlled distribution mode. |
|
The OPSS schema password. |
|
The directory containing the encryption key file |
|
The password used when the domain's key file was generated. If |
|
The user name of the OPSS schema. If |
You must start the Administration Server by running the following command on the command line:
Windows:
MW_HOME\user_projects\domains\domain_name\bin\startWebLogic.cmd
UNIX:
MW_HOME/user_projects/domains/domain_name/bin/startWebLogic.sh
To verify that your Oracle Entitlements Server Administration Server configuration was successful, use the following URL to log in to the Oracle Entitlements Server Administration Console:
http://hostname:port/apm/
Where hostname
is the DNS name or IP address of the Administration Server and port
is the address of the port on which the Administration Server listens for requests.
For more information, see the section "Logging In to and Signing Out of the User Interface" in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server.
This section contains the following topic:
You must install and configure Oracle Entitlements Server Administration Server, as described in Section 8.3, "Installation and Configuration Roadmap for Oracle Entitlements Server".
For more information on obtaining Oracle Entitlements Server Client 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
To install Oracle Entitlements Server Client 11g Release 2 (11.1.2.0.0), extract the contents of oesclient.zip
to your local directory and then run setup.exe
(on Windows) or./runInstaller
(on UNIX) from the Disk1
directory.
Note:
The installer prompts you to enter the absolute path of the JDK that is installed on your system. When you install Oracle WebLogic Server, the jdk160_29
directory is created under your Middleware Home. You must enter the absolute path of the JRE folder located in this JDK when launching the installer. For example, on Windows, if the JRE is located in C:\oracle\Middleware\jdk160_29
, then launch the installer from the command prompt as follows:
C:\setup.exe -jreLoc C:\oracle\Middleware\jdk160_29\jre
You must specify the -jreLoc
option on the command line when using the JDK to avoid installation issues.
Follow the instructions in Table 8-3 to install Oracle Entitlements Server Client.
If you need additional help with any of the installation screens, click Help to access the online help.
Table 8-3 Installation Flow for the Oracle Entitlements Server Client
No. | Screen | Description and Action Required |
---|---|---|
1 |
Welcome |
Click Next to continue. |
2 |
Prerequisite Checks |
If all prerequisite checks pass inspection, then click Next to continue. |
3 |
Specify Installation Location |
In the Oracle Home Directory field, enter the directory where you want to install the Oracle Entitlements Server client. This directory is also referred to as Note: If the Security Module you want to configure requires creation of a WebLogic domain, then you must install the Oracle Entitlements Server client in the Middleware Home that was created during WebLogic Server installation. Oracle recommends that you install the Oracle Entitlements Server client in a separate directory in the same Middleware Home where the Oracle Entitlements Server Administration server is installed. For example, Click Next to continue. |
4 |
Installation Summary |
The Installation Summary Page screen displays a summary of the choices that you made. Review this summary and decide whether to start the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing OES Client Management, click Install. |
5 |
Installation Progress |
If you are installing on a UNIX system, you may be asked to run the Click Next to continue. |
8 |
Installation Complete |
Click Finish to dismiss the installer. This installation process copies the OES Client software to your system and creates an |
To verify that your Oracle Entitlements Server Client install was successful, go to your Oracle Home directory which you specified during installation and verify that the Oracle Entitlements Server Client installation files are created.
After installing the Oracle Entitlements Server Client software, you must apply a patch to oracle_common
directory using OPatch.
Note:
This patch is required only if you have installed the Oracle Entitlements Server Client software in a separate Middleware Home than the Oracle Entitlements Server Administration Server.
Skip this step if you are installing the Oracle Entitlements Server Client software into the same Middleware Home as the Oracle Entitlements Server Administration Server, because it has already been applied automatically.
This patch applies only to the following Security Module configurations:
WebLogic Server Security Module in a JRF environment
Web Service Security Module on Oracle WebLogic Server domain in a JRF environment
WebSphere Security Module in a JRF environment
Oracle Service Bus Security Module
To apply a patch to oracle_common
directory using OPatch, do the following:
Go to the OES_Client_Home/oneoffpatches
directory.
Extract the contents of 13591235.zip
file and go to the OES_Client_Home/oneoffpatches/13591235
directory.
Follow the instructions provided in README.txt
file located in the OES_Client_Home/oneoffpatches/13591235
directory.
Oracle Entitlements Server Client distributes policies to individual Security Modules that protect applications and services. Policy data is distributed in a controlled manner or in a non-controlled manner. The distribution mode is defined in the jps-config.xml
configuration file for each Security Module. The specified distribution mode is applicable for all Application Policy objects bound to that Security Module.
Note:
Oracle recommends that you configure Oracle Entitlements Server Client in the controlled distribution mode.
This section describes how to configure the following:
These section describes how to configure the Security Module quickly using pre-existing smconfig.prp
files.
Configuring Web Service Security Module in a Controlled Push Mode
Configuring Oracle WebLogic Server Security Module in a Controlled Push Mode
To configure Java Security Module instance in a controlled distribution mode, do the following:
Open smconfig.java.controlled.prp
file (located in, OES_CLIENT_HOME/oessm/SMConfigTool
) in a text editor, and then specify the parameters described in Table 8-4.
Run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd (located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh –smConfigId <SM_NAME> -prpFileName OES_CLIENT_HOME/oessm/SMConfigTool/smconfig.java.controlled.prp
When prompted, specify the following:
Oracle Entitlements Server user name (This is the Administration Server's user name).
Oracle Entitlements Server password (This is the Administration Server's password)
New key store password for enrollment
To configure RMI Security Module instance in a controlled distribution mode, then do the following:
Open smconfig.rmi.controlled.prp
file (located in OES_CLIENT_HOME/oessm/SMConfigTool
) in a text editor, and then specify the parameters described in Table 8-4.
Run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh –smConfigId <SM_NAME> -RMIListeningPort <RMISM_PORT> -prpFileName OES_CLIENT_HOME/oessm/SMConfigTool/smconfig.rmi.controlled.prp
When prompted, specify the following:
Oracle Entitlements Server user name (This is the Administration Server's user name)
Oracle Entitlements Server Password (This is the Administration Server's password)
New key store password for enrollment
To configure Webservice Security Module instance in a controlled distribution mode, do the following:
Open smconfig.ws.controlled.prp
file (located in OES_CLIENT_HOME/oessm/SMConfigTool
) in a text editor, and then specify the parameters described in Table 8-4.
Run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh –smConfigId <SM_NAME> -WSListeningPort <WSSM_PORT> -prpFileName OES_CLIENT_HOME/oessm/SMConfigTool/smconfig.ws.controlled.prp
When prompted, specify the following:
Oracle Entitlements Server user name (This is the Administration Server's user name)
Oracle Entitlements Server password (This is the Administration Server's password)
Key store password for enrollment
To configure Oracle WebLogic Server Security Module instance in a controlled distribution mode, do the following:
Open smconfig.wls.controlled.prp
file (located in OES_CLIENT_HOME/oessm/SMConfigTool
) in a text editor, and then specify the parameters described in Table 8-4.
Run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
for Windows) as follows:
config.sh –smConfigId <SM_NAME> -prpFileName $OES_CLIENT_HOME/oessm/SMConfigTool/smconfig.wls.controlled.prp –serverLocation <Location of Web Logic Server Home
Create a Oracle Entitlements Server Client domain, as described in Configuring OES Client Domain in a Non-JRF Environment or Configuring OES Client Domain in a JRF Environment.
For more information about distribution modes, see the section "Defining Distribution Modes" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server.
The following sections explains how to configure distribution modes.
To configure a controlled Distribution mode, open the smconfig.prp
file (located in OES_CLIENT_HOME/oessm/bin/SMConfigTool
) in a text editor, and edit the following parameters described in Table 8-4.
Table 8-4 smconfig.prp File Parameters (Controlled Distribution)
Parameter | Description |
---|---|
|
Accept the default value |
|
Enter the address of the Oracle Entitlements Server Administration Server. |
|
Enter the SSL port number of the Oracle Entitlements Server Administration Server. You can find the SSL port number from the WebLogic Administration console. |
Open the smconfig.prp
file (located in OES_CLIENT_HOME/oessm/bin/SMConfigTool
) in a text editor and edit the following parameters described in Table 8-5.
Table 8-5 smconfig.prp File Parameters Non- Controlled Distribution
Parameter | Description |
---|---|
|
Enter non- |
|
Specify the policy store type. For example, |
|
Specify your database policy store JDBC URL. |
|
Specify your LDAP URL. |
|
Specify your domain name. The default value is |
|
Specify the root name of jps context. The default value is |
Oracle Entitlements Server Client includes the following Security Modules:
Configuring Web Service Security Module on Oracle WebLogic Server
Configuring Microsoft SharePoint Server (MOSS) Security Module
The WebLogic Security Module is a custom Java Security Module that includes both a Policy Decision Point and a Policy Enforcement Point. It can receive requests directly from the WebLogic Server without the need for explicit authorization API calls. It will only run on the WebLogic Server container.
To configure a WebLogic Server Security Module instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh -onJRF -smType wls -smConfigId mySM_WLS -serverLocation MW_HOME/wlserver_10.3/
Note:
If you are using a non-JRF environment, do not specify the -onJRF
parameter.
In non-controlled and controlled-pull distribution modes, when prompted, specify the Oracle Entitlements Server schema user name and password.
Table 8-6 describes the parameters you specify on the command line.
Table 8-6 Oracle WebLogic Server Security Module Parameters
Parameter | Description |
---|---|
|
Type of security module instance you want to create. It should be |
|
Name of the security module instance. For example, |
|
Location of the Oracle WebLogic Server. |
Note:
Non-controlled mode is the default distribution mode for Oracle WebLogic Server Security Module in a JRF environment.
Controlled-push mode is the default distribution mode for Oracle WebLogic Server Security Module in a non-JRF environment.
Controlled-push mode is not supported for Oracle WebLogic Server Security Module in a JRF enabled domain.
The Configuration Wizard is displayed. You can create an Oracle Entitlements Server Client domain in a JRF environment and a non-JRF environment. Depending on the option you select complete one of the following:
Configuring OES Client Domain in a Non-JRF Environment
To create the Oracle Entitlements Server Client domain without JRF, complete the following steps:
The Fusion Middleware Configuration Wizard appears after you invoke the Security Module configuration tool.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server WebLogic Security Module - 11.1.1.0 [oesclient] option. Click Next.
Note:
Ensure that you do not select the domain template Oracle Entitlements Server for Admin Server - 11.1.1.0 [IAM_HOME] which is associated with the Oracle Entitlements Server Administration Server.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic
. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Administration Server and Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store options. Click Next.
Optional: Configure the following Administration Server parameters:
Name: Valid server names are a string of characters (alphabetic and numeric). The name must be unique in the domain. For example, AdminServer
.
Listen address: From the drop-down list, select a value for the listen address. See Specifying the Listen Address for information about the available values.
Listen port—Enter a valid value for the listen port to be used for regular, nonsecure requests (through protocols such as HTTP and T3). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7001
.
Note:
Ensure that the value for the listen port is different from the listen port of the other Oracle Identity and Access Management components. For more information, see "Managing Ports" in the Oracle Fusion Middleware Administrator's Guide.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7002
.
Note:
After you specify the SSL listen port value, you must update the oracle.security.jps.pd.clientPort
property in the smconfig.wls.controlled.prp
file or smconfig.prp
file with the SSL listen port value. You must then run the smconfig
tool for Oracle WebLogic Server Security Module and set the Administration Server SSL port to the port specified in oracle.security.jps.pd.clientPort
.
Optional: Configure Managed Servers, as required.
In the Configure Managed Servers screen, click Add and create two Managed Servers. Enter the following information:
Name: Enter OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen address: From the drop-down list, select a value for the listen address for OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen port—Enter a valid value for the listen port to be used for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S) for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use the ping
command to verify whether the machine or host name is accessible.
Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
Configuring OES Client Domain in a JRF Environment
To create the OES Client domain with JRF, complete the following steps:
The Fusion Middleware Configuration Wizard appears after you invoke the Security Module configuration tool.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server WebLogic Security Module On JRF - 11.1.1.0 [oesclient] option. Click Next.
Note:
Ensure that you do not select the domain template Oracle Entitlements Server for Admin Server - 11.1.1.0 [IAM_HOME] which is associated with the Oracle Entitlements Server Administration Server.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic
. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Administration Server and Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store options. Click Next.
Optional: Configure the following Administration Server parameters:
Name: Valid server names are a string of characters (alphabetic and numeric). The name must be unique in the domain. For example, AdminServer
.
Listen address: From the drop-down list, select a value for the listen address. See Specifying the Listen Address for information about the available values.
Listen port—Enter a valid value for the listen port to be used for regular, nonsecure requests (through protocols such as HTTP and T3). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7001
.
Note:
Ensure that the value for the listen port is different from the listen port of the other Oracle Identity and Access Management components. For more information, see "Managing Ports" in the Oracle Fusion Middleware Administrator's Guide.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7002
.
Note:
After you specify the SSL listen port value, you must update the oracle.security.jps.pd.clientPort
property in the smconfig.wls.controlled.prp
file or smconfig.prp
file with the SSL listen port value. You must then run the smconfig
tool for Oracle WebLogic Server Security Module and set the Administration Server SSL port to the port specified in oracle.security.jps.pd.clientPort
.
Optional: Configure Managed Servers, as required.
In the Configure Managed Servers screen, click Add and create two Managed Servers. Enter the following information:
Name: Enter OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen address: From the drop-down list, select a value for the listen address for OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen port—Enter a valid value for the listen port to be used for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S) for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use the ping
command to verify whether the machine or host name is accessible.
Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
After configuring OES Client domain in a JRF environment, you must set up a connection to Oracle Database.
Setting Up Connection to Oracle Database
For setting up connection to Oracle Database, complete the following steps:
Create a JDBC Data Source using the WebLogic Server Administration Console. For more information, see "Create JDBC generic data sources" topic in the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help document, available at the following link:
Open the jps-config.xml
file located in <OES_DOMAIN_HOME>
/config/oeswlssmconfig
directory (on UNIX), or <OES_DOMAIN_HOME>
\config\oeswlssmconfig
directory (on Windows).
Locate pdp.service
and replace the existing jdbc.url
property with the following property:
<property value="jdbc/APMDBDS" name="datasource.jndi.name"/>
Note:
jdbc/APMDBDS
is the name of the JDBC datasource used for the OES.
Delete the following properties:
jdbc.driver
jdbc.url
bootstrap.security.principal.key
bootstrap.security.principal.map
Save the jps-config.xml
file.
To create a Web Service Security Module instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
for UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
for Windows) as follows:
config.sh -smType ws -smConfigId mySM_Ws -serverPort 9410
In controlled push mode, when prompted, specify the Oracle Entitlements Server Administration Server user name, Oracle Entitlements Server Administration Server password, and a new key store password for enrollment.
In non-controlled and controlled-pull distribution modes when prompted, specify the Oracle Entitlements Server schema user name and password.
Table 8-7 describes the parameters you specify on the command line.
Table 8-7 Web Service Security Module Parameter
Parameters | Description |
---|---|
|
Type of security module instance you want to create. For Web Service security module, the value for this parameter should be |
|
Name of the security module instance. For example, |
|
The web service listening port. For example, |
Note:
Controlled-push distribution is the default distribution mode for Web Service Security Module.
This command also creates client configuration for Webservice Security Module Instance.
To create a Web Service Security Module instance on Oracle WebLogic Server, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
for UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
for Windows) as follows:
config.sh -onJRF -smType ws -onWLS -smConfigId mySM_WsOnWLS -serverLocation <WebLogic_server_Home> -serverPort <WebLogic_server_port> -pdServer <oes_server_address> -pdPort <oes_server_ssl_port> -serverUserName <username> -serverPassword <password>
Note:
If you are using a non-JRF environment, do not specify the -onJRF
parameter.
In controlled push mode, when prompted, specify the Oracle Entitlements Server Administration Server user name, Oracle Entitlements Server Administration Server password, and a new key store password for enrollment.
In non-controlled and controlled-pull distribution modes when prompted, specify the Oracle Entitlements Server schema user name and password.
Table 8-8 describes the parameters you specify on the command line.
Table 8-8 Parameters for Web Service Security Module on Oracle WebLogic Server
Parameters | Description |
---|---|
|
Type of security module instance you want to create. For Web Service security module, the value for this parameter should be |
|
Name of the security module instance. For example, |
|
The address of the Oracle Entitlements Server Administration Server. |
|
The SSL port of the Oracle Entitlements Server Administration Server. For example, 7002. |
|
Location of the Oracle WebLogic Server. |
|
Specify the Oracle WebLogic Administration Server port. |
|
Specify the Oracle WebLogic Server Administration username. For example: |
|
Specify the Oracle WebLogic Server Administration password. |
Note:
Controlled-push distribution is the default distribution mode for Web Service Security Module on Oracle WebLogic Server in a non-JRF environment.
Non-controlled distribution is the default distribution mode for Web Service Security Module on Oracle WebLogic Server in a JRF environment.
This command also creates client configuration for Webservice Security Module Instance on Oracle WebLogic Server.
The Configuration Wizard is displayed. You can create an OES Client domain with Web Service on Oracle WebLogic Server in a JRF environment and Web Service on Oracle WebLogic Server in a non-JRF environment. Depending on the option you select complete one of the following:
Configuring Web Service on Oracle WebLogic Server Domain in a Non-JRF Environment
Configuring Web Service on Oracle WebLogic Server Domain in a JRF Environment
Configuring Web Service on Oracle WebLogic Server Domain in a Non-JRF Environment
To create a Web Service on Oracle WebLogic Server domain in a Non-JRF environment, complete the following steps:
The Fusion Middleware Configuration Wizard appears after you invoke the Security Module configuration tool.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server Web Service Security Module on Weblogic- 11.1.1.0 [oesclient] option. Click Next.
Note:
Ensure that you do not select the domain template Oracle Entitlements Server for Admin Server - 11.1.1.0 [IAM_HOME] which is associated with the Oracle Entitlements Server Administration Server.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic
. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Administration Server and Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store options. Click Next.
Optional: Configure the following Administration Server parameters:
Name: Valid server names are a string of characters (alphabetic and numeric). The name must be unique in the domain. For example, AdminServer
.
Listen address: From the drop-down list, select a value for the listen address. See Specifying the Listen Address for information about the available values.
Listen port—Enter a valid value for the listen port to be used for regular, nonsecure requests (through protocols such as HTTP and T3). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7001
.
Note:
Ensure that the value for the listen port is different from the listen port of the other Oracle Identity and Access Management components. For more information, see "Managing Ports" in the Oracle Fusion Middleware Administrator's Guide.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7002
.
Note:
After you specify the SSL listen port value, you must update the oracle.security.jps.pd.clientPort
property in the smconfig.wls.controlled.prp
file or smconfig.prp
file with the SSL listen port value. You must then run the smconfig
tool for Oracle WebLogic Server Security Module and set the Administration Server SSL port to the port specified in oracle.security.jps.pd.clientPort
.
Optional: Configure Managed Servers, as required.
In the Configure Managed Servers screen, click Add and create two Managed Servers. Enter the following information:
Name: Enter OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen address: From the drop-down list, select a value for the listen address for OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen port—Enter a valid value for the listen port to be used for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S) for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use the ping
command to verify whether the machine or host name is accessible.
Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
Configuring Web Service on Oracle WebLogic Server Domain in a JRF Environment
To create the Web Service on Oracle WebLogic Server domain in a JRF environment, complete the following steps:
The Fusion Middleware Configuration Wizard appears after you invoke the Security Module configuration tool.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server Web Service Security Module on Weblogic and JRF- 11.1.1.0 [oesclient] option. Click Next.
Note:
Ensure that you do not select the domain template Oracle Entitlements Server for Admin Server - 11.1.1.0 [IAM_HOME] which is associated with the Oracle Entitlements Server Administration Server.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic
. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Administration Server and Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store options. Click Next.
Optional: Configure the following Administration Server parameters:
Name: Valid server names are a string of characters (alphabetic and numeric). The name must be unique in the domain. For example, AdminServer
.
Listen address: From the drop-down list, select a value for the listen address. See Specifying the Listen Address for information about the available values.
Listen port—Enter a valid value for the listen port to be used for regular, nonsecure requests (through protocols such as HTTP and T3). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7001
.
Note:
Ensure that the value for the listen port is different from the listen port of the other Oracle Identity and Access Management components. For more information, see "Managing Ports" in the Oracle Fusion Middleware Administrator's Guide.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7002
.
Note:
After you specify the SSL listen port value, you must update the oracle.security.jps.pd.clientPort
property in the smconfig.wls.controlled.prp
file or smconfig.prp
file with the SSL listen port value. You must then run the smconfig
tool for Oracle WebLogic Server Security Module and set the Administration Server SSL port to the port specified in oracle.security.jps.pd.clientPort
.
Optional: Configure Managed Servers, as required.
In the Configure Managed Servers screen, click Add and create two Managed Servers. Enter the following information:
Name: Enter OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen address: From the drop-down list, select a value for the listen address for OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen port—Enter a valid value for the listen port to be used for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S) for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use the ping
command to verify whether the machine or host name is accessible.
Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
After configuring Web Service on Oracle WebLogic Server domain in a JRF environment, you must set up a connection to Oracle Database.
Setting Up Connection to Oracle Database
For setting up connection to Oracle Database, complete the following steps:
Create a JDBC Data Source using the WebLogic Server Administration Console. For more information, see "Create JDBC generic data sources" topic in the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help document, available at the following link:
Open the jps-config.xml
file located in <OES_DOMAIN_HOME>
/config/oeswlssmconfig
directory (on UNIX), or <OES_DOMAIN_HOME>
\config\oeswlssmconfig
directory (on Windows).
Locate pdp.service
and replace the existing jdbc.url
property with the following property:
<property value="jdbc/APMDBDS" name="datasource.jndi.name"/>
Note:
jdbc/APMDBDS
is the name of the JDBC datasource used for the OES.
Delete the following properties:
jdbc.driver
jdbc.url
bootstrap.security.principal.key
bootstrap.security.principal.map
Save the jps-config.xml
file.
To create a Oracle Service Bus Security Module instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh -onJRF -smType wls -smConfigId myosb_WLS -serverLocation <server_location>
Table 8-9 Oracle Service Bus Security Module Parameters
Parameter | Description |
---|---|
|
Type of security module instance you want to create. For example, |
|
Name of the security module instance. For example, |
|
The location of Oracle WebLogic Server. |
Note:
Non-controlled distribution is the default distribution mode for Oracle Service Bus Security Module.
The Configuration Wizard is displayed. You can create an OES Client domain with Oracle Service Bus environment as follows:
The Fusion Middleware Configuration Wizard appears after you invoke the Security Module configuration tool.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server Security Module On Service Bus - 11.1.1.0 [OESCLIENT] option. Click Next.
Note:
Ensure that you do not select the domain template Oracle Entitlements Server for Admin Server - 11.1.1.0 [IAM_HOME] which is associated with the Oracle Entitlements Server Administration Server.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic
. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Administration Server and Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store options. Click Next.
Optional: Configure the following Administration Server parameters:
Name: Valid server names are a string of characters (alphabetic and numeric). The name must be unique in the domain. For example, AdminServer
.
Listen address: From the drop-down list, select a value for the listen address. See Specifying the Listen Address for information about the available values.
Listen port—Enter a valid value for the listen port to be used for regular, nonsecure requests (through protocols such as HTTP and T3). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7001
.
Note:
Ensure that the value for the listen port is different from the listen port of the other Oracle Identity and Access Management components. For more information, see "Managing Ports" in the Oracle Fusion Middleware Administrator's Guide.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7002
.
Note:
After you specify the SSL listen port value, you must update the oracle.security.jps.pd.clientPort
property in the smconfig.wls.controlled.prp
file or smconfig.prp
file with the SSL listen port value. You must then run the smconfig
tool for Oracle WebLogic Server Security Module and set the Administration Server SSL port to the port specified in oracle.security.jps.pd.clientPort
.
Optional: Configure Managed Servers, as required.
In the Configure Managed Servers screen, click Add and create two Managed Servers. Enter the following information:
Name: Enter OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen address: From the drop-down list, select a value for the listen address for OES_ManagedServer_1
and OES_ManagedServer_2
.
Listen port—Enter a valid value for the listen port to be used for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S) for OES_ManagedServer_1
and OES_ManagedServer_2
. The default value is the next available listen port. If you leave this field blank, the default value is used. The valid listen port range is 1 to 65535.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use the ping
command to verify whether the machine or host name is accessible.
Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
After configuring Oracle Service Bus Security Module in a JRF environment, you must set up a connection to Oracle Database.
Setting Up Connection to Oracle Database
For setting up connection to Oracle Database, complete the following steps:
Create a JDBC Data Source using the WebLogic Server Administration Console. For more information, see "Create JDBC generic data sources" topic in the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help document, available at the following link:
Open the jps-config.xml
file located in <OES_DOMAIN_HOME>
/config/oeswlssmconfig
directory (on UNIX), or <OES_DOMAIN_HOME>
\config\oeswlssmconfig
directory (on Windows).
Locate pdp.service
and replace the existing jdbc.url
property with the following property:
<property value="jdbc/APMDBDS" name="datasource.jndi.name"/>
Note:
jdbc/APMDBDS
is the name of the JDBC datasource used for the OES.
Delete the following properties:
jdbc.driver
jdbc.url
bootstrap.security.principal.key
bootstrap.security.principal.map
Save the jps-config.xml
file.
Configuring Authorization Provider
You must configure an Authorization provider. For information about configuring an Authorization provider, see "Configure Authorization providers" topic in the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help document, available at the following link:
Configuring Role Mapping Provider
You must configure a Role Mapping provider. For information about configuring a Role Mapping provider, see "Configure Role Mapping providers" topic in the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help document, available at the following link:
You can configure WebSphere in a JRF environment, and WebSphere in a non-JRF environment. Depending on the option you select complete one of the following:
To configure WebSphere Security Module in a non-JRF environment, complete the following steps:
Create a new application server using the IBM WebSphere console and name it OesServer
.
Start the Oracle Entitlements Server (OesServer) you created for IBM WebSphere.
Open the smconfig.prp
file in a text editor and specify the pd client port and the pd app client context. The pd client port number is the SSL port number of the IBM WebSphere application server and pd app client contex is the location where the was-client.jar is deployed. For example:
oracle.security.jps.pd.was.client.appcontext=pd-client oracle.security.jps.pd.clientPort=8002
Run the config.sh
command as follows:
$OES_CLIENT_HOME/oessm/bin/config.sh -smType was -smConfigId mySM_WAS -serverLocation WAS_HOME
WAS_HOME
is the location of the IBM WebSphere Application Server.
For any distribution mode you choose, you must specify the IBM WebSphere server user name and password, when prompted.
In controlled push mode, you will be prompted for Oracle Entitlements Server Administration Server user name, Oracle Entitlements Server Administration Server password, and a new key store password for enrollment.
In non-controlled and controlled-pull modes, you will be prompted for Oracle Entitlements Server schema user name and password.
Table 8-10 describes the parameters you specify on the command line.
Table 8-10 IBM WebSphere Security Module Parameter
Parameter | Description |
---|---|
|
Type of security module instance you want to create. For example, |
|
Name of the security module instance. For example, |
|
Location of the IBM WebSphere Server. |
Note:
Controlled-push distribution is the default distribution mode for IBM WebSphere Security Module a non-JRF environment.
Configure SSL for the IBM WebSphere application server as follows:
Import the Oracle WebLogic Server demo trust certificate into IBM WebSphere node default trust keystore and cell default trust keystore by using keytool to export WLS demo trust certificate from WLS demo trust keystore file, or OES trust.jks
file into a .der
, as shown in the following example:
keytool -exportcert -keystore $OES_CLIENT_HOME/oessm/enroll/DemoTrust.jks -alias wlscertgencab -file ~/was.der
Import the was.der
file into WAS node default trust keystore and cell default trust keystore. as follows:
You may find the import in IBM WebSphere Administration Server console:
security->SSL certificate and key management -> Key stores and certificates -> <NodeDefaultTrustStore> <CellDefaultTrustStore> (here you need to choose one name) -> Signer certificates.
Click Add.
Enter an alias. For example, WLS.
Choose the .der
file that you exported earlier, and select data type as DER.
Import the issued private key into the IBM WebSphere node default keystore as follows:
You may find the import in IBM WebSphere Administration Server console:
security->SSL certificate and key management -> Key stores and certificates -> NodeDefaultKeyStore -> Personal certificates.
Click Import.
Select Keystore and enter the path to the keystore file (located in OES_CLIENT_HOME/oes_sm_instances/mySM_WAS/security/identity.jks
)
Select JKS as type and enter the password you used to create the keystore file.
The certificate alias name is the same name as the hostname.
Note:
You must import demo trust certificate into two trust stores for the WAS ND edition. For the private key, you must import one keystore.
Enable Inbound SSL for the server running IBM WebSphere Security Module as follows:
In the IBM WebSphere administration console, go to Security >SSL certificate and key management -> Manage endpoint security configurations.
Expand inbound tree to get:Inbound->DefaultCell(CellDefaultSSLSettings) -> nodes -> DefaultCellFederatedNode -> servers -> <server name running IBM WebSphere Security Module> and select the server.
In the General Properties page, select Override inherited values.
From the SSL configuration list, select NodeDefaultSSLSettings.
Click Update certificate alias list button and then choose the new imported private key alias in the Certificate alias in key store list.
Click Apply.
Enable Out bound SSL for the server running IBM WebSphere Security Module, follows:
In the IBM WebSphere administration console, go to Security >SSL certificate and key management -> Manage endpoint security configurations.
Expand inbound tree to get:Outbound->DefaultCell(CellDefaultSSLSettings) -> nodes -> DefaultCellFederatedNode -> servers -> <server name running IBM WebSphere Security Module> and select the server.
In the General Properties page, select Override inherited values.
From the SSL configuration list, select NodeDefaultSSLSettings.
Click Update certificate alias list and choose the new imported private key alias in the Certificate alias in key store list.
Click Apply.
To configure WebSphere Security Module in a JRF environment, complete the following steps:
Configure IBM WebSphere Application Server, as described in Oracle Fusion Middleware Configuration Guide for IBM WebSphere Application Server available at the following link:
http://docs.oracle.com/cd/E21764_01/web.1111/e17764/toc.htm
Note:
In the Add Products to Cell screen, ensure that you select Oracle JRF for WebSphere - 11.1.1.0 [oracle_common]
Run the config.sh
command as follows:
$OES_CLIENT_HOME/oessm/bin/config.sh -smType was -smConfigId mySM_WAS -onJRF -conntype SOAP -host <websphere_host> -port <websphere_port> -user <username> -password <password> -serverLocation WAS_HOME
WAS_HOME
is the location of the IBM WebSphere Application Server.
For any distribution mode you choose, you must specify the IBM WebSphere server user name and password, when prompted.
In controlled push mode, you will be prompted for Oracle Entitlements Server Administration Server user name, Oracle Entitlements Server Administration Server password, and a new key store password for enrollment.
In non-controlled and controlled-pull modes, you will be prompted for Oracle Entitlements Server schema user name and password.
Table 8-10 describes the parameters you specify on the command line.
Table 8-11 IBM WebSphere Security Module Parameter
Parameter | Description |
---|---|
|
Type of security module instance you want to create. For example, |
|
Name of the security module instance. For example, |
|
Location of the IBM WebSphere Server. |
|
Specify the WebSphere host name. |
|
Specify the WebSphere Node Manager port. For example: |
|
Specify the WebSphere username. For example: |
|
Specify the WebSphere password. |
Note:
Non-controlled distribution is the default distribution mode for IBM WebSphere Security Module in a JRF environment.
After configuring WebSphere Security Module in a JRF environment, you must set up a connection to Oracle Database.
Setting Up Connection to Oracle Database
For setting up connection to Oracle Database, complete the following steps:
Create a JDBC Data Source using the WebLogic Server Administration Console. For more information, see "Create JDBC generic data sources" topic in the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help document, available at the following link:
Open the jps-config.xml
file located in <OES_DOMAIN_HOME>
/config/oeswlssmconfig
directory (on UNIX), or <OES_DOMAIN_HOME>
\config\oeswlssmconfig
directory (on Windows).
Locate pdp.service
and replace the existing jdbc.url
property with the following property:
<property value="jdbc/APMDBDS" name="datasource.jndi.name"/>
Note:
jdbc/APMDBDS
is the name of the JDBC datasource used for the OES.
Delete the following properties:
jdbc.driver
jdbc.url
bootstrap.security.principal.key
bootstrap.security.principal.map
Save the jps-config.xml
file.
To create a JBoss Security Module instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh -smType jboss -smConfigId mySM_JBOSS -serverLocation <middleware>/jbosslocation/
Table 8-12 JBoss Security Module Parameters
Parameter | Description |
---|---|
|
Type of security module instance you want to create. For example, |
|
Name of the security module instance. For example, |
|
The location of JBoss Application Server. |
Note:
Controlled-push distribution is the default distribution mode for JBoss Security Module.
To make controlled-push mode work, you must login to WebLogic Administration console and go to Environment>Servers>AdminServer>SSL. The Settings for AdminServer page is displayed. Click on Advanced tab and select Use Server Certs.
To create a Apache Tomcat Security Module instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
config.sh -smType tomcat -smConfigId my_tomcat_sm_push pdServer <oes_server_address> -pdPort <oes_server_port> -sslPort <oes_server_ssl_port> -serverLocation <apache-tomcat Home> -jaxwsRIHome <jaxwsRI_Home> -serverUserName <username> -serverPassword <password>
Table 8-13 Apache Tomcat Security Module Parameters
Parameter | Description |
---|---|
|
Type of security module instance you want to create. For example, |
|
Name of the security module instance. For example, |
|
The address of the Oracle Entitlements Server Administration Server. |
|
The port number of the Oracle Entitlements Server Administration Server. For example, |
|
The SSL port number of the Oracle Entitlements Server Administration Server. For example, |
|
The location of Apache Tomcat Server. |
|
The location of JAXWS-RI Note: JAXWS support is required in controlled-push mode. Apache Tomcat does not have JAXWS support by default. You can download JAXWS-RI from the following location: |
|
Specify the Oracle WebLogic Server Administration username. For example: |
|
Specify the Oracle WebLogic Server Administration password. |
Note:
Controlled-push distribution is the default distribution mode for Apache Tomcat Security Module.
To make controlled-push mode work, you must login to WebLogic Administration console and go to Environment>Servers>AdminServer>SSL. The Settings for AdminServer page is displayed. Click on Advanced tab and select Use Server Certs.
To create a Java Security Module instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as follows:
Note:
If you are using Java Security Module in the proxy mode with Web Service Security Module or RMI Security Module, then you must use oes-ws-client.jar
or oes-rmi-client.jar
and ensure that you do not use oes-client.jar
.
config.sh -smType java -smConfigId mySM_Java
In controlled push mode, you will be prompted for the Oracle Entitlements Server Administration Server username, password, and a new key store password for enrollment.
In non-controlled and controlled pull modes, you will be prompted for Oracle Entitlements Server schema username, and Password.
Table 8-14 describes the parameters you specify on the command line.
Table 8-14 JSE Security Module Parameters
Parameter | Description |
---|---|
|
Type of security module instance you want to create. For example, |
|
Name of the security module instance. For example, |
Note:
Controlled-push distribution is the default distribution mode for JSE Security Module.
The Java Security Module Instance is created at OES_CLIENT_HOME/oes_sm_instances/mySM_java
. If you use the default values described in Table 8-14.
To configure a RMI Security Module Instance, you must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
for UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
for Windows) as follows:
config.sh -smType rmi -smConfigId mySM_Rmi -serverPort 9405
In controlled push mode, when prompted, specify the Oracle Entitlements Server Administration Server user name, Oracle Entitlements Server Administration Server password, and a new key store password for enrollment.
In non-controlled and controlled-pull distribution modes when prompter specify the Oracle Entitlements Server schema username and password.
Table 8-15 describes the parameters you specify on the command line.
Table 8-15 RMI Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
The RMI listening port. For example, |
Note:
Controlled-push distribution is the default distribution mode for RMI Security Module.
This command also creates client configuration for the RMI Security Module Instance.
This section includes the following topics:
Before configuring .NET Security Module, you must complete the following steps:
Open the dotnetsm_config.properties
file (located in <MW_Home>\as_1\oessm\dotnetsm\configtool
) and update the following information:
application.config.file: Specify the path of the configuration file based on the type of .Net application. For example: app.config
or web.config
application.log4NetXmlfile: Specify the location of log4net.xml
configuration file. If you do not have an existing logging configuration file specify the default location (OES_CLIENT_HOME/oessm/dotnetsm/logging/log4Net.xml
).
wssm.smurl: Specify the OES webservice uri exposed through the WSSM in the following format:
http://<host>:<port>/Ssmws
gac.utility: Specify the Microsoft .NET Framework Global Assembly Cache Utility Location. You can define the following operations:
config
: If you select this option, then SMconfig tool registers OES-PEP.dll
and log4NET.dll
in GAC Utility.
remove
: If you select this option, then SMconfig tool removes the DLL from the GAC util and removes the configuration parameters from application.config.file
.
You can configure .NET Security Module in the following scenarios:
Scenario 1: .NET and Web Service on a Single Machine
If .NET and Web Service are installed on a single machine, the following configurations are possible:
Configuring .NET Security Module and Web Service Security Module
Perform the configuration in this scenario if .NET and Web Service are installed on a single machine, and you want to configure .NET Security Module and Web Service Security Module.
Run the config.cmd
located in OES_CLIENT_HOME\oessm\bin
directory (on Windows), as follows:
config.cmd -smType dotnetws -prpFileName <ws_config> –dotnetprpFileName <dotnetsm_config> -smConfigId myDotnet –pdServer <oes_server_address> -pdPort <oes_server_ssl_port> -WSListeningPort 9410
Table 8-16 describes the parameters you specify on the command line.
Table 8-16 .NET Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
Specify the path to the |
|
Specify the path to the |
|
The address of the Oracle Entitlements Server Administration Server. |
|
The port number of the Oracle Entitlements Server Administration Server. For example, |
|
The web service listening port. For example, |
This command also creates client configuration for the .NET Security Module Instance.
Configuring .NET Security Module
Perform the configuration in this scenario if .NET and Web Service are installed on a single machine, and Web Service Security Module is already configured.
Before you configure a .NET Security Module instance using the command mentioned below, ensure that you have configured the Web Service Security Module, as described in Configuring Web Service Security Module on Oracle WebLogic Server.
Run the config.cmd
(located in OES_CLIENT_HOME\oessm\bin)
for Windows as follows:
config.cmd -smType dotnet -smConfigId myDotnet -prpFileName <ws_config> –dotnetprpFileName <dotnetsm_config>
Table 8-18 describes the parameters you specify on the command line.
Table 8-17 .NET Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
Specify the path to the |
|
Specify the path to the |
This command also creates client configuration for the .NET Security Module Instance.
Scenario 2: .NET and Web Service on Different Machines
Perform the configuration in this scenario if .NET and Web Service are installed on different machines.
Before you configure a .NET Security Module instance using the command mentioned below, ensure that you have configured the Web Service Security Module, as described in Configuring Web Service Security Module on Oracle WebLogic Server.
Run the config.cmd
(located in OES_CLIENT_HOME\oessm\bin)
for Windows as follows:
config.cmd -smType dotnet -smConfigId myDotnet -prpFileName <ws_config> –dotnetprpFileName <dotnetsm_config>
Table 8-18 describes the parameters you specify on the command line.
Table 8-18 .NET Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
Specify the path to the |
|
Specify the path to the |
This command also creates client configuration for the .NET Security Module Instance.
This section includes the following topics:
Before configuring a MOSS Security Module instance, you must ensure the following:
Microsoft SharePoint Server (MOSS) is installed on your machine.
The MOSS Web Application, associated with site collections and other resources to be protected by OES MOSS Security Module has been created.
You can configure MOSS Security Module in the following scenarios:
Scenario 1: MOSS and Web Service on a Single Machine
If MOSS and Web Service are installed on a single machine, the following configurations are possible:
Configuring MOSS Security Module and Web Service Security Module
Perform the configuration in this scenario if MOSS and Web Service are installed on a single machine, and you want to configure MOSS Security Module and Web Service Security Module.
Run the config.cmd
file located in OES_CLIENT_HOME\oessm\bin
directory (on Windows), as follows:
config.cmd -smType mossws –prpFileName <ws_config> –mossprpFileName <moss_config> -smConfigId myMoss –pdServer <oes_server_address> -pdPort <oes_server_ssl_port> -WSListeningPort 9410
Table 8-19 describes the parameters you specify on the command line.
Table 8-19 MOSS Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
Specify the path to the |
|
Specify the path to the |
|
The address of the Oracle Entitlements Server Administration Server. |
|
The port number of the Oracle Entitlements Server Administration Server. For example, |
|
The web service listening port. For example, |
This command also creates client configuration for the MOSS Security Module Instance.
Configuring MOSS Security Module
Perform the configuration in this scenario if MOSS and Web Service are installed on a single machine, and Web Service Security Module is already configured.
Before you configure a MOSS Security Module instance using the command mentioned below, ensure that you have configured the Web Service Security Module, as described in Configuring Web Service Security Module on Oracle WebLogic Server.
Run the config.cmd
file located in OES_CLIENT_HOME\oessm\bin
directory (on Windows), as follows:
config.cmd -smType moss -smConfigId myMoss -prpFileName <ws_config> –mossprpFileName <moss_config>
Table 8-21 describes the parameters you specify on the command line.
Table 8-20 MOSS Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
Specify the path to the |
|
Specify the path to the |
This command also creates client configuration for the MOSS Security Module Instance.
Scenario 2: MOSS and Web Service on Different Machines
Perform the configuration in this scenario if MOSS and Web Service are installed on different machines.
Before you configure a MOSS Security Module instance using the command mentioned below, ensure that you have configured the Web Service Security Module, as described in Configuring Web Service Security Module on Oracle WebLogic Server.
Run the config.cmd
file located in OES_CLIENT_HOME\oessm\bin
directory (on Windows), as follows:
config.cmd -smType moss -smConfigId myMoss -prpFileName <ws_config> –mossprpFileName <moss_config>
Table 8-21 describes the parameters you specify on the command line.
Table 8-21 MOSS Security Module Parameters
Parameter | Description |
---|---|
|
The type of security module instance you want to create. For example, |
|
The name of the security module instance. For example, |
|
Specify the path to the |
|
Specify the path to the |
This command also creates client configuration for the MOSS Security Module Instance.
You must run the Resource Discovery tool to locate the MOSS resources.
Run the MOSSResourceDiscovery.exe
file, located in <OES_CLIENT_HOME/oessm/mosssm/lib
directory (on Windows). You will be prompted for the following parameters:
Enter the folder path where you want to create OES policy file - Specify the path of the folder where the resource files will be created. Note that the directory used for storing the exported resources must be created beforehand.
Enter Path where Admin Url file is located - Specify the path to <OES_CLIENT_HOME/oessm/mosssm/adm/discovery/AdmUrls.txt
file. This file is used to extract the admin URLs.
Enter SharePoint site URL and DONOT append url with /. e.g. http://sharepoint01 - Specify the URL of the top level MOSS sites to be protected by OES.
Enter Application Name of the MOSS application to be protected by OES e.g. MossApp - Specify the name of the MOSS application to be protected by OES.
Note:
Ensure that the MOSS application name that you provide is same as the value defined for moss.app.name
parameter in moss_config.properties
file.
Enter Resource Type of all the MOSS resources e.g. MossResourceType - Specify the resource type of all the MOSS resources to be protected by OES.
Note:
Ensure that the MOSS resource type that you provide is same as the value defined for moss.resource.type
parameter in moss_config.properties
file.
Following is a sample execution of MOSSResourceDiscovery.exe
file:
C:\Oracle\Middleware\Oracle_OESClient\oessm\mosssm\lib>MOSSResourceDiscovery.exe ---------------------------------------------------------- Welcome to the MOSS Resource Discovery ---------------------------------------------------------- Enter the folder path where you want to create OES policy file c:\inetpub\wwwroot\wss\VirtualDirectories\9581\policy Enter Path where Admin Url file is located C:\Oracle\Middleware\Oracle_OESClient\oessm\mosssm\adm\Discovery\AdmUrls.txt Enter SharePoint site URL and DONOT append url with /. e.g. http://sharepoint01 http://alesw2k8:9581 Enter Application Name of the MOSS application to be protected by OES e.g. MossApp MossApp Enter Resource Type of all the MOSS resources e.g. MossResourceType MossResourceType Resource Discovery starts.... SpSitePath is http://alesw2k8:9581
To migrate the MOSS resource policies to OES policy store, complete the following steps:
Go to OES_CLIENT_HOME/oessm/bin
directory (on Windows), or OES_CLIENT_HOME\oessm\bin
directory (on UNIX)
Run the manage-policy.cmd
file (on Windows), or manage-policy.sh
file (on UNIX)
Following is a sample execution of manage-policy.cmd
file:
C:\Oracle\Middleware\Oracle_OESClient\oessm\bin>manage-policy.cmd Please input the application name for the protected MOSS application e.g MossApp: MossApp Input the resource type for the MOSS resources e.g MossResourceType: MossResourceType Input the Moss resource file: c:\inetpub\wwwroot\wss\VirtualDirectories\9581\policy\object Creating resource: /_layouts
The Oracle Entitlements Server security module instances are created in the OES_CLIENT_HOME/oes_sm_instances
. directory.
For Oracle WebLogic Server security module, the domain configuration is located in DOMAIN_HOME/config/oeswlssmconfig
.
You can create, delete, or modify the security module instances, as required.
After configuring Java Security Module for your program, you must start the Java Security module for your program by completing the following:
Set a new Java System Property -Doracle.security.jps.config
and specify the location of the jps-config.xml
file (located in OES_CLIENT_HOME/oes_sm_instances/<SM_NAME>/config
) as the value.
Enter oes-client.jar
(located in OES_CLIENT_HOME/modules/oracle.oes_sm.1.1.1
) into the classpath of the program.
You can configure a PDP Proxy Client for your web service Security Module or RMI Security Module, as described in Table 8-22:
Table 8-22 PDP Proxy Client Security Module Parameters
Parameter | Description |
---|---|
o |
Specify |
|
Specify Web Service ( |
|
Specify |
You must run the config.sh
(located in OES_CLIENT_HOME/oessm/bin
on UNIX) or config.cmd
(located in OES_CLIENT_HOME\oessm\bin
on Windows) as shown in the following example:
For Java Security Module:
OES_CLIENT_HOME/oessm/bin/config.sh -smType <SM_TYPE> -smConfigId <SM_NAME>
The SM_TYPE
can be java
, wls
, or was
. and for SM_NAME
enter an appropriate name.
After installing Oracle Entitlements Server, refer to the following documents: