This appendix provides a sample procedure for configuring the PDP Proxy Client for your Web Service Security Module.
Before you configuring the PDP Proxy Client for your Web Service Security Module, ensure that you have deployed a Web Service Security Module on a WebLogic Server domain. Your client application is another WebLogic Server deployed application. This client application needs to connect to the Web Service Security Module (PDP) for authorization decisions. You need to use a PDP proxy client to connect via a web service call to this Web Service Security Module (PDP). In this scenario, you create another WebLogic Server domain that is configured as a web service proxy Security Module. When the WebLogic Server domain application using this Security Module proxy instance makes OES PEP API calls, the proxy code manages making the associated web service calls to your web service domain for authorization decisions.
Complete the following steps to configure the PDP Proxy Client for your Web Service Security Module:
Configure properties in the smconfig.prp file by performing the following steps:
Navigate to the SMConfigTool folder.
$ cd $MW_HOME/oes_client/oessm/SMConfigTool
Copy the originally backed up smconfig.prp.bak file to a new file, for example, wls-wsproxy-smconfig.prp.
$ cp smconfig.prp.bak wls-wsproxy-smconfig.prp
Open the wls-wsproxy-smconfig.prp file in your preferred editor and set the properties shown in Table H-1, leaving all other properties at their existing values.
Table H-1 Properties for the smconfig File
| Property | Value |
|---|---|
|
|
non-controlled |
|
|
True |
|
|
WS |
|
|
Note: The port number is the listening port of the WebLogic Server. |
Save the wls-wsproxy-smconfig.prp file.
Navigate to the $OES_CLIENT_HOME/oessm/bin folder.
$ cd OES_CLIENT_HOME/oessm/bin
Perform the following steps to run the OES Configuration Wizard that creates the WLS WS proxy SM domain:
Execute the SM config tool using the following command:
$ ./config.sh -smConfigId yourSMConfigID -smType wls -serverLocation $MW_HOME/wlserver_10.3 -prpFileName ../SMConfigTool/wls-wsproxy-smconfig.prp
The Fusion Middleware Configuration Wizard appears after you invoke the Security Module configuration tool.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next.
The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.
Select the Oracle Entitlements Server WebLogic Security Module- 11.1.1.0 [oesclient] option. Click Next.
Note:
Ensure that you do not select the domain template Oracle Entitlements Server for Admin Server - 11.1.1.0 [IAM_HOME] which is associated with the Oracle Entitlements Server Administration Server.
The Specify Domain Name and Location screen appears.
Enter a name and a location for the domain to be created, and click Next.
The Configure Administrator User Name and Password screen appears.
Enter a user name and a password for the administrator. The default user name is weblogic. Click Next.
The Configure Server Start Mode and JDK screen appears.
Note:
When you enter the user name and the password for the administrator, be sure to remember them.
Choose a JDK from the Available JDKs and then select a WebLogic Domain Startup Mode. Click Next.
Note:
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
The Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, select Administration Server, and click Next.
Configure the following Administration Server parameters:
Name: Valid server names are a string of characters (alphabetic and numeric). The name must be unique in the domain. For example, AdminServer.
Listen address: From the drop-down list, select a value for the listen address. See Specifying the Listen Address for information about the available values.
Listen port—Enter a valid value for the listen port to be used for regular, nonsecure requests (through protocols such as HTTP and T3). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7001.
Note:
Ensure that the value for the listen port is different from the listen port of the other Oracle Identity and Access Management components. For more information, see "Managing Ports" in the Oracle Fusion Middleware Administrator's Guide.
SSL enabled—Select this check box to enable the SSL listen port. By default, SSL is disabled for all new servers.
SSL listen port—Enter a valid value to be used for secure requests (through protocols such as HTTPS and T3S). The default value is the next available listen port. If you leave this field blank, the default value is used. For example, 7002.
Note:
After you specify the SSL listen port value, you must update the oracle.security.jps.pd.clientPort property in the smconfig.wls.controlled.prp file or smconfig.prp file with the SSL listen port value. You must then run the smconfig tool for Oracle WebLogic Server Security Module and set the Administration Server SSL port to the port specified in oracle.security.jps.pd.clientPort.
On the Configuration Summary screen, review the domain configuration, and click Create to create the WebLogic Server Web Service proxy SM enabled domain.
On successful domain creation you may review the folder structure and files of the Web Service Security Module instance on Oracle WebLogic Server. The jps-config.xml configuration file for the Web Service Security Module instance on Oracle WebLogic Server is located in $DOMAIN_HOME/config/oeswlssmconfig/AdminServer.
The jps-config.xml file contains the configuration used for proxying PEP API web service based requests to your Web Service Security Module deployed on the other WebLogic domain.