The Oracle Entitlements Server 11.1.2.2 Oracle Service Bus (OSB) Security Module supports an OSB (10.3.6) domain, but if you want to use an OSB 12c domain and you also want to use the OSB Security Module from OES 11.1.2.2 in the 12c OSB domain, follow the instructions in this appendix.
This appendix provides information on configuring the OSB 12c domain to take use of the OSB Security Module from OES 11.1.2.2.
To set up the Oracle Service Bus (OSB) 12.1.3 domain to take use of an OSB Security Module from Oracle Entitlements Server 11g R2 PS2, proceed as follows:
Create the standard Oracle Service Bus (OSB) domain.
See "Configuring Your Oracle Service Bus Domain" in Oracle Fusion Middleware Installing and Configuring Oracle Service Bus.
Reassociate the OSB 12c domain from the 12c policy store to the 11g R2 PS2 (11.1.2.2) policy store.
Navigate to the MW_HOME
/oracle_common/common/bin
directory by running the following command on the command line:
cd MW_HOME/oracle_common/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST
):
./wlst.sh
Use the Oracle Platform Security Services (OPSS) script exportEncryptionKey
to extract the encryption key from the Oracle Entitlements Server 11g R2 PS2 (11.1.2.2) domain and export it into the ewallet.p12
file.
At the WLST prompt, run the following command:
exportEncryptionKey(jpsConfigFile="/r2ps2/user_projects/domains/oes11gr2p2_domain/config/fmwconfig/jps-config.xml",keyFilePath="/tmp/key",keyFilePassword="password");
where
jpsConfigFile
is the location of the file jps-config.xml
relative to the location where the script is run.
keyFilePath
is the path where you want to export the encryption key; note that the content of file is encrypted and secured by the value passed to keyFilePassword
.
keyFilePassword
is the password to secure the encryption key; note that this same password must be used when importing that file.
Start the OSB 12.1.3 Administration Server and create a data source (jdbc/opssds
) and target this data source to the Administration and Managed Servers of the OSB 12.1.3 domain. Make sure that the data source points to the OES Administration Server policy store.
For details on creating a JDBC data source, refer to "Create JDBC generic data sources" in the Oracle Fusion Middleware Administering Oracle WebLogic Server with Fusion Middleware Control.
Navigate to the MW_HOME
/oracle_common/common/bin
directory by running the following command on the command line:
cd MW_HOME/oracle_common/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST
):
./wlst.sh
Reassociate the security store by running the following command:
reassociateSecurityStore(domain="oes_domain", servertype="DB_ORACLE",jpsroot="cn=jpsroot",datasourcename="jdbc/opssds",jdbcurl="jdbc:oracle:thin:@host:1521:orcl",dbUser="R2PS2OSB_OPSS", dbPassword="db_password",jdbcdriver="oracle.jdbc.xa.client.OracleXADataSource",join="true",migrate="true", skip="true",keyFilePath="/tmp/key",keyFilePassword="password")
where
domain
is the oracle.security.jps.farm.name
value in the Oracle Entitlements Server Administration Server jps-config.xml
.
jpsroot
is the oracle.security.jps.ldap.root.name
value in the Oracle Entitlements Server Administration Server jps-config.xml
.
keyFilePath
is the path of the directory where the encryption key was exported. Use the same keyFilePath
that was used for the exportEncryptionKey
command.
keyFilePassword
is the password that secures the encrypted key. You must use the same password that was used for the exportEncryptionKey
command.
For details, refer to "Reassociating Domain Stores with the Command reassociateSecurityStore" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.
Copy the jps-atz-wls-proxyproviders.jar
file, which can be obtained from the 11g R2 PS2 (11.1.2.2) OES client, to the WebLogic 12c location:
WLS_HOME/wlserver/server/lib/mbeantypes
Restart all servers.
Configure the Authorization provider.
For details on configuring an Authorization provider, refer to "Configuring Authentication Providers" in the Oracle Fusion Middleware Administering Security for Oracle WebLogic Server.
Configure the Role Mapping provider.
For details on configuring a Role Mapping provider, refer to "Configuring a Role Mapping Provider" in the Oracle Fusion Middleware Administering Security for Oracle WebLogic Server.
Restart all servers including the Administration and Managed Servers.
To configure OSB security, perform the following steps:
Start the Oracle Service Bus Console by entering:
http://osb_domain_host:osb_admin_port/servicebus/
Create the OESAuthorizationProxy and OESRoleMapperProxy in the Oracle Service Bus Console under Realm.
Configure transport-level security as follows:
Navigate to the Proxy Service which you want to protect.
Click Configuration and then Transport Details.
Change Authentication to Basic.
Configure message-level security as follows:
Navigate to the Proxy Service which you want to protect.
Click Security and then Security Setting.
Change Custom Authentication to Custom User Name and Password.