D Configuring an Oracle Service Bus 12.1.3 Domain to Take Use of an OSB Security Module from OES 11.1.2.3

The Oracle Entitlements Server 11.1.2.3 Oracle Service Bus (OSB) Security Module supports an OSB (10.3.6) domain, but if you want to use an OSB 12c domain and you also want to use the OSB Security Module from OES 11.1.2.3 in the 12c OSB domain, follow the instructions in this appendix.

This appendix provides information on configuring the OSB 12c domain to take use of the OSB Security Module from OES 11.1.2.3.

D.1 Configuring an Oracle Service Bus 12.1.3 Domain to Take Use of an OSB Security Module from Oracle Entitlements Server 11.1.2.3

To set up the Oracle Service Bus (OSB) 12.1.3 domain to take use of an OSB Security Module from Oracle Entitlements Server 11g R2 PS3, proceed as follows:

1. Create the standard Oracle Service Bus (OSB) domain.

   See "Configuring Your Oracle Service Bus Domain" in Oracle Fusion Middleware Installing and Configuring Oracle Service Bus.

2. Reassociate the OSB 12c domain from the 12c policy store to the 11g R2 PS3 (11.1.2.3) policy store.

   1. Navigate to the MW_HOME /oracle_common/common/bin directory by running the following command on the command line:

      cd MW_HOME/oracle_common/common/bin
      

   2. Run the following command to launch the WebLogic Scripting Tool (WLST):

      ./wlst.sh
      

   3. Use the Oracle Platform Security Services (OPSS) script exportEncryptionKey to extract the encryption key from the Oracle Entitlements Server 11g R2 PS3 (11.1.2.3) domain and export it into the ewallet.p12 file.

      At the WLST prompt, run the following command:

      exportEncryptionKey(jpsConfigFile="/r2ps3/user_projects/domains/oes11gr2ps3_domain/config/fmwconfig/jps-config.xml",keyFilePath="/tmp/key",keyFilePassword="password");
      

      where

      jpsConfigFile is the location of the file jps-config.xml relative to the location where the script is run.

      keyFilePath is the path where you want to export the encryption key; note that the content of file is encrypted and secured by the value passed to keyFilePassword.

      keyFilePassword is the password to secure the encryption key; note that this same password must be used when importing that file.

   4. Start the OSB 12.1.3 Administration Server and create a data source (jdbc/opssds) and target this data source to the Administration and Managed Servers of the OSB 12.1.3 domain. Make sure that the data source points to the OES Administration server policy store.

      For details on creating a JDBC data source, refer to "Create JDBC generic data sources" in the Oracle Fusion Middleware Administering Oracle WebLogic Server with Fusion Middleware Control.

   5. Navigate to the MW_HOME /oracle_common/common/bin directory by running the following command on the command line:

      cd MW_HOME/oracle_common/common/bin
      

   6. Run the following command to launch the WebLogic Scripting Tool (WLST):

      ./wlst.sh
      

   7. Reassociate the security store by running the following command:

      reassociateSecurityStore(domain="oes_domain", servertype="DB_ORACLE",jpsroot="cn=jpsroot",datasourcename="jdbc/opssds",jdbcurl="jdbc:oracle:thin:@host:1521:orcl",dbUser="R2PS3OSB_OPSS", dbPassword="db_password",jdbcdriver="oracle.jdbc.xa.client.OracleXADataSource",join="true",migrate="true", skip="true",keyFilePath="/tmp/key",keyFilePassword="password")
      

      where

      domain is the oracle.security.jps.farm.name value in the Oracle Entitlements Server Administration Server jps-config.xml.

      jpsroot is the oracle.security.jps.ldap.root.name value in the Oracle Entitlements Server Administration Server jps-config.xml.

      keyFilePath is the path of the directory where the encryption key was exported. Use the same keyFilePath that was used for the exportEncryptionKey command.

      keyFilePassword is the password that secures the encrypted key. You must use the same password that was used for the exportEncryptionKey command.

      For details, refer to "Reassociating Domain Stores with the Command reassociateSecurityStore" in Oracle Fusion Middleware Securing Applications with Oracle Platform Security Services.

3. Copy the jps-atz-wls-proxyproviders.jar file, which can be obtained from the 11g R2 PS3 (11.1.2.3) OES client, to the WebLogic 12c location:

   WLS_HOME/wlserver/server/lib/mbeantypes
   

4. Restart all servers.

5. Configure the Authorization provider.

   For details on configuring an Authorization provider, refer to "Configuring Authentication Providers" in the Oracle Fusion Middleware Administering Security for Oracle WebLogic Server.

6. Configure the Role Mapping provider.

   For details on configuring a Role Mapping provider, refer to "Configuring a Role Mapping Provider" in the Oracle Fusion Middleware Administering Security for Oracle WebLogic Server.

7. Restart all servers including the Administration and Managed Servers.

D.2 Configuring OSB Security

To configure OSB security, perform the following steps:

1. Start the Oracle Service Bus Console by entering:

   http://osb_domain_host:osb_admin_port/servicebus/
   

2. Create the OESAuthorizationProxy and OESRoleMapperProxy in the Oracle Service Bus Console under Realm.

3. Configure transport-level security as follows:

   1. Navigate to the Proxy Service which you want to protect.

   2. Click Configuration and then Transport Details.

   3. Change Authentication to Basic.

4. Configure message-level security as follows:

   1. Navigate to the Proxy Service which you want to protect.

   2. Click Security and then Security Setting.

   3. Change Custom Authentication to Custom User Name and Password.