Configuring an Initial Security Policy

FDMEE provides scripts to configure Web Services with a set of default policies. If PeopleSoft or Fusion Financials use a different set of polices, use Enterprise Manager to configure the policies.

Before you run the scripts, ensure the following:

  • You performed the steps to configure Oracle Web Services Manager.

  • FDMEE and WebLogic Administration Server are running.

  To configure security policies:

  1. For all products except Account Reconciliation Manager:

    1. Open EPM_ORACLE_HOME/products/FinancialDataQuality/bin/wls-infra.properties in a text editor, and then update the properties that are required for your environment. Leave all other properties as is, and then save the file. See Table 4, Properties in wls-infra.properties for a list of properties.

    2. Run wlsConfigMDS.bat or wlsConfigMDS.sh and ensure that the script completes successfully and displays no errors.

    3. Restart FDMEE.

    4. When FDMEE is running, run wlsConfigOWSM.bat or wlsConfigOWSM.sh and ensure that the script completes successfully and displays no errors.

    5. Restart FDMEE.

  2. For integration with Account Reconciliation Manager:

    1. Open EPM_ORACLE_HOME/products/FinancialDataQuality/bin/wls-ARM.properties in a text editor, and update the properties that are required for your environment. Leave all other properties as is, and then save the file. See Table 5, Properties in wls-ARM.properties for a list of properties.

    2. From a command prompt, navigate to EPM_ORACLE_HOME/products/FinancialDataQuality/bin, run wlsConfigARM.bat or wlsConfigARM.sh and ensure that the script runs successfully.

    3. Restart FDMEE and the Oracle WebLogic Server.

Note:

You must rerun wlsConfigMDS.bat|.sh script whenever you patch or redeploy aif.ear if you are using FDMEE with Peoplesoft or Fusion Financials.

Table 4. Properties in wls-infra.properties

Property NameUpdate the Property?Description
Username Yes The user name to connect to WebLogic Administration Server. Change the user name to a valid WebLogic Administration Server user.
Password YesThe password to connect to WebLogic Administration Server. Change the password to a valid WebLogic Administration Server password.
adminServerURL YesThe URL for WebLogic Administration Server. Update the host and port accordingly. For a multinode setup, use the host on which Administration Server is installed.
partitionName Update if neededRepresents the partition that would be created in the repository. All connection configuration details would be stored in this partition.
schemaUserName YesThe user name for MDS schema.
schemaPassword YesThe password for the MDS schema user.
databaseType YesThe database type that is used for configuring MDS. Valid values are ORACLE or MSSQL.
Hostname YesThe hostname for the database server.
Port YesThe port for the database server listener.
dbName YesThe service name/db name of the MDS schema user.
dataLoadServiceWSDL YesThe URL on which dataLoadAMService is running. The URL must be updated when FDMEE is configured to integrate with Account Reconciliation Management (ARM) application. Update the host and port details accordingly.
clientSecPolicyForARM NoARM dataLoadAMService is secured using a SAML token with message protection service policy. To contact ARM, we should be using the corresponding client policy.
hypBudgetCheckWSDL YesThe URL on which PeopleSoft Budget check service is running. This must be changed when configuring integration with PeopleSoft for commitment control. Change the host and port details accordingly.
ClientSecPolicyForPSFT Update if neededPeopleSoft uses only wss10 SAML token policies. The default policy is specified in the properties file. Check with PeopleSoft configuration before updating the policy details
PSFTAlias YesThis property represents the PeopleSoft LocalNode. This is required so that communication between FDMEE and PeopleSoft goes through without any errors. Update the property accordingly.
fusionWriteBackWSDL YesThe URL on which Fusion LedgerEssbaseAPI service is running. This URL must be changed when configuring integration between FDMEE and Fusion for Write-Back. Change the host and port details accordingly.
ClientSecPolicyForFusion Update if neededFusion systems generally use user name/password protection policy. The default policy mentioned in the properties file corresponds to a user name/password protection policy.
FusionUserName YesThe user name that the service should use to connect to Fusion systems. The user must be a valid Fusion Financials user with access to the Fusion General Ledger application.
FusionUserPassword YesThe password for the Fusion Financial user.
ServiceEndPointSecPolicy Update if neededFDMEE exposes public RuleService and SetupService. To secure these services, we use a default SAML token with message protection service policy. Change the policy if the service needs to be secured with a different policy.

Table 5. Properties in wls-ARM.properties

Property NameUpdate the Property?Description
userName=adminUserName YesReplace adminUserName with the WebLogic Administrator user name.
passWord=adminPassword YesReplace adminPassword with the WebLogic Administrator password.
adminServerURL=t3://localhost:7001 YesReplace localhost with the WebLogic Administration Server host name.
ServiceEndPointSecPolicy No 
ServiceCallBackSecPolicyNo