1. Using Oracle Java Cloud Service - SaaS Extension
  2. Setting Up Trust Between WebLogic Domains and JCS-SaaS Extension
  3. About the setup-wss-trust Tool

About the setup-wss-trust Tool

setup-wss-trust is a command-line tool that automates the process of setting up Web Service Security (WSS) trust from a local WebLogic Server domain to a JCS-SaaS Extension instance in the cloud.

This command is supported by the same command-line tool, javacloud, available with JCS-SaaS Extension SDK, version 16.4.1. You can use this command to set up trust from an on-premises domain (that is, any environment from which you have access to your local WebLogic Server domain) to an instance in the cloud deployed on JCS-SaaS Extension so that you can propagate IDs and protect messages from that domain to the instance. Note, however, that while this command allows you to propagate IDs and protect messages from your on-premises domain to a JCS-SaaS Extension instance, it does not provide similar functionality in the other direction; that is, you must use other techniques to establish similar trust between the instance and your on-premises domain. You can also run this command if you need to set up point-to-point WSS trust between two JCS-SaaS Extension instances running in separate identity domains.

Using the Command

The following syntax describes typical usage of the command. Required commands are in bold. Line breaks have been added for clarity; do not include them when entering the command.. 

$ javacloud -setup-wss-trust -user|-u userName 
     -password|-p password     
     -identitydomain|-id identityDomain 
     -serviceinstance|-si serviceInstance
     -alias certAlias  [-path|-p //pathToCert]   
     -issuer|-is SAMLIssuer 
        [-httpproxy|-hp proxyhost:port@user/password] 
        [-certfiletype|-cft certFileType] 
        [-output|-o //pathToCertDownload]

Note:

The preceding syntax show just the most common required and optional parameters for setup-wss-trust. These and additional, advanced parameters are described in the $SDK_HOME/doc/index.html file.

For example:

$javacloud -setup-wss-trust  -identitydomain myiddomain -serviceinstance myinstnace -user user.com -password ****  -alias myorg -path myorg.jks -issuer myorgname

Response:

[SETUP TRUST] [INFO]    - Checking if the alias already exists in the Web service
                          security store.
[SETUP TRUST] [INFO]    - The certificate with the alias myorg does not exist already.
[SETUP TRUST] [INFO]    - Importing certificate with command-line:add-wss-certificates
                          -identitydomain "myiddomain" -user "user.com" -password ********
                          -serviceinstance "myinstnace" -adminurl
                          "https://javaservices.us2.cloud.oracle.com" -path myorg.jks"
                          -alias "myorg"
[SETUP TRUST] [INFO]    - 1 certificate(s) added.
[SETUP TRUST] [INFO]    - Establishing trust with 
                          DN: CN=MyOrgName
                         
                          Serial Number: -167863760719642507519543905148448728112
[SETUP TRUST] [INFO]    - Creating  required Trust configuration using -config-shell
[SETUP TRUST] [INFO]    - Checking if the config-shell is already open...
[SETUP TRUST] [INFO]    - Ending existing config-shell session.
[SETUP TRUST] [WARNING] - Entering into config-shell in the auto-mode. This would not
                          require any manual operation until the shell exits. Please be
                          patient as  you observe slight delays.
[SETUP TRUST] [INFO]    - Running config-shell with the command-line:config-shell
                          identitydomain "myiddomain" -user "user.com" -password ********
                          -serviceinstance "myinstnace" -adminurl
                          "https://javaservices.us2.cloud.oracle.com" -command
                          "set-token-issuer-trust -issuer "myorgname" -alias myorg
                          -tokentype dns.sv;set-token-issuer-trust -issuer "myorgname "
                          -alias myorg -tokentype dns.hok;set-token-issuer-trust -issuer
                          "myorgname" -alias myorg -tokentype dns.jwt;exit"
                          -autoexitonfailure "true"
                         
                         
Please exit and re-enter the shell if the prompt does not appear within a few seconds. You can type "exit" to exit the shell.
Config-shell:>the trusted DN lists are successfully set
Config-shell:>the trusted DN lists are successfully set
Config-shell:>JWT trusted issuers successfully set
Config-shell:>Please exit and re-enter the shell if the prompt does not appear within a few seconds. You can type "exit" to exit the shell.
[SETUP TRUST]
[SETUP TRUST] [INFO]    - Config-shell finished successfully!
                         
                         
[SETUP TRUST] [INFO]    - Exporting cloud instance certificate...
[SETUP TRUST] [INFO]    - If the trust from the cloud instance to the local weblogic
                          domain needs to be setup, Please import the downloaded
                          certificates and make the required trust configuration at the
                          local weblogic domain.
[SETUP TRUST] [INFO]    - 2 certificates downloaded.
[SETUP TRUST] [INFO]    - Downloaded at: /Users/velsubra/Downloads/work/
                          downloaded_certificates.jks
[SETUP TRUST] [TIP]     - Success: This completes one way trust setup from the local
                          weblogic domain to the cloud instance.