1. Migrating Oracle Java Cloud Service Instances to Oracle WebLogic Server for OCI Using WDT
  2. Migrate an Instance
  3. Recreate Oracle Fusion Middleware Security Resources

Recreate Oracle Fusion Middleware Security Resources

If you created any custom users, groups, roles or policies in your source Oracle Java Cloud Service instance, then you must recreate them in the target Oracle WebLogic Server for OCI domain.

Application Migration does not automatically migrate any Oracle Fusion Middleware security resources that you created to support your applications, including users, roles and policies. Perform this task if your source domain includes applications that use Oracle Fusion Middleware (FMW), Oracle Platform Security Services (OPSS), Oracle Application Development Framework (ADF) or Oracle Web Services Manager (WSM).

  1. Access the Fusion Middleware Control Console for your source instance.
    https://<source_admin_ip>:7002/em
  2. Sign in to the console as your Oracle WebLogic Server system administrator.
  3. From a different browser window or tab, sign in to the Fusion Middleware Control Console for your target domain.
    https://<target_admin_ip>:7002/em

    See Access the Fusion Middleware Control Console in Using Oracle WebLogic Server for OCI.

  4. Recreate users and groups.
    1. From both consoles, click WebLogic Domain, select Security, select Security Realms, and then click myrealm (default WebLogic domain).
    2. From both consoles, click the realm, and then click Users and Groups.
    3. Identify any custom users in the source instance, and then recreate these users in the target instance.
    4. From both consoles, click Groups.
    5. Identify any custom groups in the source instance, and then recreate these groups in the target instance.
  5. Recreate roles and policies.
    1. From both consoles, click WebLogic Domain, select Security, and then select Application Roles.
    2. Identify any roles in the source instance, and then recreate these roles in the target instance.
    3. From both consoles, click WebLogic Domain, select Security, and then select Application Policies.
    4. Identify any policies in the source instance, and then recreate these policies in the target instance.
    5. From both consoles, click WebLogic Domain, select Security, and then select System Policies.
    6. Identify any system policies in the source instance, and then recreate these system policies in the target instance.
    7. Click Search System Security Grants Right arrow icon.
    8. Identify any custom permissions that you created for this system library in the source instance, and then recreate these permissions in the target instance.
      Repeat this process if you created custom permissions for other system libraries.
  6. Recreate keystores.
    1. From both consoles, click WebLogic Domain, select Security, and then select Keystore.
    2. Identify any custom keystores in the source instance, and then recreate these keystores in the target instance.

      If any of the following aliases are present in the system keystores, do not modify them:

      Keystore Aliases
      system/trust democa, idcs_root_ca
      system/demoidentity DemoIdentity
      system/castore democa
      system/publiccacerts <name> [jdk], idcs_root_ca
      opss/trustservice_ts trustservice, cloudca
      opss/trustservice_ks trustservice
      owsm/keystore oauth_<identity_domain>_trust_sign, cloudca, orakey

      For more information, see these topics in Securing Applications with Oracle Platform Security Services:

  7. Recreate credential maps.
    1. From both consoles, click WebLogic Domain, select Security, and then select Credentials.
    2. Identify any custom credential maps in the source instance, and then recreate these credential maps in the target instance.

      Do not modify the default credential maps, including oracle.wsm.security.

      For more information, see these topics in Securing Applications with Oracle Platform Security Services:

  8. Reconfigure security providers.
    1. From both consoles, click WebLogic Domain, select Security, and then select Security Provider Configuration.
    2. Compare the security provider configuration of the source and target instances, and then update the configuration of the target instance as necessary.

      Do not modify the Security Store.

  9. Reconfigure the audit service.
    1. From both consoles, click WebLogic Domain, select Security, and then select Audit Registration and Policy.
    2. Compare the audit policy settings of the source and target instances, and then update the settings of the target instance as necessary.
  10. Recreate Web Services Manager (WSM) policies.
    1. From both consoles, click WebLogic Domain, select Web Services, and then select WSM Policies.
    2. Identify any custom policies in the source instance, and then recreate these policies in the target instance.
      The default policies are read-only and identified with a lock icon.

      For more information, see these topics in Securing Web Services and Managing Policies with Oracle Web Services Manager:

    3. From both consoles, click WebLogic Domain, select Web Services, and then select WSM Policy Sets.
    4. Identify any policy sets in the source instance, and then recreate these policy sets in the target instance.
    If you made significant changes to the target instance using the Fusion Middleware Control Console, Oracle recommends taking another backup of your target instance and its infrastructure database schemas.