9 Configuring the Billing Care, Billing Care REST API, and Business Operations Center Services

Learn how to configure Billing Care, Billing Care REST API, and Business Operations Center to run in your Oracle Communications Billing and Revenue Management (BRM) cloud native environment.

Topics in this document:

About Configuring Business Operations Center, Billing Care, and Billing Care REST API

Business Operations Center, Billing Care, and the Billing Care REST API all of them share a similar image stack.

Figure 9-1 shows the process for deploying Billing Care using WebLogic Operator. The same process is used for the Billing Care REST API. The only difference is the name of the deployer: bcws-domain-deployer.

Figure 9-1 Billing Care Deployment Flow

Figure 9-2 shows the process for deploying Business Operations Center using WebLogic Operator. It is similar to the Billing Care process.

Figure 9-2 Business Operations Center Deployment Flow


It is important to wait until the component-domain-deployer process is in the 1/1 Running status before running oc-cn-helm-chart.

You deploy these services by using the following Helm charts:

  • oc-cn-op-job-helm-chart: This chart creates and configures the WebLogic domain, deploys the application, deploys and links the SDK (for Billing Care and Billing Care REST API), and loads the authorization policies.

  • oc-cn-helm-chart: This chart starts the rolling restart of the WebLogic servers and the application update.

  • WebLogic Operator chart: This chart manages the application domain, controlling the service availability when managed server pods are scaled up or down.

Configuring Business Operations Center

Business Operations Center is a Web-based client application that you use to run business operations such as billing, invoicing, and payment collections. For more information, see "Using Business Operations Center" in BRM System Administrator's Guide.

To configure Business Operations Center to run in your BRM cloud native environment:

  1. Override the Business Operations Center-specific keys in the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Business Operations Center Keys for oc-cn-op-job-helm-chart".

  2. Override the Business Operations Center-specific keys in the values.yaml file for oc-cn-helm-chart. See "Adding Business Operations Center Keys for oc-cn-helm-chart".

  3. Set up volume mounts. See "About Business Operations Center Volume Mounts".

  4. Create a WebLogic domain and install the Business Operations Center application. See "Creating a WebLogic Domain and Installing the Business Operations Center Application".

  5. Set up SAML for SSO in Business Operations Center. See "Setting Up SSO for Business Operations Center".

  6. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".


To set up Business Operations Center, ensure that you successfully complete the installation of oc-cn-op-job-helm-chart before you install or upgrade oc-cn-helm-chart.

Adding Business Operations Center Keys for oc-cn-op-job-helm-chart

Table 9-1 lists the keys that directly impact Business Operations Center. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart with the same path hierarchy.

For a complete set of keys to personalize Business Operations Center deployment, see the keys with the path ocboc.boc in the oc-cn-op-job-helm-chart/values.yaml file.


Keys with the path ocboc.boc.secretVal hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-1 Keys for oc-cn-op-job-helm-chart

Key Path in Values.yaml file Description



Whether to deploy, configure, and start Business Operation Center services.

  • false: Kubernetes resources meant for the Business Operation Center application will not be created.
  • true: Creates the necessary Kubernetes resources for using Business Operation Center. This is the default.



The tag associated with the image. This is generally the release number prefixed with a colon (:). For example: :



The role of the database administrator user.



The additional arguments for creating the RCU.



Used to create the WebLogic data source for connecting to the Business Operations Center schema.

This is also the connection string for the database where schemas needed by Oracle Fusion Middleware products are created, especially OPSS.

Use one of these formats:

  • DatabaseHost:DatabasePort/ServiceName
  • DatabaseHost:DatabasePort:ServiceID



The type of connection required to connect to the database:

  • Yes-Two Way: Two-way SSL authentication is required.
  • Yes-One Way: One-way SSL authentication is required. This is the default.
  • No: SSL authentication is not required.



The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.



The password for accessing the certificates from the TrustStore and KeyStore.



The host name or IP address of the LDAP Server (for example, OUD) where users and groups are configured for access to Business Operations Center.



The port number on which the LDAP server is listening.



The LDAP base DN that contains groups.



The LDAP base DN that contains users.



The Business Operations Center database schema user name.



The default tablespace for the Business Operations Center database administrator.



The temp tablespace for the Business Operations Center database administrator.



The URL of the Billing Care instance that is used with your BRM Server.

Leave this blank if Billing Care isn't installed in your environment.



Whether to enable single sign-on (SSO) for Business Operations Center cloud native services using SAML 2.0:

  • true: SSO is enabled for Business Operations Center cloud native services.
  • false: SSO is disabled. This is the default.



The private key alias of the KeyStore.



The file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.



The file name of the Identity KeyStore.



The file name of the Trust KeyStore.



(Release 15.0.1 or later) The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.



The name of the SAML Asserter. The default is samlBOCAsserter.



The base URL that is used to construct endpoint URLs. This is typically the Load Balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.



The URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.



Update this value with any value different from the current value to force a restart of the deployer.



The Base64-encoded password for the WebLogic domain's administrative user. This is used for accessing the WebLogic Server Administration Console for administrative operations.



The Base64-encoded password of the LDAP Server admin user.



The Base64-encoded database administrator's password.



The Base64-encoded Business Operations Center database schema password.



The Base64-encoded password for schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.



The StorePass for the Identity KeyStore.



The KeyPass for the Identity KeyStore.



The StorePass for the Trust KeyStore.



The name of the domain.

The default is boc-domain.



The NodePort where the admin-server's HTTP service will be accessible.



The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.



The rules for scheduling WebLogic Server pods on particular nodes using simple selectors using Node Selector rules.



The rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors using affinity rules.

Adding Business Operations Center Keys for oc-cn-helm-chart

Table 9-2 lists the keys that directly impact Business Operations Center. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For a complete set of keys to personalize Business Operations Center deployment, see the keys with the path ocboc.boc in the oc-cn-helm-chart/values.yaml file.


Keys with the path ocboc.boc.secretVal hold sensitive data. Handle them carefully with controlled access to the file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-2 Keys for oc-cn-helm-chart

Key Path in Values.yaml file Description



Whether to deploy, configure, and start Business Operation Center services.

  • false: Kubernetes resources meant for the Business Operation Center application will not be created.
  • true: Creates the necessary Kubernetes resources for using Business Operation Center. This is the default.



The tag associated with the image. This is generally the release number prefixed with a colon (:). For example, :



The user name of the service with permission to access BRM, such as boc_client.



The POID type of the service that has permission to access BRM.



The POID ID of the service that has permission to access BRM.



Minimum size of the connection pool.



Maximum size of the connection pool.



The log level for the infranet properties.



Empty by default, you can use this key to specify custom infranet properties.



The name of the domain.

The default is boc-domain.



The NodePort where the admin-server's http service will be accessible.



The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.



Whether to enable monitoring of Business Operations Center.

See "Monitoring and Autoscaling Business Operations Center Cloud Native" in BRM Cloud Native System Administrator's Guide.



The rules for scheduling WebLogic Server pods on particular nodes using simple selectors using Node Selector rules.



The rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors using affinity rules.

Updating Infranet.properties for Business Operations Center

The Infranet.properties file entries are located in the values.yaml file. This makes it easier to update them.

Following is a sample configuration block (located in the ocboc.boc path in oc-cn-helm-chart) for the Infranet.properties entries:

        login: 'boc_client.'
        serviceType: '/service/admin_client'
        serviceId: 2
        minSize: 25
        maxSize: 50
    logLevel: 3
    addOnProperties: ""

If you have custom properties, they should be defined here using the addOnProperties key. For example:

addOnProperties: |-

To update these properties, update the values in oc-cn-helm-chart and change the value of ocboc.boc.wop.restartVersion in oc-cn-helm-chart to any new value. This will force a pod restart and the new values will be used.

Adding Custom Configuration to Deployment Workflow for Business Operations Center

You can provide additional configuration to be applied at particular checkpoints in the Business Operations Center deployment workflow. These checkpoints are:

  • ext_deployer_pre_exit: Called after the standard configuration in deployer.sh in oc-cn-op-job-helm-chart
  • ext_init_app_pre_exit: Called after the standard configuration in the init-app initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_config_pre_exit: Called after the standard configuration in the init-config initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_upgrade_pre_exit: Called after the standard configuration in the upgrade container

Create a ConfigMap with your configuration scripts, including a shell script named run_hooks.sh that calls your other scripts. For example:

apiVersion: v1
kind: ConfigMap
  name: ext-scripts
  run_hooks.sh: |+
    echo "executing extension for: $@"
    if [ "$CURRENT_CHECKPOINT" == "ext_deployer_pre_exit" ] ; then
      sh my_deployer_extension.sh
  my_deployer_extension.sh: |+
    echo "executing my_deployer_extension"

Specify the name of your ConfigMap in the ocboc.boc.extensions.scriptsConfigName key in the override-values.yaml file for oc-cn-op-job-helm-chart.

About Business Operations Center Volume Mounts

The Business Operations Center container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. Business Operations Center requires a volume for the domain. By default, this is created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

To change the volume type or provider, modify the ocboc.boc.volume.domain.createOption key in the override-values.yaml file for oc-cn-op-job-helm-chart.

Creating a WebLogic Domain and Installing the Business Operations Center Application

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the Business Operations Center application and deploys the application WAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.


The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for Business Operations Center services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up SSO for Business Operations Center

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for Business Operations Center cloud native services by using SAML 2.0.

To set up SSO for Business Operations Center:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/boc/idp directory.

  3. Configure the KeyStores needed by SAML:

    1. Generate identity and trust KeyStores.

    2. Move your KeyStore files, such as identity.p12 and trust.p12, under the oc-cn-op-job-helm-chart/boc/keystore directory.

  4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocboc.boc.configEnv.isSSOEnabled: Set this to true.

    • ocboc.boc.configEnv.keystoreAlias: Set this to the private key alias of the KeyStore.

    • ocboc.boc.configEnv.keystoreType: Set this to the file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

    • ocboc.boc.configEnv.keystoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocboc.boc.configEnv.keystoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocboc.boc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is samlBOCAsserter.

    • ocboc.boc.configEnv.ssoPublishedSiteURL: Set this to the base URL that is used to construct endpoint URLs. This is typically the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocboc.boc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocboc.boc.secretVal.keystoreIdentityPassword: Set this to the StorePass for the Identity KeyStore.

    • ocboc.boc.secretVal.keystoreKeyPassword: Set this to the KeyPass for the Identity KeyStore.

    • ocboc.boc.secretVal.keystoreTrustPassword: Set this to the StorePass for the Trust KeyStore.

  5. Configure your load balancer's rules to send responses to the Business Operations Center WebLogic domain with /saml2 appended to the URL path.


    Add this rule to your existing load balancer rules for routing responses to Business Operations Center (/opsdashboard), the host name, and so on.

    See "Installing an Ingress Controller".

  6. Deploy your Business Operations Center cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  7. After Business Operations Center is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your Business Operations Center domain specified in the ocboc.boc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to Business Operations Center.

  8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Setting Up Local Users and Groups for Business Operations Center

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for Billing Care, define the keys under ocboc.boc.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart. For example:

            -   name: "GroupA"
                description: "GroupA Description"
            -   name: "GroupB"
                description: "GroupB Description"
            -   name: csr1
                description: "csr1 description"
                password: "Base64_password"
                -   "GroupA"
                -   "GroupB"
            -   name: csr2
                description: "csr2 description"
                password: "Base64_password"
                -   "GroupB"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the Business Operations Center service, two of the managed servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.


The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

Before installing or upgrading oc-cn-helm-chart for Business Operations Center, ensure that the brm_apps values are configured correctly. If there is a change in any brm_apps values, use serverStartPolicy to restart and have the changes take effect.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect:

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace


  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

Configuring Billing Care

Billing Care is a Web-based client application that CSRs use to manage billing, payments, and accounts receivable for your customers. For more information about using Billing Care, see Billing Care Online Help.

To configure Billing Care to run in your BRM cloud native environment:

  1. Override the Billing Care-specific keys from the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Billing Care Keys for oc-cn-op-job-helm-chart".

  2. Override the Billing Care-specific keys from the values.yaml file for oc-cn-helm-chart. See "Adding Billing Care Keys for oc-cn-helm-chart".

  3. Set up volume mounts for Billing Care. See "About Billing Care Volume Mounts".

  4. Create a WebLogic domain and install Billing Care. See "Creating a WebLogic Domain and Installing the Billing Care Application".

  5. Set up SAML for SSO in Billing Care. See "Setting Up SSO for Billing Care".

  6. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".


To set up Billing Care, ensure that you successfully complete the installation of oc-cn-op-job-helm-chart before you install or upgrade oc-cn-helm-chart.

Adding Billing Care Keys for oc-cn-op-job-helm-chart

Table 9-3 lists a few important keys that directly impact Billing Care. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart with the same path hierarchy.

For the complete set of keys to personalize your Billing Care deployment, see the keys with the path ocbc.bc in the oc-cn-op-job-helm-chart/values.yaml file.


Keys with the path ocbc.bc.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-3 Keys for oc-cn-op-job-helm-chart

Key Path in values.yaml File Description



Whether to deploy, configure, and start Billing Care services:

  • false: Does not create the Kubernetes resources for using Billing Care.
  • true: Creates the Kubernetes resources for using Billing Care. This is the default.



The name of the Billing Care image, such as oracle/billingcare.



The tag associated with the image. This is generally the release number prefixed with a colon (:). For example, :15.0.x.0.0.



The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
  • NO: SSL authentication is not required.



The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.



The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS.



The role of the database administrator user.



The additional arguments for creating the RCU.



The host name or IP address of the LDAP Server (for example, OUD) where users and groups will be configured for access to Billing Care.



The port number on which the LDAP server is listening.



The LDAP base DN that contains groups.



The LDAP base DN that contains users.



The private key alias of the KeyStore.



The file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.



The file name of the Identity KeyStore.



The file name of the Trust KeyStore.



(Release 15.0.1 or later) The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.



Whether to enable single sign-on (SSO) for Billing Care cloud native services through SAML 2.0:

  • true: SSO is enabled for Billing Care cloud native services.

  • false: SSO is disabled. This is the default.



The name of the SAML Asserter. The default is samlBCAsserter.



The base URL that is used to construct endpoint URLs. This is typically the Load Balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.



The URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.



Update this value with any value different from the current value to force a restart of the deployer.



The password of the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.



The password of the LDAP Server admin user.



The password for the rcuJdbcURL database administrator.



The passwords for the schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.



The password for accessing the certificates from the TrustStore and KeyStore.



The StorePass for the Identity KeyStore.



The KeyPass for the Identity KeyStore.



The StorePass for the Trust KeyStore.



The name of the domain. The default is billingcare-domain.



The NodePort where the admin-server's HTTP service will be accessible.



The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.



The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.



The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Adding Billing Care Keys for oc-cn-helm-chart

Table 9-4 lists a few important keys that directly impact Billing Care. Add these keys to your override-values.yaml file for oc-cn-helm-chart with the same path hierarchy.

For the complete set of keys to personalize your Billing Care deployment, see the keys with the path ocbc.bc in the oc-cn-helm-chart/values.yaml file.


Keys with the path ocbc.bc.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-4 Keys for oc-cn-helm-chart

Key Path in values.yaml File Description



The logging level at which application logs must be captured in log files: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.



Whether to deploy, configure, and start Billing Care services:

  • false: Does not create the Kubernetes resources for using Billing Care.
  • true: Creates the Kubernetes resources for using Billing Care. This is the default.



The name of the Billing Care image, such as oracle/billingcare.



The tag associated with the image. This is generally the release number, prefixed with a colon (:). For example, :



The private key alias of the KeyStore.



The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
  • NO: SSL authentication is not required.



The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.



The user name of the service that has permission to access BRM, such as bc_client.



The POID type of the service that has permission to access BRM.



The POID ID of the service that has permission to access BRM.



Minimum size of the connection pool.



Maximum size of the connection pool.



The log level for the infranet properties.



Empty by default, you can use this key to specify custom infranet properties.



The name of the domain. The default is billingcare-domain.



The NodePort where the admin-server's http service will be accessible.



The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.



Whether to enable monitoring of Billing Care.

See "Monitoring and Autoscaling Billing Care Cloud Native" in BRM Cloud Native System Administrator's Guide.



The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.



The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Updating Infranet.properties for Billing Care

The Infranet.properties file entries are located in the values.yaml file. This makes it easier to update them.

Following is a sample configuration block (located in the ocbc.bc path in oc-cn-helm-chart) for the Infranet.properties entries:

        login: 'boc_client.'
        serviceType: '/service/admin_client'
        serviceId: 2
        minSize: 25
        maxSize: 50
    logLevel: 3
    addOnProperties: ""

If you have custom field classes, they should be provided through the SDK .war file and defined here using the addOnProperties key. For example:


To update these properties, update the values in override-values.yaml file for oc-cn-helm-chart. If this is an upgrade, also update the ocbc.bc.wop.restartVersion key in the same file. This will force a pod restart and the new values will be used.

Adding Custom Configuration to Deployment Workflow for Billing Care

You can provide additional configuration to be applied at particular checkpoints in the Billing Care deployment workflow. These checkpoints are:

  • ext_deployer_pre_exit: Called after the standard configuration in deployer.sh in oc-cn-op-job-helm-chart
  • ext_init_app_pre_exit: Called after the standard configuration in the init-app initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_config_pre_exit: Called after the standard configuration in the init-config initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart

Create a ConfigMap with your configuration scripts, including a shell script named run_hooks.sh that calls your other scripts. For example:

apiVersion: v1
kind: ConfigMap
  name: ext-scripts
  run_hooks.sh: |+
    echo "executing extension for: $@"
    if [ "$CURRENT_CHECKPOINT" == "ext_deployer_pre_exit" ] ; then
      sh my_deployer_extension.sh
  my_deployer_extension.sh: |+
    echo "executing my_deployer_extension"

Specify the name of your ConfigMap in the ocbc.bc.extensions.scriptsConfigName key in the override-values.yaml file for oc-cn-op-job-helm-chart.

Since Billing Care is a web application that is deployed on WebLogic Server, refer to the WebLogic Server documentation for information about overriding timeouts, cookie attributes, and so on. See "web.xml Deployment Descriptor Elements" and "weblogic.xml Deployment Descriptor Elements" in Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server for more information about these configurations. You can find files to help you with this configuration in the oc-cn-op-job-helm-chart/templates directory.

About Billing Care Volume Mounts

The Billing Care container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. There is one volume for the domain and one for batch payments. By default, these are created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.

To change the volume type or provider, modify the following keys in the override-values.yaml file for oc-cn-op-job-helm-chart.

  • ocbc.bc.volume.domain.createOption for the domain file system for Billing Care.

  • ocbc.bc.volume.batchPayment.createOption for the batch payments file system.

Creating a WebLogic Domain and Installing the Billing Care Application

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the Billing Care application and deploys the application WAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.


The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for Billing Care services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up SSO for Billing Care

SSO allows users to log in to applications using a single user name and password combination. You set up SSO for Billing Care cloud native services by using SAML 2.0.

To set up SSO for Billing Care:

  1. Export the SAML 2.0 metadata XML file from your identity and access management (IAM) system.

    For example, if you are using Oracle Access Management, you can export the file by following the instructions in "Exporting Metadata" in Oracle Fusion Middleware Administering Oracle Access Management.

  2. Rename the metadata XML file to metadata.xml, and then move metadata.xml to the oc-cn-op-job-helm-chart/billingcare/idp directory.

  3. Configure the KeyStores needed by SAML 2.0:

    1. Generate identity and trust KeyStores.

    2. Move your KeyStore files, such as identity.p12 and trust.p12, to the oc-cn-op-job-helm-chart/billingcare/keystore directory.

  4. In your override-values.yaml file for oc-cn-op-job-helm-chart, set the following keys:

    • ocbc.bc.configEnv.isSSOEnabled: Set this to true.

    • ocbc.bc.configEnv.keystoreAlias: Set this to the private key alias of the KeyStore.

    • ocbc.bc.configEnv.keystoreType: Set this to the file type of the SSL Identity and Trust store, which is either PKCS12 or JKS. The default is PKCS12.

    • ocbc.bc.configEnv.keystoreIdentityFileName: Set this to the name of the Identity KeyStore file.

    • ocbc.bc.configEnv.keystoreTrustFileName: Set this to the name of the Trust KeyStore file.

    • ocbc.bc.configEnv.samlAsserterName: Set this to the name of the SAML Asserter. The default is samlBCAsserter.

    • ocbc.bc.configEnv.ssoPublishedSiteURL: Set this to the base URL that is used to construct endpoint URLs. This is typically the load balancer host and port at which the server is visible externally. It must be appended with /saml2. For example: https://LoadBalancerHost:LoadBalancerPort/saml2.

    • ocbc.bc.configEnv.ssoDefaultURL: Set this to the URL where unsolicited authentication responses are sent if they do not contain an accompanying target URL.

    • ocbc.bc.secretVal.keystoreIdentityPassword: Set this to the StorePass for the Identity KeyStore.

    • ocbc.bc.secretVal.keystoreKeyPassword: Set this to the KeyPass for the Identity KeyStore.

    • ocbc.bc.secretVal.keystoreTrustPassword: Set this to the StorePass for the Trust KeyStore.

  5. Configure your load balancer's rules to send responses to the Billing Care WebLogic domain with /saml2 appended to the URL path.


    Add this rule to your existing load balancer rules for routing responses to Billing Care (/bc), the load balancer host name, and so on.

    See "Installing an Ingress Controller".

  6. Deploy your Billing Care cloud native services by following the instructions in "Deploying BRM Cloud Native Services".

  7. After Billing Care is deployed, retrieve the sp-metadata-admin-server.xml file from the /shared/domains/domainUID directory in your container, where domainUID is the name of your Billing Care domain specified in the ocbc.bc.wop.domainUID key.

    The XML file configures the Web SSO Provider Partner. It contains the partner's KeyStore certificates, SAML assertion details, and the URLs where the SAML Identity Provider redirects to provide access to Billing Care.

  8. Create a profile for your identity provider partner by loading the sp-metadata-admin-server.xml file into your IAM system.

    For example, if you are using Oracle Access Management, you can load the file by following the instructions in "Creating Remote Identity Provider Partners" in Oracle Fusion Middleware Administering Oracle Access Management.

Setting Up Local Users and Groups for Billing Care

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for Billing Care, define the keys under ocbc.bc.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart. For example:

            -   name: "GroupA"
                description: "GroupA Description"
            -   name: "GroupB"
                description: "GroupB Description"
            -   name: csr1
                description: "csr1 description"
                password: "Base64_password"
                -   "GroupA"
                -   "GroupB"
            -   name: csr2
                description: "csr2 description"
                password: "Base64_password"
                -   "GroupB"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the Billing Care service, two of the Managed Servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.


The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect:

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace


  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.

Configuring the Billing Care REST API

You use the Billing Care REST API to integrate an external customer management application with BRM. This allows you to manage billing and rating in BRM and then manage your customers' accounts and bills in your external application. For more information, see REST API Reference for Billing Care.

To configure the Billing Care REST API to work with BRM cloud native:

  1. Override the Billing Care REST API-specific keys from the values.yaml file for oc-cn-op-job-helm-chart. See "Adding Billing Care REST API Keys for oc-cn-op-job-helm-chart".

  2. Override the Billing Care REST API-specific keys from the values.yaml file for oc-cn-helm-chart. See "Adding Billing Care REST API Keys for oc-cn-helm-chart".

  3. Set up volume mounts for the Billing Care REST API. See "About Billing Care REST API Volume Mounts".

  4. Create a WebLogic domain and install the Billing Care REST API. See "Creating a WebLogic Domain and Installing the Billing Care REST API".

  5. Start and stop your WebLogic servers. See "Starting and Stopping WebLogic Servers".


To set up the Billing Care REST API, ensure that you successfully complete the installation of oc-cn-op-job-helm-chart before you install or upgrade oc-cn-helm-chart.

Adding Billing Care REST API Keys for oc-cn-op-job-helm-chart

Table 9-5 lists a few important keys that directly impact the Billing Care REST API. Add these keys to your override-values.yaml file for oc-cn-op-job-helm-chart.

For the complete set of keys to personalize your Billing Care REST API deployment, see the keys with the path ocbc.bcws in the oc-cn-op-job-helm-chart/values.yaml file.


Keys with the path ocbc.bcws.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-5 Billing Care REST API Keys for oc-cn-op-job-helm-chart

Key Path in values.yaml File Description



Whether to deploy, configure, and start Billing Care REST API services:

  • false: Does not create the Kubernetes resources for using the Billing Care REST API.
  • true: Creates the Kubernetes resources for using the Billing Care REST API. This is the default.



The name of the Billing Care REST API image, such as oracle/bcws.



The tag associated with the image. This is generally the release number. Prefix the value with a colon (:). For example, :15.0.x.0.0.



The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
  • NO: SSL authentication is not required.



The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.



The password for accessing the certificates from the TrustStore and KeyStore.



The connection string for connecting to the database where schemas needed by Oracle Fusion Middleware products will be created, especially OPSS.



The role of the database administrator user.



The additional arguments for creating the RCU.



The host name or IP address of the LDAP Server (for example, OUD) where users and groups will be configured for access to the Billing Care REST API.



The port number on which the LDAP server is listening.



The LDAP base DN that contains groups.



The LDAP base DN that contains users.



The private key alias of the KeyStore.



The file type of SSL Identity and Trust store, either PKCS12 or JKS.



The file name of the Identity KeyStore.



The file name of the Trust KeyStore.



(Release 15.0.1 or later) The list of TLS versions to support for connection with the WebLogic domain. List the version numbers in order, from lowest to highest, separated by a comma. For example: TLSv1.2, TLSv1.3.



Update this value with any value different from the current value to force a restart of the deployer.



The password of the WebLogic domain's administrative user, which is used for accessing the WebLogic Console for administrative operations.



The password of the LDAP Server admin user.



The password for the rcuJdbcURL database administrator.



The passwords for the schemas of Oracle Fusion Middleware products that will be created by RCU, which is used by OPSS.



The password for accessing the certificates from the TrustStore and KeyStore.



The storepass of the Identity KeyStore.



The KeyPass of the Identity KeyStore.



The storepass of Trust KeyStore.



The name of the domain. The default is bcws-domain.



The NodePort where the admin-server's HTTP service will be accessible.



The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.



The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.



The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Adding Billing Care REST API Keys for oc-cn-helm-chart

Table 9-6 lists a few important keys that directly impact the Billing Care REST API. Add these keys to your override-values.yaml file for oc-cn-helm-chart.

For the complete set of keys to personalize your Billing Care REST API deployment, see the keys with the path ocbc.bcws in the oc-cn-helm-chart/values.yaml file.


Keys with the path ocbc.bcws.secretVal hold sensitive data. Handle them carefully with controlled access to the override file containing their values. Encode all of these values in Base64 format. See "Secrets" in Kubernetes Concepts.

Table 9-6 Billing Care REST API Keys for oc-cn-helm-chart

Key Path in values.yaml File Description



The logging level at which application logs must be captured in log files: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.



Whether to deploy, configure, and start Billing Care REST API services:

  • false: Does not create the Kubernetes resources for using the Billing Care REST API.
  • true: Creates the Kubernetes resources for using the Billing Care REST API. This is the default.



The name of the Billing Care REST API image, such as oracle/bcws.



The tag associated with the image. This is generally the release number. Prefix the value with a colon (:). For example, :



The private key alias of the KeyStore.



The type of connection required to connect to the database:

  • TWO_WAY: Two-way SSL authentication is required. In this case, both the client and server must authenticate each others identity.
  • ONE_WAY: One-way SSL authentication is required. In this case, the client must authenticate the server's identity. This is the default.
  • NO: SSL authentication is not required.



The type of TrustStore and KeyStore file that is used for the SSL connection: SSO or PKCS12.



The username of the service that has permission to access BRM.



The POID type of the service that has permission to access BRM.



The POID ID of the service that has permission to access BRM.



Minimum size of the connection pool.



Maximum size of the connection pool.



The log level for the infranet properties.



Empty by default, you can use this key to specify custom infranet properties.



The name of the domain. The default is bcws-domain.



The NodePort where the admin-server's HTTP service will be accessible.



The WebLogic servers that the Operator starts when it discovers the domain:

  • NEVER: Does not start any server in the domain.
  • ADMIN_ONLY: Starts only the administration server (no managed servers will be started).
  • IF_NEEDED: Starts the administration server and clustered servers up to the replica count.



Whether to enable monitoring of Billing Care REST API.

See "Monitoring and Autoscaling Billing Care Cloud Native" in BRM Cloud Native System Administrator's Guide.



The node selector rules for scheduling WebLogic Server pods on particular nodes using simple selectors.



The affinity rules for scheduling WebLogic Server pods on particular nodes using more powerful selectors.

Updating Infranet Properties for the Billing Care REST API

The Infranet.properties file entries are located in the values.yaml file. This makes it easier to update them.

Following is a sample configuration block (located in the ocbc.bcws path in oc-cn-helm-chart) for the Infranet.properties entries:

        login: 'root.'
        serviceType: '/service/admin_client'
        serviceId: 2
        minSize: 25
        maxSize: 50
    logLevel: 3
    addOnProperties: ""

If you have custom field classes, they should be provided through the SDK .war file and defined here using the addOnProperties key. For example:


To update any of these properties after an install or upgrade, update the values in override-values.yaml file for oc-cn-helm-chart. If this is an upgrade, also update the ocbc.bcws.wop.restartVersion key in the same file. This will force a pod restart and the new values will be used.

Adding Custom Configuration to Deployment Workflow for Billing Care REST API

You can provide additional configuration to be applied at particular checkpoints in the Billing Care REST API deployment workflow. These checkpoints are:

  • ext_deployer_pre_exit: Called after the standard configuration in deployer.sh in oc-cn-op-job-helm-chart
  • ext_init_app_pre_exit: Called after the standard configuration in the init-app initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart
  • ext_init_config_pre_exit: Called after the standard configuration in the init-config initContainer container in both oc-cn-op-job-helm-chart and oc-cn-helm-chart

Create a ConfigMap with your configuration scripts, including a shell script named run_hooks.sh that calls your other scripts. For example:

apiVersion: v1
kind: ConfigMap
  name: ext-scripts
  run_hooks.sh: |+
    echo "executing extension for: $@"
    if [ "$CURRENT_CHECKPOINT" == "ext_deployer_pre_exit" ] ; then
      sh my_deployer_extension.sh
  my_deployer_extension.sh: |+
    echo "executing my_deployer_extension"

Specify the name of your ConfigMap in the ocbc.bcws.extensions.scriptsConfigName key in the override-values.yaml file for oc-cn-op-job-helm-chart.

About Billing Care REST API Volume Mounts

The Billing Care REST API container requires Kubernetes volume mounts for sharing the domain and application file system between the WebLogic Cluster servers. There is one volume for the domain and one for batch payments. By default, these are created dynamically, using the provisioner defined in BRM, in the storage-class key in oc-cn-op-job-helm-chart.


The selected location must be accessible on all worker nodes across which WebLogic Servers will be distributed based on defined nodeSelector or affinity rules.

To change the volume type or provider, modify the following keys in the override-values.yaml file for oc-cn-op-job-helm-chart.

  • ocbc.bcws.volume.domain.createOption for the domain file system for Billing Care.

  • ocbc.bcws.volume.batchPayment.createOption for the batch payments file system.

Creating a WebLogic Domain and Installing the Billing Care REST API

The WebLogic domain is created by a Kubernetes Deployment when oc-cn-op-job-helm-chart is installed. The same job also installs the Billing Care REST API and deploys the application WAR file onto the WebLogic Cluster.

The oc-cn-op-job-helm-chart chart also:

  • Creates a Kubernetes ConfigMap and Secrets, which are used throughout the life-cycle of the WebLogic domain.

  • Initializes the PersistentVolumeClaim for the domain and application file system as well as third-party libraries.


The override-values.yaml file that you use for this chart must include BRM override values.

After you install oc-cn-op-job-helm-chart, wait until the Kubernetes deployment has reached the 1/1 Running status. Then, you can install or upgrade oc-cn-helm-chart for Billing Care REST API services.

After the deployment is running, don't delete the chart. Its resources will be used for starting and stopping the servers through oc-cn-helm-chart.

Setting Up Local Users and Groups for Billing Care REST API

You have the option to customize the values for oc-cn-op-job-helm-chart to create users and groups locally in Oracle WebLogic Server. This would be especially useful for test environments where you might not have Identity Providers or LDAPs available. The groups for the admin user for WebLogic Server cannot be modified using this procedure.

Any passwords must be encoded using Base64. You can leave the password blank, but then the user will not be able to log in to the application directly.

To set up local users and groups for Billing Care, define the keys under ocbc.bcws.wlsUserGroups in the override-values.yaml file for oc-cn-op-job-helm-chart. For example:

            -   name: "GroupA"
                description: "GroupA Description"
            -   name: "GroupB"
                description: "GroupB Description"
            -   name: csr1
                description: "csr1 description"
                password: "Base64_password"
                -   "GroupA"
                -   "GroupB"
            -   name: csr2
                description: "csr2 description"
                password: "Base64_password"
                -   "GroupB"

Starting and Stopping WebLogic Servers

When you install oc-cn-op-job-helm-chart, the default configuration sets up a WebLogic Cluster with five Managed Servers. When you install or upgrade oc-cn-helm-chart for the Billing Care REST API service, two of the Managed Servers and one Admin Server are started.

By modifying the override-values.yaml file for oc-cn-helm-chart, you can control:

  • The total number of Managed Servers and the initial server start up by using the totalManagedServers and initialServerCount keys.

  • Whether the servers are started or stopped by using the serverStartPolicy key. To start the Admin Servers and the Managed Servers in a Cluster, set the key to IF_NEEDED. To stop all servers, set the key to NEVER.


The keys in the override-values.yaml file should be the same as the ones used in oc-cn-op-job-helm-chart for keys that are common in both charts.

After you modify the override-values.yaml file, update the Helm release for the changes to take effect:

helm upgrade BrmReleaseName oc-cn-helm-chart --values OverrideValuesFile -n BrmNameSpace


  • BrmReleaseName is the release name for oc-cn-helm-chart and is used to track this installation instance.

  • BrmNameSpace is the namespace in which to create BRM Kubernetes objects for the BRM Helm chart.

  • OverrideValuesFile is the path to a YAML file that overrides the default configurations in the values.yaml file for oc-cn-helm-chart.