A OPSS Configuration File Reference
jps-config.xml
and jps-config-jse.xml
configuration files, typically located in the $DOMAIN_HOME/config/fmwconfig
directory.This appendix includes the following sections:
See also:
- First and Second Hierarchy Levels
- Third and Lower Hierarchy Levels
- <description>
- <extendedProperty>
- <extendedPropertySet>
- <extendedPropertySetRef>
- <extendedPropertySets>
- <jpsConfig>
- <jpsContext>
- <jpsContexts>
- <name>
- <property>
- <propertySet>
- <propertySetRef>
- <propertySets>
- <serviceInstance>
- <serviceInstanceRef>
- <serviceInstances>
- <serviceProvider>
- <serviceProviders>
- <value>
- <values>
First and Second Hierarchy Levels
The specifications in the OPSS configuration file apply to an entire domain, that is, to all Managed Servers and applications deployed in the domain.
The top element in the jps-config.xml
file is the jpsConfig
element. It contains the following second-level elements:
-
<property>
-
<propertySets>
-
<extendedProperty>
-
<serviceProviders>
-
<serviceInstances>
-
<jpsContexts>
Table A-1 describes the function of these elements. The annotations between curly braces{
}
indicate the number of occurrences the element is allowed. For example, {0 or more}
indicates that the element can occur 0 or more times; {1}
indicates that the element must occur once.
Table A-1 First- and Second-Level Elements in jps-config.xml
Elements | Description |
---|---|
<jpsConfig> {1} |
Defines the top-level element in the configuration file. |
<property> {0 or more} |
Defines names and values of properties. It can also appear elsewhere in the hierarchy, such as under |
<propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more} |
Groups one or more |
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} |
Defines a property that has multiple values. It can also appear elsewhere in the hierarchy, such as under the elements extendedProperty and serviceInstance. |
<extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more} |
Groups one or more |
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more} |
Groups one or more |
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more} |
Groups one or more |
<jpsContexts> {1} <jpsContext> {1 or more} <serviceInstanceRef> {1 or more} |
Groups one or more |
Parent topic: OPSS Configuration File Reference
Third and Lower Hierarchy Levels
This section describes, in alphabetical order, the complete set of elements that can occur under the elements described in the First and Second Hierarchy Levels.
Parent topic: OPSS Configuration File Reference
<description>
This element describes the corresponding entity (a service instance or service provider).
Parent Elements
Child Element
None.
Occurrence
<description>
can be a child of <serviceInstance> or <serviceProvider>.
-
As a child of <serviceInstance>:
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
-
As a child of <serviceProvider>:
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
Example
The following example illustrates a description:
<serviceProvider ... > <description>file IdStore Provider</description> ... </serviceProvider>
Parent topic: OPSS Configuration File Reference
<extendedProperty>
This element defines an extended property in the following locations:
-
Directly under <jpsConfig>, it defines an extended property for general use. It can specify, for example, all the base DNs in LDAP authentication providers.
-
Directly under <extendedPropertySet>, it defines an extended property set.
-
Directly under <serviceInstance>, it defines an extended property for a particular service instance.
An extended property includes multiple values. Use a <value> element to specify each value. Several LDAP identity store properties are in this category, such as the specification of the following values:
-
Object classes used for creating user objects
-
Attribute names that must be specified when you create a user
-
Base DNs for searching users
Parent Elements
Occurrence
<extendedProperty>
can be a child of <extendedPropertySet>, <jpsConfig>, or <serviceInstance>.
-
As a child of <extendedPropertySet>:
<extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more}
-
As a child of <jpsConfig>:
<jpsConfig> <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
-
As a child of <serviceInstance>:
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
Example
The following example sets a single value:
<extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=us,dc=oracle,dc=com</value> </values> </extendedProperty>
Parent topic: OPSS Configuration File Reference
<extendedPropertySet>
This element defines a set of extended properties. The extended property set can then be referenced by an <extendedPropertySetRef>
element to specify the given properties as part of the configuration of a service instance.
Attributes
Name | Description |
---|---|
|
Designates a name for the extended property set. No two Values: string Default: n/a (required) |
Parent Element
Child Element
Occurrence
Required within <extendedPropertySets>, one or more:
<extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more}
Parent topic: OPSS Configuration File Reference
<extendedPropertySetRef>
This element configures a service instance by referring to an extended property set defined elsewhere in the file.
Attributes
Name | Description |
---|---|
|
Refers to an extended property set whose extended properties are used for the service instance defined in the <serviceInstance> parent element. The Values: string Default: n/a (required) |
Parent Element
Child Element
None.
Occurrence
Optional, zero or more.
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
Parent topic: OPSS Configuration File Reference
<extendedPropertySets>
This element specifies a set of properties.
Parent Element
Child Element
Occurrence
Optional, zero or one.
<jpsConfig> <extendedPropertySets> {0 or 1} <extendedPropertySet> {1 or more} <extendedProperty> {1 or more} <name> {1} <values> {1} <value> {1 or more}
Parent topic: OPSS Configuration File Reference
<jpsConfig>
This is the root element of a configuration file.
Parent Element
None.
Child Elements
<extendedProperty>, <extendedPropertySets>, <jpsContexts>, <property>, <propertySets>, <serviceInstances>, or <serviceProviders>
Occurrence
Required, one only.
Example
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1"> ... </jpsConfig>
Parent topic: OPSS Configuration File Reference
<jpsContext>
This element declares an OPSS context, a collection of service instances common to a domain, either by referring to a set of service instances that comprise the context. Each <jspContext>
must have a unique name.
Attributes
Name | Description |
---|---|
|
The name for the OPSS context. Contexts must have a unique names. Values: string Default: n/a (required) |
Parent Element
Child Element
Occurrence
There must be at least one <jpsContext>
element under <jpsContexts>. A <jpsContext>
element contains the <serviceInstanceRef> element.
<jpsContexts> {1} <jpsContext> {1 or more} <serviceInstanceRef> {1 or more}
Example
The following example illustrates the definition of two contexts. The first one, named default
, is the default context (specified by the attribute default
in <jpsContexts>), and it references several service instances by name.
The second one, named anonymous
, is used for unauthenticated users, and it references the anonymous
and anonymous.loginmodule
service instances.
<serviceInstances> ... <serviceInstance provider="credstoressp" name="credstore"> <description>File Based Default Credential Store Instance</description> <property name="location" value="${oracle.instance}/config/JpsDataStore/JpsSystemStore"/> </serviceInstance> ... <serviceInstance provider="anonymous.provider" name="anonymous"> <property value="anonymous" name="anonymous.user.name"/> <property value="anonymous-role" name="anonymous.role.name"/> </serviceInstance> ... <serviceInstance provider="jaas.login.provider" name="anonymous.loginmodule"> <description>Anonymous Login Module</description> <property value="oracle.security.jps.internal.jaas.module.anonymous.AnonymousLoginModule" name="loginModuleClassName"/> <property value="REQUIRED" name="jaas.login.controlFlag"/> </serviceInstance> ... </serviceInstances> ... <jpsContexts default="default"> ... <jpsContext name="default"> <!-- This is the default JPS context. All the mandatory services and Login Modules must be configured in this default context --> <serviceInstanceRef ref="credstore"/> <serviceInstanceRef ref="idstore.xml"/> <serviceInstanceRef ref="policystore.xml"/> <serviceInstanceRef ref="idstore.loginmodule"/> <serviceInstanceRef ref="idm"/> </jpsContext> <jpsContext name="anonymous"> <serviceInstanceRef ref="anonymous"/> <serviceInstanceRef ref="anonymous.loginmodule"/> </jpsContext> ... </jpsContexts>
Parent topic: OPSS Configuration File Reference
<jpsContexts>
This element specifies a set of contexts.
Attributes
Name | Description |
---|---|
|
Specifies the context used by an application if none is specified. The Values: string Default: n/a (required) The default context must configure all services and login modules. |
Parent Element
Child Element
Parent topic: OPSS Configuration File Reference
<name>
This element specifies the name of an extended property.
Parent Element
Child Element
None
Occurrence
Required, one only.
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
Parent topic: OPSS Configuration File Reference
<property>
This element defines a property in the following scenarios:
Table A-2 Scenarios for <property>
Location in jps-config.xml | Function |
---|---|
Directly under <jpsConfig> |
Defines a one-value property for general use. |
Directly under <propertySet> |
Defines a property set with multiple values. |
Directly under <serviceInstance> |
Defines a property for use by a particular service instance. |
Directly under <serviceProvider> |
Defines a property for use by all service instances of a particular service provider. |
For a list of properties, see OPSS System and Configuration Properties.
Attributes
Name | Description |
---|---|
|
Specifies the name of the property being set. Values: string Default: n/a (required) |
|
Specifies the value of the property being set. Values: string Default: n/a (required) |
Parent Elements
<jpsConfig>, <propertySet>, <serviceInstance>, or <serviceProvider>
Child Element
None.
Occurrence
Under a<propertySet>
, it is required, one or more. Otherwise, it is optional, zero or more.
-
As a child of <jpsConfig>:
<jpsConfig> <property> {0 or more}
-
As a child of <propertySet>:
<propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more}
-
As a child of <serviceInstance>:
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
-
As a child of <serviceProvider>:
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
Example
The following example illustrates a property to disable Java Authorization and Authentication Services (JAAS) mode for authorization:
<jpsConfig ... > ... <property name="oracle.security.jps.jaas.mode" value="off"/> ... </jpsConfig>
For additional examples, see <propertySet> and <serviceInstance>.
Parent topic: OPSS Configuration File Reference
<propertySet>
This element defines a set of properties. Each property set has a name so that it can be referenced by a <propertySetRef> element to include the properties as part of the configuration of a service instance.
Attributes
Name | Description |
---|---|
|
Designates a name for the property set. No two Values: string Default: n/a (required) |
Parent Element
Child Element
Occurrence
Required within a<propertySets>
, one or more
<propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more}
Example
<propertySets> ... <!-- For property that points to valid Access SDK installation directory --> <propertySet name="access.sdk.properties"> <property name="access.sdk.install.path" value="$ACCESS_SDK_HOME"/> </propertySet> ... </propertySets> <serviceInstances> ... <serviceInstance provider="jaas.login.provider" name="oam.loginmodule"> <description>OAM Login Module</description> <property value="oracle.security.jps.internal.jaas.module.oam.OAMLoginModule" name="loginModuleClassName"/> <property value="REQUIRED" name="jaas.login.controlFlag"/> <propertySetRef ref="access.sdk.properties"/> </serviceInstance> ... </serviceInstances>
Parent topic: OPSS Configuration File Reference
<propertySetRef>
This element configures a service instance by referring to a property set defined elsewhere in the file.
Attributes
Name | Description |
---|---|
|
Refers to a property set whose properties are used by the service instance defined in the <serviceInstance> parent element. The Values: string Default: n/a (required) |
Parent Element
Child Element
None.
Occurrence
Optional, zero or more.
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
Parent topic: OPSS Configuration File Reference
<propertySets>
This element specifies a set of property sets.
Parent Element
Child Element
Occurrence
Optional. If present, then there can be only one <propertySets>
element.
<jpsConfig> <propertySets> {0 or 1} <propertySet> {1 or more} <property> {1 or more}
Parent topic: OPSS Configuration File Reference
<serviceInstance>
This element defines an instance of a service provider, such as an identity store instance or login module instance.
Each provider instance specifies the name of the instance, used to refer to the provider within the configuration file and, possibly, the properties of the instance. Properties include the location of the instance and can be specified directly, within the instance element itself, or indirectly, by referencing a property or a property set. To change the properties of a service instance, use the procedure explained in Configuring Services with Scripts
Set properties and extended properties of a service instance in the following ways:
-
Set properties directly with <property> subelements.
-
Set extended properties directly with <extendedProperty> subelements.
-
Refer to previously defined sets of properties with <propertySetRef> subelements.
-
Refer to previously defined sets of extended properties with <extendedPropertySetRef> subelements.
Attributes
Name | Description |
---|---|
|
Designates a name for this service instance. No two Values: string Default: n/a (required) |
|
Indicates which service provider this is an instance of. The Values: string Default: n/a (required) |
Parent Element
Child Elements
<description>, <extendedProperty>, <extendedPropertySetRef>, <property>, or <propertySetRef>
Occurrence
Required within <serviceInstances>
, one or more.
<serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
Examples
- Example 1
-
The following example illustrates the configuration of a file identity store that uses the
location
property to specify the file location:<serviceInstances> <serviceInstance name="idstore.xml" provider="idstore.xml.provider"> <!-- Subscriber name must be defined for file Identity Store --> <property name="subscriber.name" value="jazn.com"/> <!-- This is the location of file Identity Store --> <property name="location" value="./system-jazn-data.xml"/> </serviceInstance> ... </serviceInstances>
- Example 2
-
The following example illustrates the configuration a credential store. It uses the
location
property to set the location of the credential store.<serviceInstances> <serviceInstance provider="credstoressp" name="credstore"> <description>File Based Default Credential Store Instance</description> <property name="location" value="${oracle.instance}/config/JpsDataStore/JpsSystemStore" /> </serviceInstance> ... </serviceInstances>
- Example 3
-
The following example illustrates the configuration of an LDAP identity store:
<serviceInstance name="idstore.oid" provider="idstore.ldap.provider"> <property name="subscriber.name" value="dc=us,dc=oracle,dc=com"/> <property name="idstore.type" value="OID"/> <property name="security.principal.key" value="ldap.credentials"/> <property name="security.principal.alias" value="JPS"/> <property name="ldap.url" value="ldap://myServerName.com:389"/> <extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=us,dc=oracle,dc=com</value> </values> </extendedProperty> <extendedProperty> <name>group.search.bases</name> <values> <value>cn=groups,dc=us,dc=oracle,dc=com</value> </values> </extendedProperty> <property name="username.attr" value="uid"/> <property name="groupname.attr" value="cn"/> </serviceInstance>
- Example 4
-
The following example illustrates the configuration of an audit provider:
<serviceInstances> <serviceInstance name="audit" provider="audit.provider"> <property name="audit.filterPreset" value="Low"/> <property name="audit.specialUsers" value ="admin, fmwadmin" /> <property name="audit.customEvents" value ="JPS:CheckAuthorization, CreateCredential, OIF:UserLogin"/> <property name="audit.loader.jndi" value="jdbc/AuditDB"/> <property name="audit.loader.interval" value="15" /> <property name="audit.maxFileSize" value="10240" /> <property name=" audit.loader.repositoryType " value="Db" /> </serviceInstance> </serviceInstances>
- Example 5
-
The following example illustrates the configuration of a login module:
<serviceInstance name="user.authentication.loginmodule" provider="jaas.login.provider"> <description>User Authentication Login Module</description> <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule"/> <property name="jaas.login.controlFlag" value="REQUIRED"/> <property name="enable.anonymous" value="true"/> <property name="remove.anonymous.role" value="false"/> </serviceInstance>
See Also:
-
<serviceProvider>, for related examples defining service providers referenced here.
-
<jpsContext>, for a corresponding example of <serviceInstanceRef>.
Parent topic: OPSS Configuration File Reference
<serviceInstanceRef>
This element refers to service instances.
Attributes
Name | Description |
---|---|
|
Refers to a service instance that are part of the context defined in the <jpsContext> parent element. The Values: string Default: n/a (required) |
Parent Element
Child Element
None
Occurrence
Required within a <jpsContext>, one or more.
<jpsContexts> {1} <jpsContext> {1 or more} <serviceInstanceRef> {1 or more}
Parent topic: OPSS Configuration File Reference
<serviceInstances>
This element is the parent of a <serviceInstance> element.
Parent Element
Child Element
Occurrence
Optional, zero or one.
<jpsConfig> <serviceInstances> {0 or 1} <serviceInstance> {1 or more} <description> {0 or 1} <property> {0 or more} <propertySetRef> {0 or more} <extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more} <extendedPropertySetRef> {0 or more}
Parent topic: OPSS Configuration File Reference
<serviceProvider>
This element defines a service provider. Each provider specifies the type of the provider, such as credential store, authentication, policy, or login module, and the Java class that implements to use when the provider is created. Furthermore, the element property
specifies settings used to instantiate the provider.
It specifies the following data:
-
The type of service provider (specified in the type attribute)
-
A designated name of the service provider (referenced in each
<serviceInstance>
element that defines an instance of this service provider) -
The class that implements this service provider and is instantiated for instances of this service provider
-
Optionally, properties that are generic to any instances of this service provider
Attributes
Name | Description |
---|---|
|
Specifies the type of service provider being declared. Valid types are the following:
The implementation class more specifically defines the type of provider. Values: any valid type. Default: n/a (required) |
|
Designates a name for this service provider. This name is referenced in the Values: string Default: n/a (required) |
|
Specifies the fully qualified name of the Java class that implements this service provider instantiated when the service provider is created. Values: string Default: n/a (required) |
Parent Element
Child Elements
Occurrence
Required within the <serviceProviders> element, one or more.
<serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
Examples
The following example illustrates the specification of a login module:
<serviceProviders> <serviceProvider type="LOGIN" name="jaas.login.provider" class="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider"> <description>This is Jaas Login Service Provider and is used to configure login module service instances</description> </serviceProvider> </serviceProviders>
The following example illustrates the definition of a provider:
<serviceProviders> <serviceProvider name="audit.provider" type="AUDIT" class="oracle.security.jps.internal.audit.AuditProvider"> </serviceProvider> </serviceProviders>
See <serviceInstance> for other examples.
Parent topic: OPSS Configuration File Reference
<serviceProviders>
This element specifies a set of service providers.
Parent Element
Child Element
Occurrence
Optional, one only.
<jpsConfig> <serviceProviders> {0 or 1} <serviceProvider> {1 or more} <description> {0 or 1} <property> {0 or more}
Parent topic: OPSS Configuration File Reference
<value>
This element specifies a value of an extended property, which can have multiple values. Each <value>
element specifies one value.
Parent Element
Child Element
None.
Occurrence
Required within <values>, one or more.
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
Parent topic: OPSS Configuration File Reference
<values>
This element is the parent element of a <value> element.
Parent Element
Child Element
Occurrence
Required within <extendedProperty>
, one only.
<extendedProperty> {0 or more} <name> {1} <values> {1} <value> {1 or more}
Parent topic: OPSS Configuration File Reference