6 Manage Security and Audit Settings

This chapter describes the set of typical tasks you need to manage security.

This chapter includes the following sections:

• Section 6.1, "Manage Security Credentials"

• Section 6.2, "Configure Audit Policies"

• Section 6.3, "Configure the Audit Store"

• Section 6.4, "Configure Application Policies"

• Section 6.5, "Configure Application Roles"

• Section 6.6, "Configure System Policies"

• Section 6.7, "Configure Credentials"

• Section 6.8, "Manage Keystores with the Keystore Service"

• Section 6.9, "Manage Certificates with the Keystore Service"

6.1 Manage Security Credentials

A credential store is the repository of security data that certify the authority of entities used by components and ADF applications. Oracle Platform Security Services includes the Credential Store, a single, consolidated service provider that applications can use to store and manage their credentials.

The steps for this process are:

1. Understand the types of credential supported by Oracle Fusion Middleware. More

2. Learn about wallet-based credential stores. More

3. Manage the credentials of a domain. How?

4. If necessary, re-associate credentials with Oracle Fusion Middleware Control. How?

6.2 Configure Audit Policies

Fusion Middleware Audit Framework is a new service in Oracle Fusion Middleware 11g. It provides a centralized audit framework for the middleware family of products. Audit settings for Java components like Oracle Platform Security Services, Oracle Web Services Manager, Oracle Web Services, and others are handled at the domain level as part of security administration.

To configure the security audit policy settings for Oracle Platform Security Services, Oracle Web Services Manager, and other components deployed in the domain, and analyze audit data:

1. Understand the benefits and features of auditing your Oracle Fusion Middleware environment. More

2. View the policy settings for the Java components deployed to the domain. How?

3. Optionally, modify the policy settings for the Java components deployed to the domain. How?

4. View and configure the policy settings for system components associated with the domain. How?

For more information about audit policies, see:

• Section 6.3, "Configure the Audit Store"

• "Configure Your Environment for Audit Reports" section in Securing Applications with Oracle Platform Security Services

6.3 Configure the Audit Store

By default, security audit data is saved in a file. It is recommended that you configure auditing to use a database store. This provides better management of the audit data. It also allows audit data to be viewed using out-of-the-box reports in Oracle Business Intelligence Publisher. The reports and Oracle Business Intelligence Publisher are both included in the bundle.

To configure a database for the audit store:

1. Verify that you have installed the audit schema in the database, using the Repository Creation Utility (RCU). How?

2. Create a Data Source using the Oracle WebLogic Server Administration Console. How?

3. View the audit store settings for the domain. How?

4. Configure the domain so it uses the database as the audit store. How?

Note:

• These steps configure the audit store for Java components only. Separate steps are needed to configure the audit store for system components. See Related Topics below for instructions.

• If a database store is configured, you can switch back to file storage using a configuration file. See Related Topics below for instructions.

To view audit reports:

1. Configure a database for the audit store as explained above.

2. Analyze the audit data that you have gathered. How?

Note:

Using the same database for Java components and system components ensures that your audit reports can display the audit records for all components together.

For more information about the audit store, see:

• "Configure the Audit Store for System Components" section in Securing Applications with Oracle Platform Security Services

• Section 6.2, "Configure Audit Policies"

• "Change from Audit Store to File" section in Securing Applications with Oracle Platform Security Services

• "Audit Store Configuration Tasks" section in Securing Applications with Oracle Platform Security Services

• "Manage File Storage" section in Securing Applications with Oracle Platform Security Services

6.4 Configure Application Policies

Use the Application Policies page to manage application policies.

For details, see Managing Application Policies.

6.5 Configure Application Roles

Use the Application Roles page to manage application roles.

For details, see Managing Application Roles.

6.6 Configure System Policies

Use the System Policies page to manage system policies.

For details, see Managing System Policies.

6.7 Configure Credentials

Use the Credentials page to manage credentials.

For details, see Managing Credentials.

6.8 Manage Keystores with the Keystore Service

Use the Keystore page to create and manage keystores using the keystore service.

You can perform the following tasks from this page:

• Create a Keystore

• Delete a Keystore

• Change Keystore Password

6.9 Manage Certificates with the Keystore Service

Use the Manage Certificates page to manage the certificates for a keystore created with the keystore service.

You can perform the following tasks from this page:

• Generate a Keypair

• Generate a Certificate Signing Request

• Export a Certificate or Trusted Certificate

• Import a Certificate or Trusted Certificate

• Delete a Certificate

• Change a Certificate Password