3.5 Diagnostic Commands

Use the WLST command in this section to check the status of the WSM components that are required for proper functioning of the product.

3.5.1 checkWSMStatus

Command Category: Diagnostic

Use with WLST: Online

Description

Checks the status of the OWSM components that are required for proper functioning of the product. The OWSM components that are checked are the Policy Manager (wsm-pm), the agent (agent), and the credential store and keystore configuration. The status of the components can be checked together or individually.

Note:

The Policy Manager (wsm-pm) application must be deployed and running for the check status tool to function correctly.

Syntax

checkWSMStatus([component=None],[address=None],[verbose=true])
Arguments Description

component

Optional. All checks will be performed if no value is specified. Valid options are:

  • wsm-pm—Policy Manager. Checks the configuration state of the policy manager component.

  • agent—Enforcement Agent. Checks status of end-to-end service-side enforcement through the wsm agent component. The enforcement check is specific only to the environment from which the command is run.

  • credstore—Credential Store. Checks whether the credentials are configured for the keystore password, signing, and encryption certificates in the keystore.

address

Optional. The HTTP URL of the host running the wsm-pm application. This value is required for checking enforcement through an agent component, for example,

checkWSMStatus('agent', 'http://localhost:7001')

The address is not required in the WebLogic Server domain where auto-discovery is present.

verbose

Optional. If the value of this flag is true, then the detailed messages (including stack trace, if any) will be displayed. Default is false.

Examples

In the following example, the checkWSMStatus command is run without arguments. The status of the credential store, policy manager, and enforcement agent is returned.

wls:/base_domain/serverConfig> checkWSMStatus()
 
Credential Store Configuration:
 
PASSED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials configured.
             keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                 Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
             sign-csf-key : Credentials configured.
             Sign Key : Key configured.
                 Alias - orakey
             Sign Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
             keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
                 Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
             enc-csf-key : Credentials configured.
             Encrypt Key : Key configured.
                 Alias - orakey
             Encrypt Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
 
Policy Manager:
 
 
PASSED.
        Message(s):
             OWSM Policy Manager connection state is OK.
             OWSM Policy Manager connection URL is "host.example.com:1234".
 
Enforcement Agent:
 
 
PASSED.
        Message(s):
             Enforcement is successful.
             Service URL: http://host:port/Diagnostic/DiagnosticService?wsdl

In the following example, the credential store key keystore-csf-key is deleted and the checkWSMStatus command is rerun for the credential store credstore. The status check fails because the csf-key keystore-csf-key is not present in the credential store:

wls:/base_domain/serverConfig> deleteCred(map="oracle.wsm.security", key="keystore-csf-key") 
wls:/base_domain/serverConfig> checkWSMStatus('credstore')
 
Credential Store Configuration:
 
FAILED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials not configured.
 
Credential Store Diagnostic Messages:
        Message(s):
                 The csf-key keystore-csf-key is not present in the credential store. 
 
 Perform the following steps to update the credential store (using WLST commands):-
 1. connect()
 2. createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="<keystore-password>", desc="Keystore Password CSF Key")
 NOTE:- All the above commands are based on the Domain level configurations. The actual csf key may be overridden at runtime due to config override. See Documentation for more details.

In the following example, the csf-key keystore-csf-key is configured and the checkWSMStatus command is rerun. The configuration check passes.

wls:/base_domain/serverConfig> createCred(map="oracle.wsm.security", key="keystore-csf-key", user="keystore-csf-key", password="welcome1", desc="Keystore Password CSF Key")
Already in Domain Runtime Tree
 
wls:/base_domain/serverConfig> checkWSMStatus('credstore')
 
Credential Store Configuration:
 
 
PASSED.
        Message(s):
             keystore.pass.csf.key : Property is configured and its value is "keystore-csf-key".
                 Description: The "keystore.pass.csf.key" property points to the CSF alias that is mapped to the username and password of the keystore. Only the password is used; username is redundant in the case of the keystore.
             keystore-csf-key : Credentials configured.
             keystore.sig.csf.key : Property is configured and its value is "sign-csf-key".
                 Description: The "keystore.sig.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for signing.
             sign-csf-key : Credentials configured.
             Sign Key : Key configured.
                 Alias - orakey
             Sign Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
             keystore.enc.csf.key : Property is configured and its value is "enc-csf-key".
                 Description: The "keystore.enc.csf.key" property points to the CSF alias that is mapped to the username and password of the private key that is used for decryption.
             enc-csf-key : Credentials configured.
             Encrypt Key : Key configured.
                 Alias - orakey
             Encrypt Certificate : Certificate configured.
                 Alias - CN=weblogic, OU=Orakey Test Encryption Purposes Only, O=Oracle, C=US
                 Expiry - June 28, 2020 11:17:12 AM PDT
true

The following example checks the enforcement status of the agent component at the URL http://localhost:7001.

wls:/test_domain1/serverConfig> checkWSMStatus('agent','http://localhost:7001')
 
Enforcement Agent:
 
Note: Enforcement might succeed if OWSM Policy Manager is down due to policy caching. For such scenarios wsm-pm test must be run prior to this test.
 
PASSED.
        Message(s):
             Enforcement is successful.
             Service URL: http://localhost:7001/Diagnostic/DiagnosticService?wsdl