Go to main content
1/45
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documentation
Conventions
What's New in This Guide
Changes in This Document for Release 12.2.1.2.0
Changes in This Document for Release 12.2.1.1.0
New Features in Release 12.2.1.0.0
Part I Understanding Security Concepts
1
Introduction to Oracle Platform Security Services
1.1
What Is OPSS?
1.1.1
OPSS Main Features
1.1.2
Supported Server Platforms
1.2
OPSS Architecture Overview
1.2.1
Benefits of Using OPSS
1.3
OPSS for Developers
1.3.1
About Java EE Application Security
1.3.2
About Java SE Application Security
1.4
ADF Security Overview
1.4.1
Oracle ADF Application Security
2
Understanding Users and Roles
2.1
Terminology
2.2
Role Mapping
2.2.1
Permission Inheritance and the Role Hierarchy
2.2.1.1
Role Hierarchy Example
2.3
About the Role Category
2.4
About the Authenticated Role
2.5
About the Anonymous User and Role
2.6
About Administrative Users and Roles
2.7
Managing User Accounts
3
Understanding Identities, Policies, Credentials, Keys, Certificates, and Audit
3.1
Compatibility Table for 11g and 12c Versions
3.2
Authentication Basics
3.2.1
WebLogic Server Authentication Providers
3.2.1.1
Support for Multiple Authentication Providers
3.2.1.2
Additional Authentication Methods
3.2.2
Identity Store Types and WebLogic Server Authentication Providers
3.3
Policies Basics
3.4
Credentials Basics
3.5
Keys and Certificates Basics
3.6
Audit Basics
4
About the Security Store
4.1
Supported File, LDAP, and Database Stores
4.2
Packaging Requirements
4.3
FIPS Support in OPSS
Part II Basic OPSS Administration
5
Security Administration
5.1
OPSS Administration: Main Steps
5.2
Security Management Tools
5.3
Security Practices with Fusion Middleware Control
5.4
Security Practices with WebLogic Server Administration Console
5.4.1
Security Practices with WLST
5.5
Security Practices with OES
6
Deploying Secure Applications
6.1
Developing Oracle ADF Applications
6.2
Choosing the Tool for Deployment
6.2.1
Deploying Secure Applications with Fusion Middleware Control
6.3
Deploying Oracle ADF Applications to a New Environment
6.3.1
Deploying to a Test Environment
6.3.1.1
Typical Administrative Tasks after Deployment
6.4
Deploying Standard Java EE Applications
6.5
Deploying Audit-Aware Applications
6.6
Migrating from a Test to a Production Environment
6.6.1
Migrating Identities
6.6.1.1
Migrating Identities with migrateSecurityStore
6.6.2
Migrating Policies and Credentials
6.6.2.1
Migrating Policies with migrateSecurityStore
6.6.2.2
Migrating Credentials with migrateSecurityStore
6.6.3
Migrating Audit Data
6.6.4
Migrating Keys and Certificates with migrateSecurityStore
6.6.4.1
Migrating Keys and Certificates in the Same Domain
6.6.4.2
Migrating Keys and Certificates across Different Domains
Part III OPSS Services
7
Life Cycle of Security Artifacts
7.1
How Security Artifacts Are Seeded
7.2
About Fusion Middleware Domains
7.3
Creating Fusion Middleware Domains
7.3.1
Using a New Database Instance
7.3.2
Sharing a Database Instance
7.4
Layered Component Security Artifacts
7.5
Upgrading Security to 12.2.1.
x
7.5.1
Before Upgrading the Security Store
7.5.2
Upgrading Security: Main Steps
7.5.3
Reconfiguring Domains with the Fusion Middleware Reconfiguration Wizard
7.5.4
Upgrading a Shared Security Store
7.5.4.1
Upgrading a Shared 12.1.2 or 12.1.3 Security Store
7.5.4.2
Upgrading a Shared 11g Security Store
7.6
Backing Up and Recovering the Security Store
7.6.1
Backing Up and Recovering a Database-Based Security Store
7.6.2
Backing Up and Recovering LDAP Security Stores
7.6.3
Recommendations
7.7
Upgrading Component Audit Definitions to 12c
8
Configuring the Identity Store
8.1
About the Identity Store
8.2
Configuring the Identity Store Provider
8.3
Configuring the Identity Store
8.3.1
Identity Store Parameters
8.3.1.1
Query Parameters
8.3.1.2
Global Connection Parameters
8.3.1.3
Back-End Connection Parameters
8.3.2
Understanding the Service Configuration
8.3.2.1
Configuring the Service for a Single LDAP
8.3.2.2
Configuring the Service for Multiple LDAPs without Virtualization
8.3.2.3
Configuring the Service for Multiple LDAPs with Fusion Middleware Control
8.3.2.4
Configuring the Service with WLST
8.3.2.5
Configuring the Timeout Setting with WLST
8.3.2.6
Configuring Other Parameters
8.3.2.7
Restarting Servers
8.3.2.8
Configuring Single and Multiple LDAPs
8.3.3
Configuring Split Profiles
8.3.4
Configuring Custom Authentication Providers
8.3.5
Configuring Virtualization in Java SE Applications
8.4
Querying the Identity Store Programmatically
8.5
Configuring SSL for the Identity Store
9
Configuring the Security Store
9.1
About the Security Store
9.1.1
Environments with Multiple Servers
9.2
Using an LDAP Security Store
9.2.1
Prerequisites to Using the LDAP Security Store
9.2.2
Resetting the LDAP User Password
9.3
Using a Database Security Store
9.3.1
Prerequisites to Using the Database Security Store
9.3.2
Maintaining a Database Security Store
9.3.3
Resetting the OPSS Schema Password
9.3.4
Setting Up an SSL Connection to the Database Security Store
9.4
Reassociating the Security Store
9.4.1
Reassociating the Security Store with Fusion Middleware Control
9.4.1.1
Securing Access to LDAP Nodes
9.4.2
Reassociating the Security Store with reassociateSecurityStore
9.5
Migrating the Security Store
9.5.1
Migrating the Security Store with Fusion Middleware Control
9.5.2
Migrating the Security Store with migrateSecurityStore
9.5.2.1
Migrating All Policies with migrateSecurityStore
9.5.2.2
Migrating System Policies with migrateSecurityStore
9.5.2.3
Migrating Application Policies with migrateSecurityStore
9.5.2.4
Migrating All Credentials with migrateSecurityStore
9.5.2.5
Migrating One Credential Map with migrateSecurityStore
9.5.2.6
Migrating Audit Data with migrateSecurityStore
9.5.2.7
migrateSecurityStore Usage Examples
9.6
Configuring Security Providers with Fusion Middleware Control
10
Managing Policies
10.1
Determining the Security Store Characteristics
10.2
Managing the Policy Store
10.3
Managing Policies with Fusion Middleware Control
10.3.1
Managing Application Policies
10.3.2
Managing Application Roles
10.3.3
Managing System Policies
10.4
Managing Policies with WLST
10.4.1
reassociateSecurityStore
10.5
Refreshing the Policy Cache
10.5.1
Authorization Scenarios Using Policy Refreshing
10.6
Principals and Roles in WLST Commands
10.7
Application Stripe in WLST Commands
10.8
Managing Application Policies with OES
11
Managing Credentials
11.1
Credential Types
11.2
Encrypting Credentials
11.3
Managing Credentials with Fusion Middleware Control
11.4
Managing Credentials with WLST
12
Managing Keys and Certificates
12.1
About the Keystore Service
12.1.1
Structure of the Keystore Service
12.1.2
Types of Keystores
12.1.3
The Truststore
12.2
About Keystore Service Commands
12.2.1
Getting Help for Keystore Service Commands
12.2.2
Keystore Service Command Reference
12.3
Managing Keystores with Fusion Middleware Control
12.4
Managing Keystores with WLST
12.5
About Certificates
12.6
Managing Certificates with Fusion Middleware Control
12.7
Managing Certificates with WLST
12.8
Replacing Demonstration CA Signed Certificates
12.8.1
Replacing Demo CA Certificates With Domain CA Signed Certificates
12.8.2
Replacing Demo CA Certificates With Third-Party CA Signed Certificates
12.8.3
Replacing the Demo CA Trust Service Certificate
12.9
How Fusion Middleware Components Use the Keystore Service
12.9.1
Synchronizing the Local Keystore with the Security Store
12.9.1.1
syncKeyStores Usage
12.9.1.2
When to Synchronize the Keystores
13
Introduction to Oracle Fusion Middleware Audit Framework
13.1
What Are the Audit Objectives?
13.2
Audit Terminology
13.3
About Auditing with Oracle Fusion Middleware Audit Framework
13.3.1
Overview of Oracle Fusion Middleware Audit Framework
13.3.2
About Components and Applications
13.4
Understanding Audit
13.4.1
The Audit Model
13.4.2
About the Audit Store
13.4.3
How Audit Data Is Stored
13.4.4
About the Oracle Fusion Middleware Audit Framework
13.4.5
Audit Setup: Main Steps
13.4.6
Understanding the Runtime Audit Event Flow
13.5
About Audit Attributes, Events, and Event Categories
13.5.1
Audit Attribute Groups
13.5.1.1
About Generic Attribute Groups
13.5.1.2
About Custom Attribute Groups
13.5.1.3
About Audit Attribute Data Types
13.5.2
Audit Events and Event Categories
13.5.2.1
About System Categories and Events
13.5.2.2
About Component and Application Categories
13.5.3
Audit Artifact Naming Requirements
13.6
About Audit Definition Files
13.6.1
About the component_events.xml File
13.7
About Mapping and Version Rules
13.7.1
What Are Version Numbers?
13.7.2
About Custom Attribute to Database Column Mappings
14
Managing Audit
14.1
Audit Administration Tasks
14.2
Managing the Audit Store
14.2.1
About Audit Data Sources
14.2.2
Managing Bus-Stop Files
14.2.3
Configuring Standalone Audit Loader
14.2.3.1
Configuring the Environment
14.2.3.2
Running Standalone Audit Loader
14.3
Managing Audit Policies
14.3.1
Managing Audit Policies with Fusion Middleware Control
14.3.2
Managing Audit Policies with WLST
14.3.2.1
Viewing Audit Policies with WLST Commands
14.3.2.2
Updating Audit Policies with WLST Commands
14.3.2.3
Configuring Audit Policies Example
14.3.2.4
Configuring Audit Events Example
14.3.2.5
What Happens to Custom Configuration when the Audit Level Changes?
14.3.3
Managing Audit Policies Programmatically
14.4
Understanding Audit Time Stamps
14.5
About Audit Logs and Bus-stop Files
14.6
Audit Database Administration
14.6.1
Overview of the Audit Schema
14.6.2
Base and Component Table Attributes
14.6.3
Tuning Performance
14.6.4
Planning Backup and Recovery
14.6.5
Importing and Exporting Data
14.6.6
Purging Data
14.6.7
Partitioning
14.6.8
Performing Tiered Archival
14.6.9
Creating Indexes on Custom Table Attributes Using Materialized Views
14.7
Best Practices for Audit Event Definitions
14.7.1
Guidelines for Naming Events
14.7.2
Differentiating Events
14.7.3
Event Categorization
14.7.4
Use of Generic Attributes
14.7.5
Use of Component Attributes
14.7.6
Guidelines for Linking Across Components
14.7.7
Updating Event Definitions
15
Using Audit Analysis and Reporting
15.1
About Audit Reporting
15.2
Audit Reporting with the Dynamic Metadata Model
15.2.1
Audit Views Created at Registration
15.2.2
Manually Created Audit Views
Part IV Developing with OPSS APIs
16
Integrating Application Security with OPSS
16.1
About Security Challenges
16.2
Security Integration Use Cases
16.2.1
Authentication
16.2.1.1
Java EE Application Requiring Authenticated Users
16.2.1.2
Java EE Application Requiring Programmatic Authentication
16.2.1.3
Java SE Application Requiring Authentication
16.2.2
Identities
16.2.2.1
Application Running in Two Environments
16.2.2.2
Application Accessing User Profiles in Multiple Stores
16.2.3
Authorization
16.2.3.1
Java EE Application Accessible by Specific Roles
16.2.3.2
Oracle ADF Application Requiring Fine-Grained Authorization
16.2.3.3
Application Securing Web Services
16.2.3.4
Java EE Application Requiring Codesource Permissions
16.2.3.5
Non-Oracle ADF Application Requiring Fine-Grained Authorization
16.2.4
Credentials
16.2.4.1
Application Requiring Credentials to Access System
16.2.5
Audit
16.2.5.1
Auditing Security-Related Activity
16.2.5.2
Auditing Business-Related Activity
16.2.6
Identity Propagation
16.2.6.1
Propagating the Executing User Identity
16.2.6.2
Propagating a User Identity
16.2.6.3
Propagating Identities Across Domains
16.2.6.4
Propagating Identities over HTTP
16.2.7
Administration and Management
16.2.7.1
Application Requiring a Centralized Store
16.2.7.2
Application Requiring a Custom Management Tool
16.2.7.3
Application Running in a Multiple Server Environment
16.2.8
Integration
16.3
The OPSS Trust Service
16.4
Propagating Identities over HTTP
16.5
Propagating Identities with the OPSS Trust Service
16.5.1
Propagating Identities Across Multiple WebLogic Server Domains
16.5.1.1
Token Generation on the Client-Side Domain
16.5.1.2
Server Side or Token Validation Domain
16.5.2
Propagating Identities Across Containers in a Single WebLogic Server Domain
16.5.3
Trust Provider Properties
16.6
Implementing a Custom Graphical User Interface
16.6.1
Imports Assumed
16.6.2
Query Identity Store Example
16.6.3
Create Role Example
16.6.4
Query Roles Example
16.6.5
Map Roles Example
16.6.6
Get Roles that Contain a User Example
16.6.7
Delete Role Mapping Example
16.7
Securing Oracle ADF Applications
16.7.1
Developing Phase
16.7.2
Deployment Phase
16.7.3
Administration Phase
16.7.4
Summary of Tasks per Participant per Phase
16.8
Code and Configuration Examples
16.8.1
Programming Examples
16.8.2
Configuration Examples
16.9
Propagating Identities with JKS
16.9.1
Single Domain Scenario
16.9.1.1
Create the Client Application
16.9.1.2
Configure the Keystore
16.9.1.3
Configure Maps and Keys
16.9.1.4
Configure a Grant
16.9.1.5
Create the Java Servlet
16.9.1.6
Configure web.xml
16.9.1.7
Configure the Asserter
16.9.1.8
Update Trust Parameters
16.9.2
Multiple Domain Scenario
16.9.3
Domains Using Both Protocols
16.9.3.1
Single Domain Scenario
16.9.3.2
Multiple Domain Scenario
17
The Security Model
17.1
About the OPSS Authorization and Policy Models
17.2
Authorization Models
17.2.1
The Java EE Authorization Model
17.2.1.1
Declarative Authorization
17.2.1.2
Programmatic Authorization
17.2.1.3
Java EE Application Example
17.2.2
The JAAS Authorization Model
17.3
The JAAS/OPSS Authorization Model
17.3.1
The Resource Catalog
17.3.2
Managing Policies
17.3.3
Checking Policies Programmatically
17.3.3.1
Using checkPermission
17.3.3.2
Using doAs and doAsPrivileged
17.3.3.3
Using checkBulkAuthorization
17.3.3.4
Using getGrantedResources
17.3.4
The Class ResourcePermission
18
Developing with the Credential Store Framework
18.1
About the Credential Store Framework API
18.2
Guidelines for Using the Credential Store Framework API
18.3
About Map and Key Names
18.4
Provisioning Access Permissions
18.4.1
Permission to Access a Key Example
18.4.2
Permission to Access a Map Example
18.5
Using the Credential Store Framework API
18.5.1
Using the Credential Store Framework API in Java SE Applications
18.5.2
Using the Credential Store Framework API in Java EE Applications
18.6
Credential Store Framework API Examples
18.6.1
Credential Store Framework Operations Example
18.6.2
Java SE Application with File Credentials Example
18.6.3
Java EE Application with File Credentials Example
18.6.4
Java EE Application with LDAP Store Example
18.6.5
Java EE Application with DB Store Example
19
Developing with the User and Role API
19.1
About the User and Role API
19.1.1
Authentication Providers and the User and Role API
19.2
Working with Service Providers
19.2.1
Setting Up the Environment
19.2.2
Choosing the Provider Repository
19.2.3
Creating the Provider Instance
19.2.4
Configuring the Provider Start-Time and Runtime Properties
19.2.4.1
Configuring Start-Time and Runtime
19.2.4.2
Enabling Execution Context ID
19.2.5
Configuring the Provider when Creating a Factory Instance
19.2.5.1
Configuring Common Properties
19.2.5.2
Configuring Constants, Number of Connections, and Pool Connection
19.2.6
Configuring the Provider when Creating a Store Instance
19.2.7
Configuring the Provider at Runtime
19.2.8
Programming Guidelines
19.2.8.1
Switching Providers
19.2.8.2
Using Identity Store Objects
19.2.9
The Provider's Lifetime
19.3
Searching the Identity Store
19.3.1
Searching for a Specific Identity
19.3.2
Searching for Multiple Identities
19.3.3
Using Search Filters
19.3.3.1
Filter Operators
19.3.3.2
Filter for Logged-In User and Role
19.3.3.3
Filters Examples
19.4
Creating and Modifying Entries in the Identity Store
19.4.1
Creating Identities and Roles
19.4.2
Modifying an Identity
19.4.3
Deleting an Identity
19.5
User and Role API Examples
19.5.1
Searching Users Example
19.5.2
Managing Users Example
19.6
Configuring SSL for LDAP Providers
19.6.1
Setting Up SSL to Providers
19.6.2
Customizing SSL to Providers
20
Developing with the Identity Governance Framework
20.1
About the Identity Governance Framework
20.1.1
Identity Directory API Overview
20.2
About the Identity Directory API Configuration
20.3
Using the Identity Directory API
20.3.1
Initializing and Obtaining the Identity Directory Handle
20.3.2
Creating and Deleting a User
20.3.3
Obtaining and Modifying a User
20.3.4
Simple and Complex User Search
20.3.5
Creating and Deleting a Group
20.3.6
Obtaining a Group
20.3.7
Group Search Filter
20.3.8
Adding and Deleting a Member to a Group
20.4
Configuring SSL Using the Identity Directory API
21
Developing with the Keystore Service
21.1
About the Keystore Service API
21.2
Setting Policy Permissions
21.2.1
Permission for a Keystore Example
21.2.2
Permission for a Map Example
21.2.3
Permission for a Key Alias Example
21.3
Using the Keystore Service API in Java EE Applications
21.4
Using the Keystore Service API in Java SE Applications
21.5
Keystore Service API Examples
21.5.1
Keystore Service Management Example
21.5.2
Reading Keys at Runtime Example
21.5.2.1
Getting a Handle to the Keystore
21.5.2.2
Accessing Keystore Artifacts - Method 1
21.5.2.3
Accessing Keystore Artifacts - Method 2
22
Developing with Oracle Fusion Middleware Audit Framework
22.1
Integrating Applications with the Oracle Fusion Middleware Audit Framework
22.2
Creating Audit Definition Files
22.2.1
The component-events.xml File
22.2.2
Translation Files
22.3
Registering the Application with the Service
22.3.1
Performing Declarative Audit Registration
22.3.1.1
Application Audit Registration
22.3.1.2
Custom Audit Registration
22.3.2
Programmatic Registration
22.3.3
Registering with WLST Commands
22.3.4
Using Domain Extension Templates for Audit Artifacts
22.4
Managing Policies Programmatically
22.4.1
Querying Audit Data
22.4.2
Viewing and Setting Audit Policies
22.5
Logging Audit Events Programmatically
22.5.1
Oracle Fusion Middleware Audit Framework Interfaces
22.5.2
Setting System Grants
22.5.3
Obtaining the Auditor Instance
22.6
Updating and Maintaining Audit Definitions
23
Configuring Java EE Applications to Use OPSS
23.1
About Authentication in Java EE Applications
23.2
Developing Authentication in Java EE Applications
23.3
Configuring the Filter and the Interceptor
23.3.1
Setting the Application Stripe
23.3.2
Setting Application Role Support
23.3.3
Setting the Anonymous User and Role
23.3.4
Setting Authenticated Role Support
23.3.5
Setting JAAS Mode
23.3.6
Interceptor Configuration Requirements
23.3.7
Summary of Filter and Interceptor Parameters
23.4
Choosing the Appropriate Class for Enterprise Groups and Users
23.5
Packaging a Java EE Application Manually
23.5.1
Packaging Policies with the Application
23.5.2
Packaging Credentials with the Application
23.6
Configuring Java EE Applications to Use OPSS
23.6.1
Controlling Policy Migration
23.6.1.1
jps.policystore.migration
23.6.1.2
jps.policystore.applicationid
23.6.1.3
jps.apppolicy.idstoreartifact.migration
23.6.1.4
jps.policystore.removal
23.6.1.5
jps.policystore.migration.validate.principal
23.6.1.6
JpsApplicationLifecycleListener
23.6.2
Configuring Policy Migration According to Behavior
23.6.2.1
Recommendations
23.6.2.2
Skipping Migrating Policies
23.6.2.3
Migrating Merging Policies
23.6.2.4
Migrating Overwriting Policies
23.6.2.5
Removing or Not Removing Policies
23.6.2.6
Migrating Policies in a Static Deployment
23.6.3
Using File Credential Stores
23.6.4
Controlling Credential Migration
23.6.4.1
jps.credstore.migration
23.6.5
Configuring Credential Migration According to Behavior
23.6.5.1
Skipping Migrating Credentials
23.6.5.2
Migrating Merging Credentials
23.6.5.3
Migrating Overwriting Credentials
23.6.6
Using Supported Permission Classes
23.6.6.1
Security Store Permission Class
23.6.6.2
Credential Store Permission Class
23.6.6.3
Generic Permission Class
23.6.7
Specifying Bootstrap Credentials Manually
24
Configuring Java SE Applications to Use OPSS
24.1
Using OPSS in Java SE Applications
24.1.1
The JpsStartup Class
24.1.1.1
JpsStartup.start States
24.1.1.2
JpsStartup Constructor
24.1.1.3
JpsStartup runtime Options
24.1.1.4
OPSS Starting Examples
24.2
Implementing Security Services in Java SE Applications
24.3
Authentication in Java SE Applications
24.3.1
Configuring the LDAP Identity Store in Java SE Applications
24.3.2
Using Login Modules in Java Applications
24.3.2.1
The User Authentication Login Module
24.3.2.2
The User Assertion Login Module
24.3.2.3
The Identity Store Login Module
24.3.2.4
The Asserted User
24.3.3
Using the Login Modules in Java SE Applications
24.4
Authorization in Java SE Applications
24.4.1
Configuring Policy and Credential File Stores
24.4.2
Configuring Policy and Credential LDAP Stores
24.4.3
Configuring DB Security Stores
24.4.4
File Store Unsupported Methods
24.5
Audit in Java SE Applications
24.5.1
About Audit in Java SE Applications
24.5.2
Configuring the Audit Bus-stop Directory
24.5.3
Configuring Audit Loaders
24.5.4
Common Audit Scenarios in Java SE Applications
24.5.4.1
Audit with a Collocated WebLogic Server
24.5.4.2
Audit Without a Collocated WebLogic Server
Part V Appendixes
A
OPSS Configuration File Reference
A.1
First and Second Hierarchy Levels
A.2
Third and Lower Hierarchy Levels
<description>
<extendedProperty>
<extendedPropertySet>
<extendedPropertySetRef>
<extendedPropertySets>
<jpsConfig>
<jpsContext>
<jpsContexts>
<name>
<property>
<propertySet>
<propertySetRef>
<propertySets>
<serviceInstance>
<serviceInstanceRef>
<serviceInstances>
<serviceProvider>
<serviceProviders>
<value>
<values>
B
File Store References
B.1
File Store Hierarchy
B.2
File Store Elements and Attributes
<actions>
<actions-delimiter>
<app-role>
<app-roles>
<application>
<applications>
<attribute>
<class>
<codesource>
<credentials>
<description>
<display-name>
<extended-attributes>
<grant>
<grantee>
<guid>
<jazn-data>
<jazn-policy>
<jazn-realm>
<matcher-class>
<member>
<member-resource>
<member-resources>
<members>
<name>
<owner>
<owners>
<permission>
<permissions>
<permission-set>
<permission-sets>
<policy-store>
<principal>
<principals>
<provider-name>
<realm>
<resource>
<resources>
<resource-name>
<resource-type>
<resource-types>
<role>
<role-categories>
<role-category>
<role-name-ref>
<roles>
<type>
<type-name-ref>
<uniquename>
<url>
<user>
<users>
<value>
<values>
C
Oracle Fusion Middleware Audit Framework Reference
C.1
Audit Events
C.1.1
What Components Can Be Audited?
C.1.2
System Categories and Events
C.1.3
OPSS Event Attributes
C.2
The Audit Schema
C.3
Audit Filter Expression Syntax
C.4
Naming and Logging Audit Files
D
User and Role API Reference
D.1
Mapping User Attributes to LDAP Directories
D.2
Mapping Role Attributes to LDAP Directories
D.3
Default Configuration Parameters
E
Administration with Scripts and MBeans
E.1
Configuring Services with Scripts
E.2
Configuring Services with MBeans
E.2.1
Supported OPSS MBeans
E.2.2
Using OPSS MBeans
E.2.3
Programming with OPSS MBeans
E.3
Restricting Access to MBeans
E.3.1
Annotation Examples
E.3.2
Mapping Logical Roles to Enterprise Groups
E.3.3
Particular Access Restrictions
F
OPSS System and Configuration Properties
F.1
OPSS System Properties
F.2
OPSS Configuration Properties
F.2.1
Properties Common to OPSS Services
F.2.2
Policy Service Properties
F.2.2.1
Policy Service Configuration
F.2.2.2
Runtime Policy Configuration
F.2.3
Credential Service Properties
F.2.4
LDAP Identity Properties
F.2.5
Properties Common to All LDAP Servers
F.2.6
Trust Service Properties
F.2.7
Audit Service Properties
F.2.8
Keystore Service Properties
F.2.9
Anonymous and Authenticated Roles Properties
G
OPSS API References
G.1
OPSS API References
H
Using an OpenLDAP Identity Store
H.1
Using an OpenLDAP Identity Store
I
Adapter Configuration for Identity Virtualization
I.1
About Split Profiles
I.2
Configuring Split Profiles
I.3
Implementing Split Profiles
I.4
Logging Identity Virtualization Library
J
Troubleshooting OPSS
J.1
The OPSS Diagnostic Framework
J.2
Diagnosing Security Errors
J.2.1
About OPSS Loggers
J.2.1.1
About Diagnostic Log Files
J.2.1.2
Offline WLST Loggers
J.2.2
Loggers by Service
J.2.2.1
Logging Authorization
J.2.2.2
Logging Audit
J.2.2.3
Logging the User and Role API
J.2.2.4
Logging Other Components
J.2.3
System Properties
J.2.4
Understanding Log Entries
J.3
Troubleshooting Reassociation and Migration
J.3.1
Reassociation Failure
J.3.2
Unsupported Schema
J.3.3
Missing Policies in Reassociated Security Store
J.3.4
Migration Failure
J.4
Troubleshooting Server Starting
J.4.1
Missing Required LDAP Authentication Provider
J.4.2
Missing Administrator Account
J.4.3
Missing Permission
J.4.4
Server Fails to Start
J.4.5
Other Server Start Issues
J.4.6
Permission Failure Before Server Starts
J.5
Troubleshooting Permissions
J.5.1
Troubleshooting System Policy Failures
J.5.2
Failure to Get Permissions - Case Mismatch
J.5.3
Authorization Check Failure
J.5.4
User Gets Unexpected Permissions
J.5.5
Granting Permissions in Java SE Applications
J.5.6
Application Policies Not Seen in 12c HA Domain
J.6
Troubleshooting Connections and Access
J.6.1
Database Connection Exception
J.6.2
Other Database Exceptions
J.6.3
JNDI Connection Exception
J.6.4
Failure to Connect to the Embedded LDAP Server
J.6.5
Failure to Connect to LDAP Server
J.6.6
Failure to Access Data in the Credential Store
J.6.7
Security Access Control Exception
J.6.8
Failure to Establish an Anonymous SSL Connection
J.7
Oracle Business Intelligence Publisher Time Zone
J.8
Troubleshooting Searching
J.8.1
Search Failure when Matching Attribute in Security Store
J.8.2
Search Failure with an Unknown Host Exception
J.9
Troubleshooting Versions
J.9.1
Incompatible Versions of Binaries and Security Store
J.9.2
Incompatible Versions of Security Stores
J.10
Troubleshooting Other Errors
J.10.1
Runtime Permission Check Failure
J.10.2
Tablespace Needs Resizing
J.10.3
Oracle Internet Directory Exception
J.10.4
User and Role API Failure
J.10.5
Characters in Policies
J.10.5.1
Special Characters in Oracle Internet Directory 10.1.4.3
J.10.5.2
Characters in File Security Stores
J.10.5.3
Characters in Application Role Names
J.10.5.4
Missing Newline Characters in File Store
J.10.6
Invalid Key Size
J.11
Need Further Help?
Scripting on this page enhances content navigation, but does not change the content in any way.