It contains the following sections:
Application security administration is an iterative process that incudes the following main tasks:
Packaging and deploying applications
Managing application roles and users
Managing application and system policies
Managing application credentials
Managing application keys and certificates
To administer security, use any of the following tools:
Fusion Middleware Control
WebLogic Scripting Tool (WLST)
Oracle Entitlements Server (OES)
The tool you use depends on the type of data and the kind of store.
OPSS does not support automatic backup or recovery of server files. It is recommended that all server configuration files be periodically backed up. For information about backup, see Introduction to Backup and Recovery in Administering Oracle Fusion Middleware.
Users and Groups
If a domain uses the WebLogic Server Default Authenticator to store identities, then use WebLogic Server Administration Console to manage the stored data. This data can be accessed by the User and Role API to query user profile attributes or to insert additional attributes to users or groups.
If your domain uses the Default Authenticator, then the Administration Server must be running for an application to access identity data with the User and Role API. Otherwise, if it uses an LDAP server different from the Default Authenticator, then use the utilities of that LDAP server to manage users and groups.
Policies, Credentials, Keys, and Certificates
WebLogic Server Administration Console, for identities.
WLST, for keys and certificates.
Changes to policies, credentials, or keys do not require server restart. Changes to the
jps-config.xml file require server restart.
Getting Started Managing Oracle Fusion Middleware in Administering Oracle Fusion Middleware
This section addresses only OPSS security-related operations. For other security administrative operations, see WebLogic Server Security in Administering Oracle WebLogic Server with Fusion Middleware Control.
Use Oracle Enterprise Manager Fusion Middleware Control (Fusion Middleware Control):
Post-installation and before you deploy the application to reassociate the security store.
Post-installation and before you deploy the application to define OPSS properties.
At application deployment, to configure the automatic migration of application policies and credentials to the security store.
Manage application policies.
Manage users and groups.
Specify the mapping from application roles to users, groups, and application roles.
Manage system policies for the domain.
Manage OPSS properties for the domain.
Use WebLogic Server Administration Console to:
Start and stop WebLogic servers.
Configure WebLogic servers and domains.
Configure failover support.
Enable single sign-on in Microsoft clients, Web browsers, and HTTP clients.
Manage administrative users and administrative policies.
Configuring Existing WebLogic Domains in Understanding the WebLogic Scripting Tool
Understanding WebLogic Server Deployment in Deploying Applications to Oracle WebLogic Server
Failover and Replication in a Cluster in Administering Clusters for Oracle WebLogic Server
Starting and Stopping Servers in Administering Server Startup and Shutdown for Oracle WebLogic Server
Secure servers and resources in Oracle WebLogic Server Administration Console Online Help
All security configuration tasks you do with WebLogic Server Administration Console, you can also do with WLST, including domain configuration and application deployment.
A Java Virtual Machine (JVM) instance points to at most one
jps-config.xml file. All WLST commands called within the instance use the configuration file first obtained, regardless of the configuration location passed to subsequent commands.
Search application roles and the role hierarchy.
Manage application policies and the role hierarchy.
View the role hierarchy.
Manage application role mappings.
For information about OES, see Introduction to Oracle Entitlements Server in Administering Oracle Entitlements Server.