Billing Care Security

7 Billing Care Security

Learn how to install and implement Oracle Communications Billing Care and its components in a secure configuration.

Topics in this document:

About Installing Billing Care Securely

Before installing Billing Care, you must properly install and configure several Oracle products, including Java, Oracle WebLogic Server, and Oracle Communications Billing and Revenue Management (BRM). For Billing Care installation instructions, including all required products and related tasks, such as setting up KeyStores and SSL for WebLogic Server, see "Installing Billing Care" in Billing Care Installation Guide.

Oracle Platform Security Services (OPSS) and Oracle Identity Manager provide authentication and authorization capabilities for Billing Care. These products are also required in a Billing Care implementation. See Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite and Oracle Fusion Middleware Administrator's Guide for Oracle Platform Security Services.

Encrypting OAP Entries in Infranet.properties

If you are using Oracle Analytics Publisher for invoicing, you must add the BIP user ID, the OAP password, and the OAP URL in the Billing Care wallet. For a secure installation, you must encrypt the OAP password. You use Oracle WebLogic Server to perform the encryption. For more information, see "Storing Configuration Entries in the Billing Care Wallet".

Securing Web Cookies

A common web security problem is the stealing of Web cookies. This happens when an attacker manages to get a copy of your web cookie, generally while it is being transmitted over insecure channels such as HTTP.

You use a WebLogic Server variable to ensure that your Billing Care cookies are sent only through encrypted channels, such as SSL.

To secure your Billing Care Web cookies:

Open the BillingCare_home/setup/plan.xml file in a text editor.

where BillingCare_home is the directory in which you installed Billing Care.

Set the SECURE_COOKIE variable to true:

<variable-definition>        
   <variable>           
      <name>SECURE_COOKIE</name>           
      <value>true</value>        
   </variable>   
</variable-definition>

Add a variable assignment for SECURE_COOKIE:

<module-override>       
   <module-name>BillingCare.war</module-name>       
   <module-type>war</module-type>        
   <module-descriptor external="true">           
      <root-element>weblogic-web-app</root-element>           
      <uri>WEB-INF/weblogic.xml</uri>           
      <variable-assignment>               
         <name>SECURE_COOKIE</name>               
         <xpath>/weblogic-web-app/session-descriptor/cookie-secure</xpath>           
      </variable-assignment>        
   </module-descriptor> 
</module-override>

Save and close the file.
Log in to the Oracle WebLogic Server Administration Console.
In the Domain Structure section, click Deployments.
In the Configuration tab, select the BillingCare check box and then click Update.

The Update Application Assistant screen appears.
In Deployment plan path, click Change Path and enter the path to your Billing Care deployment file.
Click Finish.

Implementing Billing Care Security

Billing Care supports stringent authorization, authentication, and audit requirements. This section describes how to implement the security capabilities supported by Billing Care.

About Identity Management Suite

Oracle Identity Management (IDM) is a primary component for authorization and authentication. Each instance of Billing Care requires a properly configured instance of IDM to enable these functions.

For information about installing Billing Care, see Billing Care Installation Guide.

About Authentication

Billing Care supports the following security for authentication:

Authenticating Billing Care users against an LDAP-based user ID repository
Enabling Single Sign-On capabilities
Supporting user's password policies

Oracle Identity Manager manages user password policies. For more information, see Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.

About Authorization

Authorization refers to granting users privileges appropriate for their job functions while denying access to other functionality. OPSS handles all authorization tasks for Billing Care. This section provides an overview of setting up and maintaining entitlements for Billing Care plus strategies for mapping enterprise users to those entitlements.

The following terms are used in authorization:

Resource Type: Contains the action definitions, for example, AdjustmentCurrencyResourceType.
Resource: Represents a piece of functionality being secured, for example, AdjustmentResource. It must always be of a known resource type.
Action: Combined with a resource, defines operations permissible for an application's functionality, for example, AdjustmentResource and make.
Obligation: Stores transaction limits. Some operations impose transaction limits, such as the maximum payment amount. Obligations are the property of Authorization Policy.
Authorization Policy: Comprises the resources, actions, and obligations that combine to form a logical grouping, for example, an entire set of application functions for the regular CSR.
Enterprise (External) Role: Represents the job functions for the users at your company. You make OPSS aware of roles by mapping them to the Billing Care policies. If you do not map enterprise roles in the authorization policy, you must map to each user.

Billing Care includes an OPSS seed file containing all the resource types, resources, actions, and obligations and few sample authorization policies (Regular CSR, Super CSR, ReadOnly CSR, Auditor, Billing Analyst, and WriteOff).

For instructions on importing the seed file, see Oracle Fusion Middleware Administering Oracle Platform Security Services.

Note:

Unless you are customizing Billing Care, do not change the seed file.

To deploy the seed file, use the jps-config.xml file located in SDK_home\references\AuthorizationDataModel.

Figure 7-1 describes the authorization flow:

The shaded area refers to areas defined in the OPSS seed file. (You load the seed file before performing the configuration).
The lower area represents how an authorization policy is mapped to one or more resources in OPSS. A resource may have one or more actions.
The authorization policy is mapped to obligations.
The authorization policy is associated with a user (individual) or an enterprise role (function).

The authorization policy is mapped to obligations, which are listed in Table 7-2.

Any changes made in OPSS must be redeployed (or distributed).

Figure 7-1 Developing Authorization Policies for User and Enterprise Roles

Description of "Figure 7-1 Developing Authorization Policies for User and Enterprise Roles"

About Billing Care Authorization Resources

A user who does not have a resource grant is denied access to Billing Care. This behavior is targeted for deployments where a central user identity repository, storing all enterprise users, authenticates Billing Care sign-in requests. The authorization scheme allows access only to users granted resources in OPSS.

Table 7-1 shows the Billing Care Authorization Resources. Resources grant permission to perform general CSR tasks or more advanced A/R tasks.

Table 7-1 Authorization Resources

Resource Type	Resource	Actions	Description
SuperUserType	SuperUserResource	Any	Enables you to create users free of restrictions, including when the user's profile contains other resources. The only exception is the ReadOnlyType, which takes precedence over all other resource types.
ReadOnlyType	ReadOnlyResource	Any	Causes Save and Apply buttons on overlays to be displayed as read-only. Users are allowed only to read operations even if they have other resources or entitlements.
AccountResourceType	AccountResource	Make, Modify, Search, Transition, View	Make: Allows the user to create accounts. Modify: Allows the user to add, delete, or save customer contact information. Search: Allows the user to access search functionality. Transition: Enables changing the account status. View: Enables the user to view account profile and other customer information.
AdjustmentCurrencyResourceType	AdjustmentResource	Allocate, Make	Allocate: Allows the user to allocate currency adjustments. Make: Allows the user to make adjustments. Uses a policy that constrains the maximum payment amount as a function of CSRs access level. See Table 7-2 for transaction limits.
AdjustmentNonCurrencyResourceType	AdjustmentNonCurrencyResource	Make	Make: Gives noncurrency adjustments their own resource type because they cannot be allocated (unlike currency resources). Policy on the minimum and maximum noncurrency amount applies. See Table 7-2 for transaction limits.
BillResourceType	BillResource	BillNow	BillNow: Allows the user to perform Bill Now operations.
BillUnitResourceType	BillUnitResource	Add, BalanceTransfer, Delete, Modify, ModifyValidity, SetLimit	Add: Allows the user to create bill units. Allows the user to move services between bill units. BalanceTransfer: Allows the user to transfer balances to another bill unit. Delete: Reserved for future use. Modify: Allows the user to change the bill unit. ModifyValidity: Allows the user to modify the validity of noncurrency balances. SetLimit: Allows the user to set credit limit and thresholds for noncurrency resources.
CancelInstallmentResourceType	CancelInstallmentResource	Add, Cancel	Add: Allows the user to cancel an open installment. Cancel: Allows the user to undo an installment cancellation.
ChargeSharingResourceType	ChargeSharingResource	Add, Delete, Modify, AddMember, DeleteMember, ModifyMember, ModifyPriority	Add: Allows the user to create a charge sharing group. Delete: Allows the user to remove a charge sharing group. Modify: Allows the user to modify the charge sharing group. AddMember: Allows the user to add a member to a charge sharing group. DeleteMember: Allows the user to remove members from a charge sharing group. ModifyMember: Allows the user to change members in a charge sharing group. ModifyPriority: Allows the user to modify the order of priority when a member is part of multiple discount or charge sharing groups.
CollectionsResourceType	CollectionsResource	Search, Delete, AddAction, ModifyAction, Replace, Perform, Promise, Exit, Exempt, ReassignHandler, AddMember, DeleteMember	Search: Allows the user to access collections. Delete: Allows the user to delete a collection group from an owner account. AddAction: Allows the user to add a collection action on a bill unit in collections. ModifyAction: Allows the user to modify a collections action for a bill unit. Replace: Allows the user to replace a scenario with another scenario in collections. Perform: Allows the user to perform collections actions. Promise: Allows the user to manage promise-to-pay agreements in collections. Exit: Allows the user to exit a bill unit of an account from collections. Exempt: Allows the user to exempt a bill unit from collections. ReassignHandler: Gives the user the collections manager role. It allows the user to assign collections agents to bill units in collections. AddMember: Allows the user to add members to a collections group. DeleteMember: Allows the user to delete members from a collections group.
ConfigurationsArtifactsType	ConfigurationArtifactsResource	View	View: Allows the user to read all configuration-related REST APIs (for example, authorization profiles).
CustomerDepositResourceType	CustomerDepositResource	Add, View	Add: Allows the user to add and create deposits for a customer. View: Allows the user to view your customers' deposit.
DeferredActionResourceType	DeferredActionResource	Edit, Delete, Execute	Edit: Allows the user to modify a deferred action. Delete: Allows the user to remove a deferred action. Execute: Allows the user to run a deferred action.
DepositPaymentResourceType	DepositPaymentResource	Add	Add: Allows the user to accept and enter deposit payments for your customers.
DepositRefundResourceType	DepositRefundResource	Add, View	Add: Allows the user to refund deposits to your customers. View: Allows the user to view deposit refunds.
DepositReleaseResourceType	DepositReleaseResource	Add	Add: Allows the user to release deposits back to customers.
DepositResourceType	DepositResource	View	View: Allows the user to view customer deposits.
DepositReversalResourceType	DepositReversalResource	Add	Add: Allows the user to perform deposit reversals.
DepositSpecProfileResourceType	DepositSpecProfileResource	Add, View, Modify	Add: Allows the user to create deposit specification profiles. View: Allows the user to view deposit specification profiles. Modify: Allows the user to modify deposit specification profiles.
DepositSpecResourceType	DepositSpecResource	Add, View, Modify, Delete	Add: Allows the user to create deposit specifications. View: Allows the user to view deposit specifications. Modify: Allows the user to modify deposit specifications. Delete: Allows the user to delete deposit specifications.
DepositTransactionResourceType	DepositTransactionResource	View	View: Allows the user to view all transactions that have been performed on an account.
DepositTransferResourceType	DepositTransferResource	Add	Add: Allows the user to transfer a deposit to another account.
DiscountSharingResourceType	DiscountSharingResource	Add, Delete, Modify, AddMember, DeleteMember, ModifyMember, ModifyPriority	Add: Allows the user to create a discount sharing group. Delete: Allows the user to remove a discount sharing group. Modify: Allows the user to change the member details in a discount sharing group. AddMember: Allows the user to add a member to a discount sharing group. DeleteMember: Allows the user to delete members from a discount sharing group. ModifyMember: Allows the user to change members in a discount sharing group. ModifyPriority: Allows the user to modify the order of priority when a member is part of multiple discount sharing groups.
DisputeResourceType	DisputeResource	Raise, Settle	Raise: Allows the user to raise bill and item-level and event-level disputes. Settle: Allows the user to settle bill and item-level disputes. Policy on the maximum dispute amount applies. See Table 7-2 for transaction limits.
InstallmentProposalResourceType	InstallmentProposalResource	Add	Add: Allows the user to add installment proposals.
InstallmentResourceType	InstallmentResource	View	View: Allows the user to view a customer's individual installments.
InstallmentScheduleResourceType	InstallmentScheduleResource	Add, View	Add: Allows the user to add an installment schedule. View: Allows the user to view a customer's installment schedules.
InstallmentScheduleSpecResourceType	InstallmentScheduleSpecResource	Add, View, Modify	Add: Allows the user to add installment schedule specifications. View: Allows the user to view installment schedule specifications. Modify: Allows the user to modify installment schedule specifications.
InvoiceImageType	InvoiceImageResource	View	View: Allows the user to view invoices.
LoanResourceType	LoanResource	ApplyLoan	ApplyLoan: Allows the user to perform a loan for customers.
NoteResourceType	NoteResource	Comment	Comment: Allows the user to add comments to notes.
NotificationEventResourceType	NotificationEventResource	View	View: Allows the user to view notification events.
NotificationResourceType	NotificationResource	View	View: Allows the user to view notifications.
NotificationSpecResourceType	NotificationSpecResource	Add, View, Modify	Add: Allows the user to create a notification specification. View: Allows the user to view notifications specifications. Modify: Allows the user to change notification specifications.
PaymentMethodResourceType	PaymentMethodResource	Add, Delete, Modify	Add: Allows the user to add payment methods. Delete: Allows the user to delete payment methods. Modify: Allows the user to change payment methods.
PaymentResourceType	PaymentResource	Allocate, Audit, BatchProcess, Make, ReassignHandler, Reverse, SuspenseAccess, SuspenseAllocate, SuspenseMake, SuspenseMove, SuspenseReverse	Allocate: Allows the user to allocate payments. Audit: Allows the user to view audit information in the Payment Details dialog box. (Audit information in the Payment Suspense screen is always visible). BatchProcess: Displays the Batch Payment button on the landing page. Make: Allows the user to make payments. ReassignHandler: Allows the user to assign an authorized handler to manage suspended payments. Reverse: Allows the user to reverse payments. SuspenseAccess: Allows the user to access the Payment Suspense button on the landing page. SuspenseAllocate: Allows the user to allocate suspended payments partially or fully to an account. SuspenseMake: Allows the user to make suspended payments. SuspenseMove: Allows the user to move posted payments into suspended status. SuspenseReverse: Allows the user to reverse suspended payments. Returned as an obligation; OPSS returns a number, which is interpreted as a limit. See Table 7-2 for transaction limits.
ProfileResourceType	ProfileResource	View, Add, Delete, Modify	View: Allows the user to view an account's profile. Add: Allows the user to create an account profile. Delete: Allows the user to remove an account profile. Modify: Allows the user to change an account profile.
ProfileSharingResourceType	ProfileSharingResource	Add, Delete, Modify, AddMember, DeleteMember, ModifyMember	Add: Allows the user to create a profile sharing group. Delete: Allows the user to remove a user from a profile sharing group. Modify: Allows the user to change the member details in a profile sharing group. AddMember: Allows the user to change the member details in a profile sharing group. DeleteMember: Allows the user to remove a member from a profile sharing group. ModifyMember: Allows the user to modify members in a profile sharing group.
RefundResourceType	RefundResource	Make	Make: Allows the user to perform account-level and bill unit-level refunds.
RequestInfoResourceType	RequestInfoResource	Add, View, Delete	Use this resource to help record failed REST requests, along with their headers and payloads, in the BRM database. Add: Allows the user or client application to use the Billing Care REST API to record failed requests. View: Allows the user or client application to use the Billing Care REST API to retrieve failed REST API requests. Delete: Allows the user or client to use the Billing Care REST API to delete failed REST API requests.
ServiceResourceType	ServiceResource	Cancel, Edit, Inactivate, Make, Reactivate, OfferInactivate, OfferTerminate, OfferReactivate, Terminate, Associate, EditOfferCustomization	Cancel: Allows the user to cancel services. Edit: Gives the user access to the Asset Details page. Inactivate: Allows the user to inactivate services. Make: Allows the user to access the Select and Configure pages of the customer creation wizard. It also exposes the Purchase button. OfferInactivate: Allows the user to inactivate product and discount offers. OfferReactivate: Allows the user to reactivate product and discount offers. OfferTerminate: Allows the user to terminate product and discount offers. Reactivate: Allows the user to reactivate services. Terminate: Allows the user to terminate services. Associate: Allows the user to search and associate devices. EditOfferCustomization: Allows the user to modify rate customizations.
SubscriptionResourceType	SubscriptionResource	Transit	Transit: Allows the user to transition packages or bundles.
TaxExemptionResourceType	TaxExemptionResource	Add, Delete, Modify	Add: Allows the user to add tax exemptions whether account has or does not have prior tax exemptions. Delete: Allows the user to delete tax exemptions. Modify: Allows the user to save changes to tax exemption attributes.
WriteoffResourceType	WriteoffResource	Make	Make: Allows the user to write off accounts, bills, and items. Policy on the minimum and maximum write-off amount applies. See Table 7-2 for transaction limits.

Policies on Transaction Limits

Some of the resources listed in Table 7-1 work in combination with transaction limits. For example, a CSR can be authorized to make adjustments but not over a certain amount. System administrators must configure the limits with OPSS.

Table 7-2 lists the attributes that require system administrators to configure transaction limits (values).

Table 7-2 Listing of Transaction Limits (Obligations)

Attribute	Type
Maximum Currency Adjustment Amount	Integer
Minimum Currency Adjustment Amount	Integer
Maximum Noncurrency Adjustment Amount	Integer
Minimum Noncurrency Adjustment Amount	Integer
Maximum Payment Amount	Integer
Maximum Dispute Amount (applies to settle as well)	Integer
Maximum Write-off Amount	Integer
Maximum Refund Issues Amount	Integer
Maximum Refund Settle Amount	Integer

About Auditing

The BRM server software handles auditing of Billing Care activities. The BRM event notification framework captures the audit trail records inside the /user_activity storable class. Each audit trail record links the activity with its creator, date, and time. In the audit trail, the identity of the person creating the record is the user name entered in Billing Care at sign-in.

To capture new activity in the audit trail, include the event corresponding to the relevant activity using the pin_notify file in BRM. The same instructions apply when excluding events from the audit trail.

Table 7-3 lists all activities preserved in BRM by default. The list is from the /config/pin_notify storable class. You can add to or delete from this list.

Table 7-3 Audited List from /config/pin_notify

Task	BRM Event Name (Activity)
Account creation	/event/notification/account/create
Subscription purchase	/event/billing/product/action/purchase
Subscription modification	/event/billing/product/action/modify
Subscription cancellation	/event/billing/product/action/cancel
Updates to bill info (for example, BDOM [billing day of month], billing frequency, accounting type changes)	/event/customer/billinfo/modify
Event adjustment	/event/billing/adjustment/event
Item adjustment	/event/billing/adjustment/item
Account adjustment	/event/billing/adjustment/account
Top up	/event/billing/vouchertopup
Dispute issue	/event/billing/dispute
Dispute settled	/event/billing/settlement/event
Refund	/event/billing/refund
Write-off operation	/event/billing/writeoff
Payment	/event/billing/payment
Credit limit changes	/event/billing/limit, /event/billing/credit
Bill Now	/event/notification/billing/start
Charge sharing group life-cycle operations	/event/group/sharing/charges/create /event/group/sharing/charges/modify /event/group/sharing/charges/delete
Discount sharing group life-cycle operations	/event/group/sharing/discounts/create /event/group/sharing/discounts/modify /event/group/sharing/discounts/delete
Profile (for example, Friends and Family) life-cycle operations	/event/group/sharing/profiles/create /event/group/sharing/profiles/modify /event/group/sharing/profiles/delete
Credit Monitors life-cycle operations	/event/group/sharing/monitor/modify /event/group/sharing/monitor/delete /event/group/sharing/profiles/delete
Account hierarchy operations	/event/group/parent /event/group/member

For information on logging events, including changing the events logged, see "Logging CSR Activity Events" in BRM System Administrator's Guide.

Developing Secure Applications for Billing Care

To develop secure applications for Billing Care or extend Billing Care without compromising security, you must control users' access to resources by:

Adding security controls over new UI features.
Controlling who can access REST services and the limitations of that access.

When users sign in, Billing Care calls OPSS and then OPSS provides authorization if appropriate. Additionally, OPSS determines the restraints or obligations of the authorization.

The developer needs to create a web project in Netbeans for the Billing Care custom REST APIs.

Creating a Resource Type with OPSS

To develop secured custom REST APIs or UIs, you need OPSS resource types for authorization. For more information, see "Importing the Billing Care Security Policies to OPSS" in Billing Care Installation Guide.

About REST API Authorization

To control the access of custom REST services and operations to authenticated users, define resource types in OPSS as described in "Creating a Resource Type with OPSS".

In custom REST resource operations that require authorization, call EnforcementUtil.checkAccess() by passing the required subject, applicationName, action, resourceType, resource, Error, and optional UIRequestValue objects as parameters.

UIRequestValue parameters are optional and are used for handling obligations.

For more information, see "Performing Authorization on the REST Framework" in Billing Care SDK Guide.

About UI Authorization

After a user successfully signs in to Billing Care, it fetches the grants of all resources and sets it into the global variable authorizationJSON.

When opening a page or dialog box, Billing Care gets the grants of resources through the available authorization custom-bindings and then applies the bindings in the respective view model or overlay view model.

For more information, see "Performing Authorization on the UI" in Billing Care SDK Guide.

Adding New Resource Types

To add new resource types:

In the CustomConfigurations.xml file, add the new OPSS resource types:

In this example, the new resource type CreditProfileResourceType is added.

Note:

Do not change key values.

<keyvals>
  <key>authorizationResourceTypes/key>
  <value>CreditProfileResourceType</value>
    <desc>Add comma separated OPSS Resource Types(values)for authorization.
          Also these resource types must be defined in OPSS.
          Do not change the keys here.
    </desc>
</keyvals>

Redeploy the customization.

For more information, see "Packaging and Deploying Customizations" in Billing Care SDK Guide.

Storing Billing Care Passwords in Oracle Wallet

By default, the Billing Care installer stores sensitive information such as passwords in the Oracle wallet, and the Billing Care application retrieves the passwords from the Oracle wallet. However, if the passwords are also stored in configuration files, the Billing Care application retrieves the passwords from the configuration files. The Billing Care application automatically decrypts the encrypted passwords when retrieving them from the configuration files.

By default, passwords in configuration files are encrypted in the Oracle ZT PKI format. For more information, see "Encrypting Data" in BRM Developer's Guide.

Note:

To encrypt passwords that are associated with customizations, use the pin_crypt_app utility. For details, see "About Encrypting Passwords" in BRM Developer's Guide.

Storing Configuration Entries in the Billing Care Wallet

To store a configuration entry for the Billing Care wallet:

Go to the SDK_home/BillingCareSDK/samples/Wallet directory, where SDK_home is the Billing Care SDK installation directory.

Do one of the following:

On Linux, run the following command:

java -cp '.:oraclepkiLocation:osdtCertLocation:osdtCoreLocation:cetLocation:'com.portal.cet.ConfigEditor -setconf -wallet clientWalletLocation -parameter configEntry -value value

where:

oraclepkiLocation is the path to the oraclepki.jar file which contains the APIs that are required for the wallet.oraclepki.jar is stored in the SDK_home/BillingCareSDK/samples/Wallet directory.
osdtCertLocation is the path to the osdt_cert.jar file, which contains the JARs that are used by the JAVA PCM library for establishing a TLS connection to BRM. The osdt_cert.jar file is stored in the SDK_home/BillingCareSDK/samples/Wallet directory.
osdtCoreLocation is the path to the osdt_core.jar file, which contains the JARs that are used by the JAVA PCM library for establishing a TLS connection to BRM. The osdt_core.jar file is stored in the SDK_home/BillingCareSDK/samples/Wallet directory.
cetLocation is the cet.jar file, which contains the APIs that are required for the wallet. The cet.jar file is stored in the SDK_home/BillingCareSDK/samples/Wallet directory.
clientWalletLocation is the path to the Billing Care wallet.
configEntry is the configuration entry in the Billing Care wallet.
value is the appropriate value for the respective entry in the Billing Care wallet.

For example, running the following command with the -value parameter stores the infranet.log.level as 1 in the Billing Care wallet. If the value exists in the wallet, it will be overwritten:

java -cp '.:oraclepki.jar:osdt_cert.jar:osdt_core.jar:cet.jar:'com.portal.cet.ConfigEditor  -setconf -wallet "/scratch/pin11/wallet" -parameter infranet.log.level -value 1

If you run the command without the -value parameter, it prompts for the values for the infranet.connection entries and stores them in the Billing Care wallet. At the command prompt, enter the values listed in Table 7-4.

Table 7-4 BRM Connection Information

Field	Description
User Name	The user name for connecting to BRM.
Password	The BRM user's password.
Host Name	The IP address or the host name of the machine on which the primary BRM Connection Manager (CM) or CM Master Process (CMMP) are running.
Port Number	The TCP port number of the CM or CMMP on the host computer.
Service Type	The BRM service type.
Service POID Id	The POID of the BRM service.

On Windows, run the following command:

java -cp ".;oraclepkiLocation:osdtCertLocation:osdtCoreLocation:cetLocation" com.portal.cet.ConfigEditor -setconf -wallet clientWalletLocation -parameter configEntry -value value

For example, running the following command with the -value parameter stores the infranet.log.level as 1 in the Billing Care wallet:

java -cp ".;C:\Program Files (x86)\Portal Software\BillingCare\lib\oraclepki.jar;C:\Program Files (x86)\Portal Software\BillingCare\lib\osdt_cert.jar;C:\Program Files (x86)\Portal Software\BillingCare\lib\osdt_core.jar;C:\Program Files (x86)\Portal Software\BillingCare\lib\cet.jar" com.portal.cet.ConfigEditor  -setconf -wallet "C:\Program Files (x86)\Portal Software\BillingCare\wallet\client" -parameter infranet.log.level -value 1

Enter the Billing Care client wallet password.

The value is stored in the Billing Care wallet.

For retrieving stored configuration entries, see "About Oracle Wallet" in BRM System Administrator's Guide.