Thursday, June 5, 2014

Creation of OES SM (Security Module) instance

    The requirements for creating an OES SM instance depend on the type of SM that you create. Detailing the configuration settings for each type of SM is beyond the scope of this tutorial. For this reason, you will focus on creating a WebLogic SM because it is one of the most common SM types.
    When creating a WebLogic SM instance, consider these points:
    1. The SM configuration file (often referred to as the SMConfig file) contains the configuration used to set up the OES SM aspect of the configuration. It provides the policy distribution, policy decision, and policy enforcement points.
    2. The WebLogic domain is the application server used to deploy your applications. When creating an OES WebLogic SM, you run WebLogic Configuration Wizard as part of the process.
    3. Although WebLogic Configuration Wizard runs automatically, you must select one of the following SM options. This tutorial shows you how to create a non-JRF WebLogic SM.
      • Non-JRF WebLogic SM
      • JRF WebLogic SM
      • Web Service SM on WebLogic
      • Oracle Service Bus (OSB) SM on WebLogic
      • Other options for Managed Servers
     

    Configuring the SMConfig Properties File

      You create all OES SMs by using the SMConfigTool. This tool uses a configuration file called SMConfig, which contains the settings used to configure an SM instance. This section guides you through configuring an SM and running the SMConfigTool to create a WebLogic SM instance and domain.
      In a terminal window, navigate to the OES folder that contains sample SMConfig files, copy the smconfig.prp file to a new file named wls_smconfig.prp, and open the new file for editing:
      cd $MW_HOME/oes_client/oessm/SMConfigTool
      cp smconfig.prp wls_smconfig.prp
      gedit wls_smconfig.prp &
      Use the following table to change the settings in the file:
      Property
      Value
      Purpose
      oracle.security.jps.runtime.pd.client.
      policyDistributionMode
      controlled-push
      Sets the distribution mode for how the SM obtains its OES policy set
      oracle.security.jps.runtime.pd.client.
      RegistrationServerHost
      localhost
      The host of the OES Administration Server that is used for registering the SM instance with the Administration side.
      oracle.security.jps.runtime.pd.client.
      RegistrationServerPort
      7002
      The SSL port of the OES Administration Server that is used for registering the SM instance with the Administration side.
      oracle.security.jps.policystore.type
      DB_ORACLE
      Specifies the repository type used for the OES security store. OES policies and related artifacts are stored in this store.
      oracle.security.jps.farm.name
      cn=oes_admin
      Defines the root distinguished name (RDN) format of the domain node in the LDAP policy store. This name matches the domain name used when the OES Administration Server was created. If the name does not match, policy distribution does not work properly, and the policy set does not work.
      oracle.security.jps.ldap.root.name
      cn=jpsroot
      Defines the top (root) entry of the LDAP policy store directory information tree (DIT).
      oracle.security.jps.pd.clientPort
      8002
      The SSL port used by the SM instance for policy distribution in a controlled-push distribution model.
      oracle.security.jps.runtime.pd.client.
      sm_name
      people
      The name of the SMConfigID that correlates a policy set defined in an application to a particular SM instance. This ID is configured within the OES Administration console and is bound to the People application that contains the policy used for this tutorial.


      Save and close the file.
     

    Running the SMConfigTool

      After the SMConfig file is ready, you run the SMConfigTool, which reads the SMConfig file and some parameters for instructions about creating your SM instance.
      In a terminal window, execute the following steps to create a WebLogic SM instance by using the OES SMConfigTool:
      • Navigate to the OES SM Client bin folder:

        cd ../bin
      • Execute the SMConfigTool as follows to create the SM instance and invoke the WebLogic domain Configuration Wizard:

        ./config.sh -smConfigId people -smType wls -onWLS -serverLocation $WL_HOME -prpFileName ../SMConfigTool/wls_smconfig.prp

        First, this creates an SM instance in the $MW_HOME/oes_client/oes_sm_instances folder called people. The first thing you must know about a WebLogic SM is that the files in this folder are mainly ignored and are not used by your WebLogic domain. The files for your domain are created for this type of SM in the$DOMAIN_HOME/config/oeswlssmconfig folder. Each server configured for the domain will have a folder that matches its server name within this folder. Each folder contains the OES SM configuration for that particular server. In this case, there will be only an AdminServer folder because you are creating a single server domain.
      • Welcome: Select "Create a new WebLogic domain" and click Next.
      • Select Domain Source: Select Oracle Entitlements Server WebLogic Security Module - 11.1.1.0 [oes_client] and click Next.
      • Specify Domain Name and Location: Enter the values listed in the following table and then click Next:
        FieldValue
        Domain name:mydomain
        Domain location:/u01/app/oracle/fmw/user_projects/domains

      • Configure Administrator User Name and Password: Enter weblogic as the user name and welcome1 as the password, and click Next.
      • Configure Server Start Mode and JDK: Leave all default values, and click Next.
      • Select Optional Configuration: Select Administration Server and click Next.
      • Configure the Administration Server: Enter the values listed in the following table and then click Next:
        FieldValue
        Listen Port:8001
        Enable SSL:True
        SSL Listen Port:8002

      • Configuration Summary: Click Create.
      • Creating Domain: Click Done.
      Now that you have created your domain, you can start it and deploy an application to it for testing.

No comments:

Post a Comment

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...