Creation of OES SM (Security Module) instance

The requirements for creating an OES SM instance depend on the type of SM that you create. Detailing the configuration settings for each type of SM is beyond the scope of this tutorial. For this reason, you will focus on creating a WebLogic SM because it is one of the most common SM types.
When creating a WebLogic SM instance, consider these points:

1. The SM configuration file (often referred to as the SMConfig file) contains the configuration used to set up the OES SM aspect of the configuration. It provides the policy distribution, policy decision, and policy enforcement points.
2. The WebLogic domain is the application server used to deploy your applications. When creating an OES WebLogic SM, you run WebLogic Configuration Wizard as part of the process.
3. Although WebLogic Configuration Wizard runs automatically, you must select one of the following SM options. This tutorial shows you how to create a non-JRF WebLogic SM.
   • Non-JRF WebLogic SM
   • JRF WebLogic SM
   • Web Service SM on WebLogic
   • Oracle Service Bus (OSB) SM on WebLogic
   • Other options for Managed Servers
 

Configuring the SMConfig Properties File

You create all OES SMs by using the SMConfigTool. This tool uses a configuration file called SMConfig, which contains the settings used to configure an SM instance. This section guides you through configuring an SM and running the SMConfigTool to create a WebLogic SM instance and domain.


In a terminal window, navigate to the OES folder that contains sample SMConfig files, copy the smconfig.prp file to a new file named wls_smconfig.prp, and open the new file for editing:
$ cd $MW_HOME/oes_client/oessm/SMConfigTool
$ cp smconfig.prp wls_smconfig.prp
$ gedit wls_smconfig.prp &

Use the following table to change the settings in the file:

Property	Value	Purpose
oracle.security.jps.runtime.pd.client. policyDistributionMode	controlled-push	Sets the distribution mode for how the SM obtains its OES policy set
oracle.security.jps.runtime.pd.client. RegistrationServerHost	localhost	The host of the OES Administration Server that is used for registering the SM instance with the Administration side.
oracle.security.jps.runtime.pd.client. RegistrationServerPort	7002	The SSL port of the OES Administration Server that is used for registering the SM instance with the Administration side.
oracle.security.jps.policystore.type	DB_ORACLE	Specifies the repository type used for the OES security store. OES policies and related artifacts are stored in this store.
oracle.security.jps.farm.name	cn=oes_admin	Defines the root distinguished name (RDN) format of the domain node in the LDAP policy store. This name matches the domain name used when the OES Administration Server was created. If the name does not match, policy distribution does not work properly, and the policy set does not work.
oracle.security.jps.ldap.root.name	cn=jpsroot	Defines the top (root) entry of the LDAP policy store directory information tree (DIT).
oracle.security.jps.pd.clientPort	8002	The SSL port used by the SM instance for policy distribution in a controlled-push distribution model.
oracle.security.jps.runtime.pd.client. sm_name	people	The name of the SMConfigID that correlates a policy set defined in an application to a particular SM instance. This ID is configured within the OES Administration console and is bound to the People application that contains the policy used for this tutorial.







Save and close the file.

 

Running the SMConfigTool

After the SMConfig file is ready, you run the SMConfigTool, which reads the SMConfig file and some parameters for instructions about creating your SM instance.


In a terminal window, execute the following steps to create a WebLogic SM instance by using the OES SMConfigTool:


• Navigate to the OES SM Client bin folder:
  
  $ cd ../bin
• Execute the SMConfigTool as follows to create the SM instance and invoke the WebLogic domain Configuration Wizard:
  
  $ ./config.sh -smConfigId people -smType wls -onWLS -serverLocation $WL_HOME -prpFileName ../SMConfigTool/wls_smconfig.prp
  
  First, this creates an SM instance in the $MW_HOME/oes_client/oes_sm_instances folder called people. The first thing you must know about a WebLogic SM is that the files in this folder are mainly ignored and are not used by your WebLogic domain. The files for your domain are created for this type of SM in the$DOMAIN_HOME/config/oeswlssmconfig folder. Each server configured for the domain will have a folder that matches its server name within this folder. Each folder contains the OES SM configuration for that particular server. In this case, there will be only an AdminServer folder because you are creating a single server domain.
• Welcome: Select "Create a new WebLogic domain" and click Next.
  
  
• Select Domain Source: Select Oracle Entitlements Server WebLogic Security Module - 11.1.1.0 [oes_client] and click Next.
  
  
• Specify Domain Name and Location: Enter the values listed in the following table and then click Next:
  

  Field	Value
  Domain name:	mydomain
  Domain location:	/u01/app/oracle/fmw/user_projects/domains

  
  
  
• Configure Administrator User Name and Password: Enter weblogic as the user name and welcome1 as the password, and click Next.
  
  
• Configure Server Start Mode and JDK: Leave all default values, and click Next.
  
  
• Select Optional Configuration: Select Administration Server and click Next.
  
  
• Configure the Administration Server: Enter the values listed in the following table and then click Next:
  

  Field	Value
  Listen Port:	8001
  Enable SSL:	True
  SSL Listen Port:	8002

  
  
  
• Configuration Summary: Click Create.
  
  
• Creating Domain: Click Done.
  
  

Now that you have created your domain, you can start it and deploy an application to it for testing.