Monday, December 1, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service



Migrating From Database to XML

Following is the procedure to migrate policies from a database to an XML-based

policy store.

Note: The value of the bootstrap.security.principal.key property needs to be populated with the key generated during reassociation of the policy, credential, and key stores from one repository type to another



1. On the OES server  installed box create a folder migration. Eg: /OES/migration

2. Create a file jps-config.xml Eg: /OES/migration/jps-config.xml

3. Copy the content below to the jps-config.xml file create above and edit the DB connection parameters.

4. Copy the bootstrap folder

5. Copy the system-jazn-data.xml from the following location
$ORACLE_HOME/user_projects/domains/oes_domain/config/fmwconfig to /OES/migration


<!-- Source DB-based policy store instance -->

<serviceInstance provider="policystore.provider"
name="policystore.db.source">
<description>DB Based Policy Store Service Instance</description>
<property name="policystore.type" value="DB_ORACLE"/>
<property name="jdbc.url"
value="jdbc:oracle:thin:@sc.domainexample.com:1722:orcl"/>
<property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>
<property name="bootstrap.security.principal.key"
value="bootstrap_DWgpEJgXwhDIoLYVZ2OWd4R8wOA=" />
<property name="oracle.security.jps.ldap.root.name" value="cn=jpsTestNode"/>
<property name="oracle.security.jps.farm.name" value="cn=view_steph.atz"/>
</serviceInstance>

<!-- Destination XML-based policy store instance -->
<serviceInstance name="dst.xml" provider="policystore.xml.provider"
location="/scratch/divyasin/WithPSR/jazn-data-fscm.xml">
<description>File Based Policy Store Service Instance</description>
</serviceInstance>


<!-- Bootstrap credentials to access source and destination stores -->
<serviceInstance location="./bootstrap" provider="credstoressp"
name="bootstrap.cred">
<description>Replace location with the full path of the directory where
the bootstrap file cwallet.sso is located; typically found in
destinationDomain/config/fmwconfig/</description>

</serviceInstance>

<jpsContext name="sourceContext">
<serviceInstanceRef ref="policystore.db.source"/>

</jpsContext>

<jpsContext name="destinationContext">
<serviceInstanceRef ref="dst.xml"/>
</jpsContext>

<jpsContext name="bootstrap_credstore_context">
<serviceInstanceRef ref="bootstrap.cred"/>

</jpsContext>

6. On the OES server  installed box navigate to the following location $ORACLE_HOME/Oracle_IDM1/common/bin/

7. Run the follwing command ./wlst.sh

8. If you need to migrate entire policystore use this command:
Eg: migrateSecurityStore(type=”policyStore”,src=”sourceContext”,dst=”destinationContext”,configFile=”OES/migration/jps-config.xml”)

If you need to migration only a specific application policy:

 migrateSecurityStore
(type="policyStore", src="sourceContext",
dst="destinationContext",
configFile="/scratch/divyasin/WithPSR/jps-config.xml")

No comments:

Post a Comment

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...