Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) - Secure the XACML Authorization Web Service
Migrating From Database to XML
Following is the procedure to migrate policies from a database to an XML-based
policy store.
Note: The value of the bootstrap.security.principal.key property needs to be populated with the key generated during reassociation of the policy, credential, and key stores from one repository type to another
1. On the OES server installed box create a folder migration. Eg: /OES/migration
2. Create a file jps-config.xml Eg: /OES/migration/jps-config.xml
3. Copy the content below to the jps-config.xml file create above and edit the DB connection parameters.
4. Copy the bootstrap folder
5. Copy the system-jazn-data.xml from the following location
$ORACLE_HOME/user_projects/domains/oes_domain/config/fmwconfig to /OES/migration
<!-- Source DB-based policy store instance -->
<serviceInstance provider="policystore.provider"name="policystore.db.source">
<description>DB Based Policy Store Service Instance</description>
<property name="policystore.type" value="DB_ORACLE"/>
<property name="jdbc.url"
value="jdbc:oracle:thin:@sc.domainexample.com:1722:orcl"/>
<property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>
<property name="bootstrap.security.principal.key"
value="bootstrap_DWgpEJgXwhDIoLYVZ2OWd4R8wOA=" />
<property name="oracle.security.jps.ldap.root.name" value="cn=jpsTestNode"/>
<property name="oracle.security.jps.farm.name" value="cn=view_steph.atz"/>
</serviceInstance>
<!-- Destination XML-based policy store instance -->
<serviceInstance name="dst.xml" provider="policystore.xml.provider"
location="/scratch/divyasin/WithPSR/jazn-data-fscm.xml">
<description>File Based Policy Store Service Instance</description>
</serviceInstance>
<!-- Bootstrap credentials to access source and destination stores -->
<serviceInstance location="./bootstrap" provider="credstoressp"
name="bootstrap.cred">
<description>Replace location with the full path of the directory where
the bootstrap file cwallet.sso is located; typically found in
destinationDomain/config/fmwconfig/</description>
</serviceInstance>
<jpsContext name="sourceContext">
<serviceInstanceRef ref="policystore.db.source"/>
</jpsContext>
<jpsContext name="destinationContext">
<serviceInstanceRef ref="dst.xml"/>
</jpsContext>
<jpsContext name="bootstrap_credstore_context">
<serviceInstanceRef ref="bootstrap.cred"/>
</jpsContext>
6. On the OES server installed box navigate to the following location $ORACLE_HOME/Oracle_IDM1/common/bin/
7. Run the follwing command ./wlst.sh
8. If you need to migrate entire policystore use this command:
Eg: migrateSecurityStore(type=”policyStore”,src=”sourceContext”,dst=”destinationContext”,configFile=”OES/migration/jps-config.xml”)
If you need to migration only a specific application policy:
migrateSecurityStore
(type="policyStore", src="sourceContext",
dst="destinationContext",
configFile="/scratch/divyasin/WithPSR/jps-config.xml")