OIM 11.1.2.2 Create Identity.jks using Weblogic Import Private Key Utility

OIM 11.1.2.2 Create Identity.jks using Weblogic Import Private Key Utility

• Go to the server lib directory of WebLogic:

      cd $MIDDLEWARE_HOME/wlserver_10.3/server/lib/

• Set the right environment:

             . ../bin/setWLSEnv.sh

• Use the key and certificate to crate the identity

java utils.ImportPrivateKey -certfile rootcertificate.crt -keyfile mindtelligent.com_wildcard.key -keyfilepass  keyFilePassword -keystore MindTelligentIdentityKeyStore.jks -storepass mindtelligent1 -alias mindtelligent1com -keypass mindtelligent1

• Verify if the certificate is created correctly

     keytool -v -list -keystore MindTelligentIdentityKeyStore.jks -storepass 

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0)- How to configure custom Attribute Retriever

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0)- How to configure custom Attribute Retriever

Create a java code, convert to a jar, and add it to the CLASSPATH.

Here is the sample of custom attribute retriever:

package com.mindtelligent.oes.customproviders;
import com.bea.security.providers.authorization.asi.AttributeRetriever;
import weblogic.security.spi.Resource;
import weblogic.security.service.ContextHandler;

import javax.security.auth.Subject;
import java.util.*;
import java.io.*;

public class MyAttributeRetriever implements AttributeRetriever {
private static final String TestCustomAttribute = "TestCustomAttribute";
private String[] attributes = {"TestCustomAttribute"};
private static boolean switchStatus = true;
public String[] getHandledAttributeNames() {
return attributes;
}
public Object getAttributeValue(String name,Subject subject,Map roles,Resource resource,ContextHandler contextHandle) {
ArrayList listValues = new ArrayList();
String attrValue = "default";
if (name.equals("TestCustomAttribute")) {
System.out.println("Name"+name);
attrValue = "TestCustomAttribute";
System.out.println( "attrValue value is TestCustomAttribute "); }
else { System.out.println( "attrValue value is NotTestCustomAttribute "); }
return attrValue;}

Modify jps-config.xml, located in the Security Module

For Example:

<serviceProvider class="oracle.security.jps.az.internal.runtime.provider.PIPServiceProvider" name="pip.service.provider" type="PIP"/>

<serviceInstance name="pip.service.MyAttributeRetriever" provider="pip.service.provider">
      <property name="type" value="CUSTOM_PIP"/>
      <property name="application" value="TestCustomAttribute"/>
      <property name="description" value="MyAttributeRetriever"/>
      <property name="classnames" value="com.mindtelligent.oes.customproviders.MyAttributeRetriever"/>
  </serviceInstance>

<serviceInstanceRef ref="pip.service.MyAttributeRetriever"/>

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Configure Web Service Security Module

Oracle Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Configure Web Service Security Module

To configure RMI Security Module instance in a controlled distribution mode, then do the following:

Open smconfig.rmi.controlled.prp file (located in OES_CLIENT_HOME/oessm/SMConfigTool) in a text editor, and then specify the parameters described in following table

Parameter	Description
oracle.security.jps.runtime.pd.client.policyDistributionMode	Accept the default value controlled-push as the distribution mode.
oracle.security.jps.runtime.pd.client.RegistrationServerHost	Enter the address of the Oracle Entitlements Server Administration Server.
oracle.security.jps.runtime.pd.client.RegistrationServerPort	Enter the SSL port number of the Oracle Entitlements Server Administration Server. You can find the SSL port number from the WebLogic Administration console.

Run the config.sh (located in OES_CLIENT_HOME/oessm/bin on UNIX) or config.cmd (located in OES_CLIENT_HOME\oessm\bin on Windows) as follows: 

config.sh -smType ws -smConfigId ws -WSListeningPort 9410 -prpFileName /data/app/Oracle/Middleware/oesclient/oessm/SMConfigTool/smconfig.ws.controlled.prp

When prompted, specify the following:

• New key store password for enrollment
• Oracle Entitlements Server user name (This is the Administration Server's user name)
• Oracle Entitlements Server Password (This is the Administration Server's password)