Oracle Entitlement Server Weblogic SM PIP configuration

 Steps to configure a OOTB PIP for weblogic SM are:

1) Edit the jps-config file in the following location $ORACLE_HOME/user_projects/domains/weblogicSM_domain/config/oeswlssmconfig

              I.        Update propertySets section in jps-config                 

<propertySet name=”ootb.pip.attribute.empfname.rdbms”>

<property name=”ootb.pip.attr.type” value=”OOTB_PIP_ATTRIBUTE”/>

<property name=”ootb.pip.ref” value=”pip.service.ootb.db”/>

<property name=”name” value=”empfname”/>

<property name=”query” value=”select empfname  from employee where employee_id=%EMP_ID% ‘”/>

<property name=”cached” value=”true”/>

<property name=”ttl” value=”60″/>

</propertySet>

              II.        Update serviceProviders section in jps-config

<serviceProvider class=”oracle.security.jps.az.internal.runtime.provider.PIPServiceProvider”  name=”pip.service.provider.db” type=”PIP”/>

              III.        Update serviceInstances section in jps-config                  

<serviceInstance name=”pip.service.ootb.db” provider=”pip.service.provider.db”>

                        <property name=”type” value=”RDBMS_PIP”/>

                        <property name=”jdbc.url” value=”jdbc:oracle:thin:@localhost:1521:sid”/>

                        <property name=”jdbc.driver” value=”oracle.jdbc.driver.OracleDriver”/>

                        <property name=”security.principal” value=”username”/>

                        <property name=”security.credential” value=”password”/>

                        <property name=”failed.server.retry.interval” value=”10″/>

                      </serviceInstance>

              IV.        Update jpsContexts section in jps-config

<!–[if gte mso 9]&gt; Normal 0 false false false EN-US X-NONE X-NONE &lt;![endif]–><!–[if gte mso 9]&gt; &lt;![endif]–><!–[if gte mso 10]&gt; /* Style Definitions */ table.MsoNormalTable {mso-style-name:”Table Normal”; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:””; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:”Times New Roman”,”serif”;} &lt;![endif]–><serviceInstanceRef ref=”pip.service.ootb.db”/>

2. <!–[if gte mso 9]&gt; Normal 0 false false false EN-US X-NONE X-NONE &lt;![endif]–><!–[if gte mso 9]&gt; &lt;![endif]–><!–[if gte mso 10]&gt; /* Style Definitions */ table.MsoNormalTable {mso-style-name:”Table Normal”; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:””; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:”Times New Roman”,”serif”;} &lt;![endif]–>Login to OES apm console and create the attribute empfname

3.  Restart the weblogicSM_domain

Note: Only for Weblogic SM the location of  jps-config file would be $ORACLE_HOME/user_projects/domains/weblogicSM_domain/config/oeswlssmconfig.

In case of java or webservice SM  the jps-config file would be at Eg: $ORACLE_HOME/oesclient/oes_sm_instances/javaSM/config

About the Author Atul Kumar

Leave a Comment:

3 comments
Mahendra says February 22, 2012

Hi Shilu,

Can you explain why do we need to add PIP attribute configuration in jps xml? Also, PIP generally refers to a store which contain identities.

Reply
Shilu Thomas says February 22, 2012

Mahendra,

PIP is required if you need to fetch any value for your policy evaluation or if any value needs to passed as obligation back to the caller. Generally we use Ldap to store identities but in case of relation its preferred to store in DB. Consider your policy evaluation is to check if an identity has children and this information is stored in DB. In that case you will need a DB PIP to fetch this information.

OES ootb supports both ldap and DB pip. If you have a different source then you can use custom attribute retrivers.

Cheers,
Shilu

Reply
ssarkar says May 11, 2012

It is working now. I moved the new OID to highest order in the provider list.

Reply
Add Your Reply

Not found