Configure OES client software (Security Module) : Things you must know

After installing OES Server, configuring OES Server, and installing OES client next task is to configure OES client (Security Module). This post covers things you must know before you configure OES Security Module (SM).  To know more about OES Security Modules click here

Things you must know before you configure Security Module (Client Software)

1. OES distributes policies (defined in OES Server using APM – More on defining Policies in OES Server later) to Security Module that protects Applications in one of following modes
a) Controlled-Push Mode
b) Controlled-Pull Mode
c) Non-Controlled Pull Mode (non-controlled)

Decide on what distribution mode you wish to use to configure OES client Software (security module).
Note: Controlled-Push is recommended distribution mode. In this series I am going to use controlled-push distribution .

2. Distribution mode is defined by parameter (oracle.security.jps.runtime.pd.client.policyDistributionMode) , values can be
a) controlled-push
b) controlled-pull
c) non-controlled

Note: Above parameter and value is defined in $OES_CLIENT ORACLE_HOME/oes_sm_instance/[security_module_name]/config/jps-config.xml
3. When configuring controlled-push mode, you will need WebLogic Admin Server details (OES Server Admin Server Host Port, WeBlogic User and password)

Note : OES Server Administration Server pushes the data in controlled push mode.

4. When configuring controlled-pull or non controlled pull, you will need Policy Store details, Domain Name of OES Server, OES schema (OPSS schema in 11gR2) (location of OPSS configured during OES Server configuration section 6.4)
a) If policies are stored in OID then use ldap.url
b) If policies are stored in Oracle Database then use jdbc.url

Note: Security Module pulls data directly from OES Policy Store in controlled pull or non controlled pull.

5. OES Client (Security Module) is configured using config.sh in OES_CLIENT ORACLE_HOME/oessm/bin/config.sh

6. OES client software comes with pre-configured properties file (OES_CLIENT ORACLE_HOME/oesm/SMConfigTool) that you can use to configure OES client software depending on requirement. For Example use
a) smconfig.java.controlled.prp – Use this properties file to configure Java Security Module in controlled push mode .
b) smconfig.rmi.controlled.prp – Use this properties file to configure RMI Security Module in controlled push mode
c) smconfig.ws.controlled.prp – Use this properties file to configure WebService Security Module in controlled push mode
d) smconfig.wls.controlled.prp – Use this properties file to configure WebLogic Server Security Module in controlled push mode

7. Syntax to use while configuring OES client (Security Module) is
config.sh -smConfigId [security_module_name] -prpFileName [security_module_configuration_properties_file]

8. When you configure Security Module using OES_CLIENT ORACLE_HOME/oessm/bin/config.sh -smConfigId [security_module_name]  it will create directory OES_CLIENT ORACLE_HOME/oes_sm_instance/[security_module_name]

9. OES Client “WebLogic Security Module” can be configured with or without JRF environment (Java Required Files). To see if your WebLogic Security Module is with JRF-environment, look for directory oracle_common in your Middleware Home (MW_HOME) in which you have installed OES client software

Note: oracle_common directory in middleware home (MW_HOME) represents Java Required Files (JRF) environment.

10. If you are using JRF environment then use option -onJRF to configure OES WebLogic Security Module with config.sh

OES_CLIENT ORACLE_HOME/oessm/bin/config.sh -onJRF -smType wls ********

 

Related/References

 

In next post I am going to cover steps to configure OES SM of Type WebLogic Server (without JRF)

About the Author Masroof Ahmad

Leave a Comment: