Install and Configure Oracle Entitlement Server (OES) 11gR2 (11.1.2) Part II

This is part II of Oracle Entitlement Server & Client (Security Module) 11gR2 installation and Configuration,For Part I of this series click here

After installing software (JDK, WebLogic, Identity & Access Management), next step is to configure WebLogic domain that will host Oracle Entitlement Server (OES) Administration Console (a.k.a. Authorization Policy Manager – APM) .

Note: OES Administration Console (aka APM) is used to manage (create, modify, delete) policies.

6. Run Fusion Middleware configuration wizard to configure Weblogic Domain (More on WebLogic Domain here )

6.1 Start WebLogic Domain Creation screen at $ORACLE_HOME/common/bin/ and select Create New WebLogic Domain



6.2 Select template following template

a) Oracle Entitlement Server for Admin Server (This will deploy APM application on WebLogic Admin Server) and
b) Oracle Enterprise Manager  (This will deploy EM application on WebLogic Admin Server)

Note: Installer will automatically select Oracle Platform Security Service (required by OES Admin Server) and Oracle JRF (required by Enterprise Manager)

6.3 Select WebLogic Domain directory – This directory will contain all WebLogic Server related Configuration  and run time files.

Note: WebLogic Domain Directory can be anywhere on server and need NOT to be inside middleware home (MW_HOME)

6.4 Provide OPSS schema details that you created in step 2 of Part I of of  OES 11gR2 installation & Configuration series

Note: This OPSS schema will hold OES policies and WebLogic domain related application policies.

6.5 Select WebLogic Administration Server and Managed Server


6.6 Provide WebLogic Admin Server Port number

Note: This port will be used to access OES Administration Console (/apm) and WebLogic Console (/console) application.


Note: There will not be any managed server for OES


!!! Do Not Start WebLogic Admin Server yet !!!. From 11gR2 onwards, you must migrate WebLogic Domain Security Store (containing application roles, policies and credentials) from XML files to Database (in OPSS Schema)

7. Configure Security Store of WebLogic Domain to Database (in OPSS Schema)

$MW_HOME/oracle_common/common/bin/ $ORACLE_HOME/common/tools/

/oracle/apps/oes/mw/oracle_common/common/bin/ /oracle/apps/oes/mw/iam/common/tools/ -d $DOMAIN_HOME -t DB_ORACLE -j cn=jpsroot -m create -p welcome1


a) ORACLE_HOME is /oracle/apps/oes/mw/iam
b) MW_HOME is  /oracle/apps/oes/mw
c) Replace $DOMAIN_HOME with complete path of your WebLogic Domain Directory
d) welcome1 is password of OPSS schema


You should see output like


Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!

Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is: GenericCredential
Info: diagnostic credential created in the credential store.
Info: Create operation has completed successfully.


8. Start WebLogic Admin Server (More on WebLogic Server Start-up here)

$DOMAIN_HOME/bin/ (When prompted, enter user weblogic and password you supplied during domain creation)


9. Access OES Administration Server Console (Authorization Policy Manager – APM)


Note: Here admin_server_port is the port that you configured during WebLogic Domain creation step


Login using weblogic user and password you entered during WebLogic Domain Creation Step


10.  Optionally configure Identity Store associated with OES to enterprise LDAP server like Oracle Internet Directory (so that users in OID can login to OES Administration Console)

WebLogic Server Console -> Security Relams -> myrealm -> Providers -> Authentication

More on integrating WebLogic Server with OID here


In next part of Install and Configure OES 11gR2, I’ll cover installation and configuration of OES Client (WebLogic Security Module). You can read on Security Modules of OES here


Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Dhaval says July 1, 2013

I have already installed Identity and Access manager software. I am trying to create domain for OES, but only getting Oracle Entitlement Server and not OES for Admin Server /OES from Managed Server. In JDBC connection screen I am not getting OPSS schema, instead getting OES schema and OES MDS schema. Please suggest.

Atul Kumar says July 1, 2013

Which version of IAM product did you install ? and list components that installed

was this installed under Middleware Home ?

Did you select “Create new WebLogic Domain”

Dhaval says July 1, 2013

I have used ofm_iam_generic_11. I have installed it under Middleware. I am not sure if installing it has asked me any component list. After installing I have executed $ORACLE_HOME/commin/bin/ to create new Weblogic Domain. And here it is showing only OES and not OES for Admin/Managed Server.

» Download OES 11gR2 (11.1.2) client software – Security Module Online Apps DBA: One Stop Shop for Apps DBA’s says July 1, 2013

[…] autorization software from Oracle. For OES there is server side component (installation steps here )  and client side component called as Security […]

Dhaval says July 3, 2013

I guess this post is about installing Server and hope there isn’t be much difference with My problem is in creating weblogic domain from Identity and Access Manager. I don’t have space to install 11.1.2 IAM suite

Add Your Reply

Not found