This is part II of Oracle Entitlement Server & Client (Security Module) 11gR2 installation and Configuration,For Part I of this series click here
After installing software (JDK, WebLogic, Identity & Access Management), next step is to configure WebLogic domain that will host Oracle Entitlement Server (OES) Administration Console (a.k.a. Authorization Policy Manager – APM) .
Note: OES Administration Console (aka APM) is used to manage (create, modify, delete) policies.
6. Run Fusion Middleware configuration wizard to configure Weblogic Domain (More on WebLogic Domain here )
6.1 Start WebLogic Domain Creation screen at $ORACLE_HOME/common/bin/config.sh and select Create New WebLogic Domain
6.2 Select template following template
a) Oracle Entitlement Server for Admin Server (This will deploy APM application on WebLogic Admin Server) and
b) Oracle Enterprise Manager (This will deploy EM application on WebLogic Admin Server)
Note: Installer will automatically select Oracle Platform Security Service (required by OES Admin Server) and Oracle JRF (required by Enterprise Manager)
6.3 Select WebLogic Domain directory – This directory will contain all WebLogic Server related Configuration and run time files.
Note: WebLogic Domain Directory can be anywhere on server and need NOT to be inside middleware home (MW_HOME)
6.4 Provide OPSS schema details that you created in step 2 of Part I of of OES 11gR2 installation & Configuration series
Note: This OPSS schema will hold OES policies and WebLogic domain related application policies.
6.5 Select WebLogic Administration Server and Managed Server
6.6 Provide WebLogic Admin Server Port number
Note: This port will be used to access OES Administration Console (/apm) and WebLogic Console (/console) application.
Note: There will not be any managed server for OES
!!! Do Not Start WebLogic Admin Server yet !!!. From 11gR2 onwards, you must migrate WebLogic Domain Security Store (containing application roles, policies and credentials) from XML files to Database (in OPSS Schema)
7. Configure Security Store of WebLogic Domain to Database (in OPSS Schema)
$MW_HOME/oracle_common/common/bin/wlst.sh $ORACLE_HOME/common/tools/configureSecurityStore.py
/oracle/apps/oes/mw/oracle_common/common/bin/wlst.sh /oracle/apps/oes/mw/iam/common/tools/configureSecurityStore.py -d $DOMAIN_HOME -t DB_ORACLE -j cn=jpsroot -m create -p welcome1
Here
a) ORACLE_HOME is /oracle/apps/oes/mw/iam
b) MW_HOME is /oracle/apps/oes/mw
c) Replace $DOMAIN_HOME with complete path of your WebLogic Domain Directory
d) welcome1 is password of OPSS schema
You should see output like
_____
Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!
Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is: GenericCredential
Info: diagnostic credential created in the credential store.
Info: Create operation has completed successfully.
______
8. Start WebLogic Admin Server (More on WebLogic Server Start-up here)
$DOMAIN_HOME/bin/startWebLogic.sh (When prompted, enter user weblogic and password you supplied during domain creation)
9. Access OES Administration Server Console (Authorization Policy Manager – APM)
http://hostname:admin_server_port/apm
Note: Here admin_server_port is the port that you configured during WebLogic Domain creation step
Login using weblogic user and password you entered during WebLogic Domain Creation Step
10. Optionally configure Identity Store associated with OES to enterprise LDAP server like Oracle Internet Directory (so that users in OID can login to OES Administration Console)
WebLogic Server Console -> Security Relams -> myrealm -> Providers -> Authentication
More on integrating WebLogic Server with OID here
In next part of Install and Configure OES 11gR2, I’ll cover installation and configuration of OES Client (WebLogic Security Module). You can read on Security Modules of OES here