{"id":5729,"date":"2013-07-08T12:32:43","date_gmt":"2013-07-08T16:32:43","guid":{"rendered":"http:\/\/onlineappsdba.com\/?p=5729"},"modified":"2016-05-04T12:19:17","modified_gmt":"2016-05-04T16:19:17","slug":"configure-oes-client-software-security-module-things-you-must-know","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2013\/07\/08\/configure-oes-client-software-security-module-things-you-must-know\/","title":{"rendered":"Configure OES client software (Security Module) : Things you must know"},"content":{"rendered":"

After installing OES Server<\/a>, configuring OES Server<\/a>, and installing OES client<\/a>\u00a0next task is to configure OES client (Security Module). This post covers things you must know before you configure OES Security Module (SM). \u00a0To know more about OES Security Modules click here<\/a><\/p>\n

Things you must know before you configure Security Module (Client Software)<\/p>\n

1.<\/strong> OES distributes policies (defined in OES Server using APM – More on defining Policies in OES Server later)<\/span> to Security Module that protects Applications in one of following modes
\na) Controlled-Push<\/strong> Mode
\nb) Controlled-Pull<\/strong> Mode
\nc) Non-Controlled Pull<\/strong> Mode (non-controlled)<\/p>\n

Decide on what distribution mode you wish to use to configure OES client Software (security module).
\nNote: Controlled-Push is recommended distribution mode. In this series I am going to use controlled-push distribution .<\/strong><\/span><\/p>\n

2.<\/strong> Distribution mode is defined by parameter (oracle.security.jps.runtime.pd.client.policyDistributionMode<\/strong>) , values can be
\na) controlled-push
\nb) controlled-pull
\nc) non-controlled<\/p>\n

Note: Above parameter and value is defined in $OES_CLIENT ORACLE_HOME\/oes_sm_instance\/[security_module_name]\/config\/jps-config.xml<\/span>
\n3.<\/strong> When configuring controlled-push mode, you will need WebLogic Admin Server details (OES Server Admin Server Host Port, WeBlogic User and password)<\/p>\n

Note : OES Server Administration Server pushes the data in controlled push mode.<\/span><\/p>\n

4.<\/strong> When configuring controlled-pull<\/strong> or non controlled pull<\/strong>, you will need Policy Store details, Domain Name of OES Server, OES schema (OPSS schema in 11gR2) (location of OPSS configured during OES Server configuration section 6.4<\/a>)
\na) If policies are stored in OID then use ldap.url
\nb) If policies are stored in Oracle Database then use jdbc.url<\/p>\n

Note: Security Module pulls data directly from OES Policy Store in controlled pull or non controlled pull.<\/span><\/p>\n

5.<\/strong> OES Client (Security Module) is configured using config.sh<\/strong> in OES_CLIENT ORACLE_HOME\/oessm\/bin\/config.sh<\/strong><\/p>\n

6.<\/strong> OES client software comes with pre-configured properties file (OES_CLIENT ORACLE_HOME\/oesm\/SMConfigTool) that you can use to configure OES client software depending on requirement. For Example use
\na) smconfig.java.controlled.prp<\/strong> – Use this properties file to configure Java Security Module in controlled push mode .
\nb) smconfig.rmi.controlled.prp<\/strong> – Use this properties file to configure RMI Security Module in controlled push mode
\nc) smconfig.ws.controlled.prp<\/strong> – Use this properties file to configure WebService Security Module in controlled push mode
\nd) smconfig.wls.controlled.prp<\/strong> – Use this properties file to configure WebLogic Server Security Module in controlled push mode<\/p>\n

7.<\/strong> Syntax to use while configuring OES client (Security Module) is
\nconfig.sh -smConfigId [security_module_name] -prpFileName [security_module_configuration_properties_file]<\/strong><\/span><\/p>\n

8.<\/strong> When you configure Security Module using\u00a0OES_CLIENT ORACLE_HOME\/oessm\/bin\/config.sh\u00a0-smConfigId [security_module_name] \u00a0it will create directory\u00a0OES_CLIENT ORACLE_HOME\/oes_sm_instance\/[security_module_name]<\/p>\n

9.<\/strong> OES Client “WebLogic Security Module<\/strong>” can be configured with<\/strong> or without<\/strong> JRF environment (Java Required Files<\/strong>). To see if your WebLogic Security Module is with JRF-environment, look for directory oracle_common<\/strong> in your Middleware Home (MW_HOME) in which you have installed OES client software<\/a><\/p>\n

Note: oracle_common directory in middleware home (MW_HOME) represents Java Required Files (JRF) environment.<\/p>\n

10.<\/strong> If you are using JRF environment<\/strong> then use option -onJRF<\/strong> to configure OES WebLogic Security Module with config.sh<\/p>\n

OES_CLIENT ORACLE_HOME\/oessm\/bin\/config.sh -onJRF -smType wls ********<\/p>\n

 <\/p>\n

Related\/References<\/strong><\/span><\/p>\n