Sunday, January 6, 2013

Configure Database Security Store for OIM 11.1.2.0

Configuring Database Security Store for OIM 11.1.2.0
Note: This assumes that you've created a WebLogic domain only for Oracle Identity Manager and SOA. If you have been following my guides throughout, you are fine. If not, refer to the Oracle documentation for the specific scenario you are dealing with (Look at 3.2.9 Configuring Database Security Store for an Oracle Identity and Access Management Domain in Installation Guide for Oracle Identity and Access Management).

You will be using the "configureSecurityStore.py" script to create the Database Security Store. This script can be found under the "<IAM_HOME>/common/tools" directory.

#Execute the following command to create the Database Security Store (This is one command)
?
1
2
#<MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -c IAM -p <opss_schema_password> -m create
/home/oracle/Oracle/Middleware/oracle_common/common/bin/wlst.sh /home/oracle/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /home/oracle/Oracle/Middleware/user_projects/domains/base_domain -c IAM -p myPassword -m create

#Execute the following command to validate if the Database Security Store created properly
?
1
2
#<MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -m validate
/home/oracle/Oracle/Middleware/oracle_common/common/bin/wlst.sh /home/oracle/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /home/oracle/Oracle/Middleware/user_projects/domains/base_domain -m validate
Logs for Create
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Initializing WebLogic Scripting Tool (WLST) ...
 
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
 
Welcome to WebLogic Server Administration Scripting Shell
 
Type help() for help on available commands
 
Info: Data source is: opss-DBDS
Info: DB JDBC driver: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@localhost:1521/orcl
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  checkServiceSetup - done
 
Jan 5, 2013 8:14:37 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler
 
INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  checkServiceSchema - Store schema has been seeded completely
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  updateServiceConfiguration - done
 
Jan 5, 2013 8:14:42 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
 
INFO: Migration of Credential Store data in progress.....
 
Jan 5, 2013 8:14:42 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
 
INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  migrateData - done
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  testJpsService - done
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  checkServiceSetup - done
 
Jan 5, 2013 8:14:43 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler
 
INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  checkServiceSchema - Store schema has been seeded completely
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  updateServiceConfiguration - done
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  migrateData - done
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  testJpsService - done
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  checkServiceSetup - done
 
Jan 5, 2013 8:14:45 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler
 
INFO: Policy schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  checkServiceSchema - Store schema has been seeded completely
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  updateServiceConfiguration - done
 
WLS ManagedService is not up running. Fall back to use system properties for configuration.
 
Jan 5, 2013 8:14:54 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData
 
INFO: Migration of Admin Role Members started
 
Jan 5, 2013 8:14:54 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData
 
INFO: Migration of Admin Role Members completed in 00:00:00
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  migrateData - done
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  testJpsService - done
 
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator]  checkServiceSetup - done
 
Jan 5, 2013 8:14:54 PM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler
 
INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
 
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator]  checkServiceSchema - Store schema has been seeded completely
 
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator]  updateServiceConfiguration - done
 
Jan 5, 2013 8:14:54 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
 
INFO: Migration of Audit Store data in progress.....
 
Jan 5, 2013 8:15:19 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
 
INFO: Migration of Audit Store data completed, Time taken for migration is 00:00:25
 
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator]  migrateData - done
 
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator]  testJpsService - done
 
persist to output: /home/oracle/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig - done
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  checkServiceSetup - done
 
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator]  updateServiceConfiguration - done
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  checkServiceSetup - done
 
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator]  updateServiceConfiguration - done
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  checkServiceSetup - done
 
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator]  updateServiceConfiguration - done
 
Jan 5, 2013 8:15:30 PM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator checkIfConfigurationValid
 
INFO: Audit store re-association not supported.
 
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator]  checkServiceSetup - Audit store re-association not supported.
 
persist to output: /home/oracle/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig - done
 
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
 
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
 
Using default context in /home/oracle/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig/jps-config-migration.xml file for credential store.
 
Credential store location : jdbc:oracle:thin:@localhost:1521/orcl
 
Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!
 
Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is:
 
GenericCredential
 
Info: diagnostic credential created in the credential store.
 
Info:  Create operation has completed successfully.
Logs for Validate
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Initializing WebLogic Scripting Tool (WLST) ...
 
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
 
Info: Data source is: opss-DBDS
 
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
 
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
 
Info: Diagnostics data was saved to the credential store.
 
Info: Validate operation has completed successfully.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)