Managing Oracle Fusion Middleware Security on IBM WebSphere 6-5

6.3 Migrating Credentials at Deployment

The migration of application credentials at deployment is controlled by a parameter configured in the file META-INFopss-application.xml. For an example of this file, see Sample opss-application File . The supported parameter, including a configuration example, are explained in the following section: ■ jps.credstore.migration Note that the following parameter is not supported on IBM WebSphere: jps.ApplicationLifecycleListener

6.3.1 jps.credstore.migration

This parameter specifies whether the migration should take place, and, when it does, whether it should merge with or overwrite matching credentials present in the target store. On IBM WebSphere, it is configured as illustrated in the following fragment: service type=CREDENTIAL_STORE property name=jps.credstore.migration value=overwrite service Setting jps.credstore.migration to overwrite requires that the system property jps.app.credential.overwrite.allowed be set to true. For more details about this parameter, see Oracle Fusion Middleware Application Security Guide.

6.4 Reassociating Policies with reassociateSecurityStore

For complete details about the scrip reassociateSecurityStore to reassociate the policy store, see Oracle Fusion Middleware Application Security Guide.

6.5 Deployment Mode

On IBM WebSphere, deployment is supported only in online mode; no offline deployment is supported.

6.6 Configuring the JpsFilter and the JpsInterceptor

On IBM WebSphere, both the JpsFilter and the JpsInterceptor must be manually configured. For the properties supported and configuration examples, see Oracle Fusion Middleware Application Security Guide.

6.7 Using System Variables in Code Source URLs

The system variables oracle.deployed.app.dir and oracle.deployed.app.ext can be used to specify a URL independent of the platform. For a configuration example using these variables, see Oracle Fusion Middleware Application Security Guide. 6-6 Oracle Fusion Middleware Third-Party Application Server Guide

6.8 Sample opss-application File

The following sample illustrates the contents of the opss-application.xml file. ?xml version=1.0 encoding=UTF-8 standalone=yes? opss-application xmlns=http:xmlns.oracle.comoracleasschema11opss-application-11_1.xsd xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:schemaLocation=http:xmlns.oracle.comoracleasschema11opss-application-11 _1.xsd schema-major-version=11 schema-minor-version=1 services service type=POLICY_STORE property name=jps.policystore.applicationid value=stripeid property name=jps.policystore.migration value=MERGE service service type=CREDENTIAL_STORE property name=jps.credstore.migration value=MERGE service services opss-application

6.9 Executing Common Audit Framework wsadmin Commands

To run audit commands, provided by Oracle Fusion Middleware’s Common Audit Framework, you need to do the following: 1. Start the Oracle Fusion Middleware wsadmin command-line shell. 2. Prefix the audit commands with the keyword Audit. For example: wsadmin Audit.getAuditPolicy wsadmin Audit.setAuditPolicy For details about the audit commands, see the Oracle Fusion Middleware Application Security Guide. 7 Managing OAM Identity Assertion on IBM WebSphere 7-1 7 Managing OAM Identity Assertion on IBM WebSphere Oracle Access Manager Identity Assertion Provider for IBM WebSphere can be used to provide authentication and single sign-on with Oracle Access Manager 10g 10.1.4.3 or 11g. This chapter includes the following topics: ■ Section 7.1, Introduction to OAM Identity Assertion on IBM WebSphere