Configuring the Identity Store 28-39 b. Configure the keystore as shown in Section 32.1.2.2, Configuring the Keystore with WLST, or Section 32.1.2.3, Configuring the Keystore Using Fusion Middleware Control. 3. Edit the jps-config.xml configuration file. a. Navigate to your domain_homeconfigfmwconfig directory. b. Open the jps-config.xml file in a text editor. c. Modify the trust.provider.embedded propertySet node as below: propertySets propertySet name=trust.provider.embedded ... existing entries property value=orakey name=trust.aliasName property value=orakey name=trust.issuerName propertySet propertySets Where: trust.aliasName is the alias looked up by the identity asserter in the configured keystore for a certificate with which the asserter verifies the issued trust token. trust.issuerName is the alias looked up by the token issuer to look up the private key with which the trust token is issuedsigned. 4. If the client and REST applications are in different domains, repeat these steps for both domains. 5. Restart all servers.

28.8.3 Configuring the WLS Trust Service Asserter

This section describes how to configure the WebLogic Server Trust Service asserter. To configure the WebLogic Server Trust Service asserter:

1. Log into the WebLogic Administration Console as an administrator.

2. Navigate to Security Realms - myrealm.

3. Open the Providers tab, and then the Authentication subtab. The Create a New Authentication Provider page displays.

4. Enter the Name of the new asserter for example, TrustServiceIdAsserter.

5. Select TrustServiceIdentityAsserter as the asserter Type.

This asserter calls the Trust Service APIs to decode and validate the token from the incoming request, and pass the username to the WebLogic for establishing the asserted subject.

6. Click OK to save your changes.

28-40 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter 29 Configuring the Policy and Credential Store 29-1 29 Configuring the Policy and Credential Store For most environments, and especially production environments, you must reassociate your policy store with an external LDAP such as Oracle Internet Directory OID, or a database. Note that when using an external LDAP-based store, the credential store and policy store must be configured to use the same LDAP server either Oracle Internet Directory 11gR1 or 10.1.4.3. The identity store can, however, use any of the other supported LDAP servers; it does not need to use the same LDAP server as the policy and credential stores. Reassociating the policy and credential store with OID consists of creating a root node in the LDAP directory, and then reassociating the policy and credential store with the OID server using Fusion Middleware Control, or from the command line using WLST. Reassociating the policy and credential store with a database consists of setting up the schema and database connection in the RCU, and then migrating the policy and credential store to the database from the command line using WLST. This chapter contains the following sections: ■ Section 29.1, Creating a root Node ■ Section 29.2, Reassociating the Credential and Policy Store Using Fusion Middleware Control ■ Section 29.3, Reassociating the Credential and Policy Store Using WLST ■ Section 29.4, Reassociating the Policy and Credential Store with a Database ■ Section 29.5, Managing Credentials ■ Section 29.6, Configuring Self-Registration By Invitation in WebCenter Spaces Audience The content of this chapter is intended for Fusion Middleware administrators users granted the Admin role through the Oracle WebLogic Server Administration Console. Users with the Monitor or Operator roles can view security information but cannot Caution: Before reassociating the policy store, be sure to back up the relevant configuration files: ■ jps-config.xml ■ system-jazn-data.xml As a precaution, you should also back up the boot.properties file for the Administration Server for the domain.