6-12 Oracle Fusion Middleware Application Security Guide xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:schemaLocation=http:xmlns.oracle.comoracleasschema11jps-config-11_ 1.xsd schema-major-version=11 schema-minor-version=1 serviceProviders serviceProvider class=oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider name=policystore.xml.provider type=POLICY_STORE descriptionXML-based policy store providerdescription serviceProvider serviceProvider class=oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider name=ldap.policystore.provider type=POLICY_STORE property value=OID name=policystore.type descriptionLDAP-based policy store providerdescription serviceProvider serviceProvider class=oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider name=db.policystore.provider type=POLICY_STORE property value=DB_ORACLE name=policystore.type descriptionDB-based policy store providerdescription serviceProvider serviceProviders serviceInstances -- Source XML-based policy store instance -- serviceInstance location=.system-jazn-data.xml provider=policystore.xml.provider name=policystore.xml.source descriptionReplace location with the full path of the folder where the system-jazn-data.xml is located in the source file system description serviceInstance -- Source LDAP-based policy store instance -- serviceInstance provider=ldap.policystore.provider name=policystore.ldap.source descriptionReplace: A. mySourceDomain and mySourceRootName to appropriate values according to your source LDAP directory structure; B. OID with OVD, if your source LDAP is OVD; C. ldap:mySourceHost.com:3060 with the URL and port number of your source LDAPdescription property value=OID name=policystore.type property value=bootstrap name=bootstrap.security.principal.key property value=cn=mySourceDomain name=oracle.security.jps.farm.name property value=cn=mySourceRootName name=oracle.security.jps.ldap.root.name property value=ldap:mySourceHost.com:3060 name=ldap.url serviceInstance -- Source DB-based policy store instance -- serviceInstance provider=db.policystore.provider name=policystore.db.source descriptionReplace: mySourceDomain and mySourceRootName to appropriate values according to your source DB policy store structure description property value=DB_ORACLE name=policystore.type property value=cn=mySourceDomain name=oracle.security.jps.farm.name property value=cn=mySourceRootName name=oracle.security.jps.ldap.root.name property value=jdbc:oracle:thin:mySourceHost.com:1722:orcl name=jdbc.url -- the value of jdbc.url should be the value entered when the source datasource was set up -- property value=oracle.jdbc.driver.OracleDriver name=jdbc.driver Deploying Secure Applications 6-13 property name=bootstrap.security.principal.key value=mySourceKeyName property name=bootstrap.security.principal.map value=mySourceMapName -- the values of bootstrap.security.principal.key and bootstratp.security.principal.map should be the values entered when the bootstrap credential was set up -- serviceInstance -- Destination LDAP-based policy store instance -- serviceInstance provider=ldap.policystore.provider name=policystore.ldap.destination descriptionReplace: A. myDestDomain and myDestRootName to appropriate values according to your destination LDAP directory structure; B. OID with OVD, if your destination LDAP is OVD; C. ldap:myDestHost.com:3060 with the URL and port number of your destination LDAPdescription property value=OID name=policystore.type property value=bootstrap name=bootstrap.security.principal.key property value=cn=myDestDomain name=oracle.security.jps.farm.name property value=cn=myDestRootName name=oracle.security.jps.ldap.root.name property value=ldap:myDestHost.com:3060 name=ldap.url serviceInstance -- Destination DB-based policy store instance -- serviceInstance provider=db.policystore.provider name=policystore.db.destination descriptionReplace: myDestDomain and myDestRootName to appropriate values according to your destination DB policy store structuredescription property value=DB_ORACLE name=policystore.type property value=cn=myDestDomain name=oracle.security.jps.farm.name property value=cn=myDestRootName name=oracle.security.jps.ldap.root.name property value=jdbc:oracle:thin:myDestHostcom:1722:orcl name=jdbc.url -- the value of jdbc.url should be the value entered when the destination datasource was set up -- property value=oracle.jdbc.driver.OracleDriver name=jdbc.driver property name=bootstrap.security.principal.key value=myDestKeyName property name=bootstrap.security.principal.map value=myDestMapName -- the value of bootstrap.security.principal.key and bootstratp.security.principal.map should be the value entered when the bootstrap credential was set up -- serviceInstance -- Bootstrap credentials to access source and destination LDAPs or DBs-- serviceInstance location=.bootstrap provider=credstoressp name=bootstrap.cred descriptionReplace location with the full path of the directory where the bootstrap file cwallet.sso is located; typically found in destinationDomain configfmwconfigdescription serviceInstance serviceInstances jpsContexts jpsContext name=XMLsourceContext serviceInstanceRef ref=policystore.xml.source jpsContext jpsContext name=LDAPsourceContext serviceInstanceRef ref=policystore.ldap.source jpsContext jpsContext name=DBsourceContext serviceInstanceRef ref=policystore.db.source 6-14 Oracle Fusion Middleware Application Security Guide jpsContext jpsContext name=LDAPdestinationContext serviceInstanceRef ref=policystore.ldap.destination jpsContext jpsContext name=DBdestinationContext serviceInstanceRef ref=policystore.db.destination jpsContext -- Do not change the name of the next context -- jpsContext name=bootstrap_credstore_context serviceInstanceRef ref=bootstrap.cred jpsContext jpsContexts jpsConfig Note that since the migration involves LDAP and DB stores, the file includes a jps-context named bootstrap_credstore_context that specifies the directory where the bootstrap credential file cwallet.sso is located. Furthermore, for each pair of map name and key name in the sample above, you must provide the corresponding bootstrap credentials using the WLST script addBootStrapCredential as illustrated in the following example: wls:offline addBootStrapCredentialjpsConfigFile=jps-config.xml, map=myMapName, key=myKeyName, username=myUserName, password=myPassword where myUserName and myPassaword specify the user account name and password to access the target database. The following examples of use of migrateSecurityStore assume that: ■ The file t2p-policies.xml is located on the target system in the directory where the script is run. ■ The directory structure of LDAP or DB system policies in the test and production environments should be identical. If this is not the case, before using the script, restructure manually the system policy directory in the production environment to match the corresponding structure in the test environment. Under these assumptions, to migrate policies from a test or source LDAP store to a production or destination LDAP store, invoke migrateSecurityStore in the target system as follows: migrateSecurityStoretype=policyStore,configFile=t2p-policies.xml,src=LDAPso urceContext,dst=LDAPdestinationContext To migrate policies from a test or source XML store to a production or destination LDAP store, invoke migrateSecurityStore in the target system as follows: migrateSecurityStoretype=policyStore,configFile=t2p-policies.xml,src=XMLsou rceContext,dst=LDAPdestinationContext To migrate policies from a test or source DB store to a production or destination DB store, invoke migrateSecurityStore in the target system as follows: migrateSecurityStoretype=policyStore,configFile=t2p-policies.xml,src=DBsour ceContext,dst=DBdestinationContext