Configuring Oracle Information Rights Management 8-7 3. For the key store path, enter one of the following values. – Key store path for an AES key store UNIX path: MW_HOMEuser_projectsdomains DomainHomeconfigfmwconfigirm.jceks Windows path: MW_HOME\user_projects\domains \DomainHome\config\fmwconfig\irm.jceks – Key store path for an RSA key store UNIX path: MW_HOMEuser_projectsdomains DomainHome configfmwconfigirm.jks Windows path: MW_HOME\user_projects\domains \DomainHome\config\fmwconfig\irm.jks

8.1.2.4 Adding Key Store Passwords to the Credential Store

You must add passwords for the Oracle IRM key store to the credential store with WLST commands. A key store password and a password for the generated key were set when the key store was created. These passwords are required by the Oracle IRM server. To add key store passwords to the credential store: ■ For an AES key store, enter the following WLST commands: – UNIX operating system ECM_ORACLE_HOME oracle_commoncommonbinwlst.sh connectusername,password,t3:adminServerHost:adminServerPort createCredIRM,keystore:irm.jceks,dummy,password createCredIRM,key:irm.jceks:oracle.irm.wrap,dummy,password – Windows operating system ECM_ORACLE_HOME \oracle_common\common\bin\wlst.cmd connectusername,password,t3:adminServerHost:adminServerPort createCredIRM,keystore:irm.jceks,dummy,password createCredIRM,key:irm.jceks:oracle.irm.wrap,dummy,password 8-8 Oracle Fusion Middleware Installation Guide for Oracle Enterprise Content Management Suite ■ For an RSA key store, enter the following WLST commands: – UNIX operating system ECM_ORACLE_HOME oracle_commoncommonbinwlst.sh connectusername,password,t3:adminServerHost:adminServerPort createCredIRM,keystore:irm.jks,dummy,password createCredIRM,key:irm.jks:oracle.irm.wrap,dummy,password – Windows operating system ECM_ORACLE_HOME \oracle_common\common\bin\wlst.cmd connectusername,password,t3:adminServerHost:adminServerPort createCredIRM,keystore:irm.jks,dummy,password createCredIRM,key:irm.jks:oracle.irm.wrap,dummy,password

8.1.2.5 Configuring the Policy and Credential Store

Oracle IRM uses the Credential Store Framework of Oracle Platform Security Services OPSS to retrieve passwords for the Oracle IRM key store. There are no specific configuration steps for Oracle IRM if the credential and policy stores are reassociated with an external LDAP authentication provider, as described in Section 4.9, Reassociating the Identity Store with an External LDAP Authentication Provider. Notes: ■ In the connect command, substitute the correct values for username and password. ■ In the createCred command, substitute for password the password that was used for creating the key and key store. ■ The dummy parameter passed to the createCred command is the user name parameter. The key store does not use a user name, so this value is ignored. This is why the value is set as dummy. ■ It is normal for the creatCred command to return the text Already in Domain Runtime Tree. This text does not signify an error. Notes: ■ In the connect command, substitute the correct values for username and password. ■ In the createCred command, substitute for password the password that was used for creating the key and key store. ■ The dummy parameter passed to the createCred command is the user name parameter. The key store does not use a user name, so this value is ignored. This is why the value is set as dummy. ■ It is normal for the creatCred command to return the text Already in Domain Runtime Tree. This text does not signify an error. Configuring Oracle Information Rights Management 8-9

8.2 Validating the Oracle IRM Installation

When the Oracle IRM Managed Server is running, the Oracle IRM application is deployed to the Oracle WebLogic Server domain. You can validate that the installation was successful by accessing this URL: https:managedServerHost:managedServerPortirm_desktop For example: https:myhost.example.com:16101irm_desktop

8.3 Configuring the Identity Store

Oracle IRM uses OPSS to obtain user and group details from the external LDAP authentication provider. For information about configuring the identity store, see Section 4.9, Reassociating the Identity Store with an External LDAP Authentication Provider.

8.4 Integrating Oracle IRM with Oracle Access Manager 11g

Oracle Access Manager is the recommended single sign-on SSO solution for Oracle Enterprise Content Management Suite applications. It provides flexible and extensible authentication and authorization, as well as audit services. You can integrate Oracle IRM with Oracle Access Manager by configuring both of them for the integration. Oracle IRM supports Basic authentication with Oracle Access Manager, which contains an authorization engine that grants or denies access to particular resources based on properties of the user requesting access as well as on the environment from which the request was made. Oracle IRM currently has limited support for SSO through Oracle Access Manager 11g, as described in this section. Public URIs need to be specified for Oracle Access Manager 11g: ■ irm_rights ■ irm_rights... IRM Desktop does not support Oracle Access Manager 11g. You also need to protect the following URI: ■ irm_rightsfaces Implementation of single sign-on SSO with the Oracle IRM 11g server management console will enable access to applications as expected. Input of a valid user name and password combination during the same SSO session will be recognized. Implementation of SSO for Oracle IRM Desktop with Oracle Access Manager 10g is possible but will not enable access to multiple applications in the same session by entry of a single username and password combination. Oracle IRM Desktop users will be prompted for a user name and password even if they have already supplied a valid user name and password within the same SSO session. This level of support for SSO is provided so that users can be shown a recognizable sign-on dialog that will indicate the correct user name and password combination to be entered.