The “Reassociation” Business
(Doc ID 2932883.1)
Last updated on MAY 06, 2024
Applies to:
Oracle SOA Suite - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Purpose
Introduction
Since Fusion Middleware 11.1.1.4, OPSS (Oracle Platform Security Services) support 3 types of security stores: file, OID (Oracle Internet Directory) and Oracle database. When a Weblogic server domain is first created, OPSS is "associated" to a file-based security store by default, which is OK for development purposes. But for production this is not recommended (Please check Multiple Nodes Servers Environments section in OPSS docs). It would be OK if your whole environment was a single Weblogic domain with only one server on a single machine. But 99.99% of the cases are not like that. Usually, a SOA or WebCenter environment is composed of multiple servers in clusters spread across different machines. A file-based security store is not a scalable option. In these cases, you need to look at OID or the database. Fusion Applications, a gigantic set of apps, has adopted OID as the security store.
The OPSS security store is a composite of policies, credentials, keys and audit services. Notice that I am leaving the identity store service out. OPSS delegates the identity store service to the identity providers configured in WebLogic server.
As a side note, OPSS is not a product, but a set of security services used by Fusion Middleware. If you’re a Fusion Middleware user, trying to understand OPSS is a great idea.
This post is about the nitty-gritty details of configuring (or reassociating) a Weblogic server domain (or multiple domains) to a different type of security store. That’s where the term "reassociation" comes from.
Scope
The information presented here is a small subset, but complements and sometimes overlaps the "Configuring OPSS Security Store" documentation (reading is strongly recommended).
Before going any further on reassociation, let me talk a bit about an important character: jps-config.xml.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Scope |
Details |