Wednesday, 27 April 2016

Enable OPSS Authorization ON Weblogic

When you are installing weblogic with EDG structure.
There is a documented bug with the approach. Your system jazn file get over write with each managed server you start.

First when you start the SOA managed server, all the roles will be mapped in the system jazn file.
then you go start a BAM server, It will overwrite the previous roles and adds only BAM Roles.

Oracle suggest to have OPSS Store to avoid missing the roles.

To have OPSS enable on Weblogic, You need to have RCU executed OPSS schemas.

1. Run RCU with OPSS.
2. Shutdown the AdminServer, Copy Security config from MGD_HOME to ADM_HOME
3. Start the AdminServer.

4.  Create A New Generic Data Source
      a.                        Name: opss-rac<RACn>
                        JNDI Name: jdbc/opss-rac<RACn>
                       Database Driver: *Oracle's Driver (Thin) for RAC Service-Instance Connections; Versions: 10 and later
                                              Uncheck ""Supports Global Transactions""
                             Select Targets
                Servers:
                        Check ""AdminServer""
                Clusters:
                        Check ""<<<env>>>OSB""
                        Check ""<<<env>>>SOA""
                        Check ""<<<env>>>WSM""
5. Create A New Multi Data Source
 Name: opss
                        JNDI Name: jdbc/opss
                        Algorithm Type: Load-Balancing
                        Click ""Next""
        Select Targets
                Servers:
                                Check ""AdminServer""
                Clusters:
                                Check ""<<<env>>>OSB""
                                Check ""<<<env>>>SOA""
                                Check ""<<<env>>>WSM""
                Click ""Next""
        Select Data Source Type
                Select ""Non-XA Driver""
                Click ""Next""
        Add Data Sources
                Check all ""opss-rac<n>"" in Available list
6. Reassociate OPSS security store with DB Schema

*********choose the WLST from Oracle_SOA/common/bin

connect() to adminServer
reassociateSecurityStore(domain=""<<<env>>>_domain"",servertype=""DB_ORACLE"",datasourcename=""jdbc/opss"", jpsroot=""cn=jps_<<<env>>>node"",join=""false"")

        exit()

7. Clear file based policy store
> cd $ADM_HOME/config/fmwconfig
> mv system-jazn-data.xml system-jazn-data.xml.opss.<<<yyyymmmdd>>>
> touch system-jazn-data.xml