Skip to main content

Managing the Domain Credential Store/ Automation with ANT Scripts

Hello Everyone,

 Hope you are doing well, Today i am going to discuss how to manage domain credential stores and how we can create some WLST based ANT Scripts, But before that i will discuss what is it and why we use it.

 A credential store is a repository of security data (credentials). A credential can hold username and password combinations, tickets, or public key certificates.

 Credentials can be provisioned, retrieved, modified, or deleted, but only by a user in the appropriate administration role. The following sections explain how an administrator can manage credentials using FMC pages or WLST commands, and how code can access data in the CSF.

Managing Credentials with Fusion Middleware Control: Fusion Middleware Control allows the management of credentials in a WebLogic domain, regardless of the type of credential store provider used in the domain.


Managing Credentials: This section explains the steps you follow to manage credentials in a domain credential store with Fusion Middleware Control, such as creating, viewing, deleting, or updating a credential stored in the credential store.

  1. Log in to Oracle Enterprise Manager and navigate to Domain > Security > Credentials, to display the Credentials page.
  2. The area Credential Store Provider is read-only and, when expanded, displays the credential store provider currently in use in the domain.
  3. At any point, use the button Delete to remove a selected item (key or map) in the table. Note that deleting a credential map, deletes all keys in it. Similarly, use the button Edit to view or modify the data in a selected item.
  4. To display credentials matching a given key name, enter the string to match in the box Credential Key Name, and then click the blue button to the right of it. The result of the query is displayed in the table.
  5. To redisplay the list of credentials after examining the results of a query, select Domain > Security > Credentials.
To create a credential map:
  1. Click Create Map to display the Create Map dialog.
  2. In this dialog, enter the name of the map for the credential being created.
  3. Click OK to return to the Credentials page. The new credential map name is displayed with a map icon in the table
To add a key to a credential map:
  1. Click Create Key to display the Create Key dialog.
  2. In this dialog, select a map from the menu Select Map where the key is inserted, enter a key in the text box Key, select a type from the menu Type(the appearance of the dialog changes according to the type selected), enter the required data.
  3. Click OK when finished to return to the Credentials page. The new key is shown under the map icon corresponding to the map you selected.

Managing Credentials with WLST Commands:  If a domain administrator does not want to use Fusion Middleware Control to manage credentials or wants to execute a frequent task automatically, the administrator can create a WLST script that invokes WLST security-related commands.

An online command is a command that to operate requires the Oracle WebLogic Server to be running. All commands below operate on a domain credential store, regardless of whether it is file-based or LDAP-base, to which you connect just before the commands are available.
Read-only commands can be performed only by users in the following roles: Monitor, Operator, Configurator, or Admin. Read-write commands can be performed only by users in the following roles: Admin or Configurator. All WLST commands are available out-of-the-box with the installation of the Oracle WebLogic Server.
  1. listCred: listCred(map="mapName", key="keyName")
  2. updateCred: updateCred(map="myMap", key="myKey", user="myUsr", password="myPassw")
  3. createCred: createCred(map="myMap", key="myKey", user="myUsr", password="myPassw")
  4. deleteCred: deleteCred(map="mapName",key="keyName")
How to use these commands on WLST Script:
  1. Open a Windows Command Prompt or Linux/Unix Shell Terminal to start the WebLogic Server Administration Scripting Shell utility. Enter the following, depending on the system.
  2. Go to: C:\<<ORACLE HOME>>\wlserver\common\bin> wlst
  3. At the WLST utility prompt, connect to the Admin Server.
  4. wlst:/offline> connect(‘weblogic’,’welcome1′,’t3://localhost:7001′)
  5. Once the user is successfully connected to the Admin Server, the following commands can be executed, Execute any of the above commands.
  6. createCred(map=<<keyMapName>>,key=<<keyName>>,user=<<keyUser>>,password=<<keyPass>>,desc=<<keyDesc>>)
Automation WLST Script with ANT will be something like it:

<target name=”createCSFKeyCred”>
<wlst debug=”false” arguments=”${admin.username} ${admin.password} ${admin.server} ${map} ${keyCredentialsName} ${user} ${password} ${desc}”>
<script>
adminUser=sys.argv[0]
adminPassword=sys.argv[1]
adminUrl=sys.argv[2]
keyMap=sys.argv[3]
keyName=sys.argv[4]
keyUser=sys.argv[5]
keyPass=sys.argv[6]
keyDesc=sys.argv[7]
print(‘Connecting to WLST Server’)
connect (adminUser,adminPassword,adminUrl) 
print(‘Creating Security Credentials’)
createCred(map=keyMap,key=keyName,user=keyUser,password=keyPass,desc=keyDesc)
disconnect() 
print(‘Disconnecting….’)
</script>
</wlst>
</target>
Labels:

Comments

Post a Comment

Popular posts from this blog

Solution for BPM standard dashboard & activity guide not working in Oracle SOA 12.2.1.0 C

As earlier i publish a post about different issue of Oracle BPM, After some oracle support i got to fixed them. Issue Blog Here... Issue 3:BPM 12.2.1 process workspace activity guide not working. if you have a normal BPM Process, then this is the issue. In order to have data populated in "Activity Guide" firstly you should create a BPMN Guided Business Process. Below you can find the documentation about activity guide and how to create a Guided Business Process: https://docs.oracle.com/middleware/1221/bpm/bpm-develop/GUID-F765955D-90A5-48D4-8D2A-2F01FBB539E3.htm#BPMPD901 And here is specified: " A Guided Business Process is modeled as an activity guide that is based on a business process. The Activity Guide includes a set of Milestones. A milestone is a contained set of tasks that the end user has to complete. A milestone is complete when the user successfully runs a specific set of tasks in the milestone. " And in the below chapters you will find the ...
Post a Comment
Read more

Oracle SOA 12C rest adapter with Custom HTTP headers

Most existing web applications are connected through web services, which are commonly known as SOAP services. More and more users are relying on mobile devices for communication, and they’re looking for lighter ways to access enterprise information on the go. REST services are the answer for the mobile device platform, because they get rapid responses and fast access to data. Oracle SOA Suite 12 c  provides a complete set of service infrastructure components for designing, deploying, and managing composite applications. Oracle SOA Suite 12 c  enables services to be created, managed, and orchestrated into composite applications and business processes. Some time we have need to send HTTP headers in REST service, In OSB we use header component and add what ever is needed but in oracle SOA 12C it's little bit different. Let see how we can do it. Create one SOA Application. Create one SOA Sample project inside SOA Application. Go to composite and drag drop REST ...
22 comments
Read more

Swagger API document from Any WADL & Schema in Oracle SOA

Hi everyone, Hope everyone is doing well these days, Recently i started a project work over how to generate swagger API document for your any REST API, In case if you don't know what is swagger please go and check " https://swagger.io/tools/swagger-editor/ ". It's a great and easy to use tool which will help to create user friendly, human readable form API documentation with extension for generating API client in different languages with capability of testing your API from same. What is swagger editor, Design, describe, and document your API on the first open source editor fully dedicated to OpenAPI-based APIs. The Swagger Editor is great for quickly getting started with the OpenAPI (formerly known as the Swagger Specification) specification, with support for Swagger 2.0 and OpenAPI 3.0.  What benefits you will get by using swagger, Runs Anywhere, The Editor works in any development environment, be it locally or in the web. Smart Feedback, Validate you...
8 comments
Read more