Plug-in Documentation

Oracle WebLogic Server Security Management

Overview

The Oracle WebLogic Security Management plug-in automates the management of security features on an Oracle WebLogic server.

The plug-in includes the following steps:

Compatibility

This plug-in requires version 6.0.1 of IBM UrbanCode Deploy.

This plug-in supports WebLogic Server versions 10g and later.

The steps in this plug-in run on any agents that the IBM UrbanCode Deploy server supports.

Installation

No special steps are required for installation. See Installing plug-ins in UrbanCode products.

History

Initial version 2.504117 released on May 22, 2014

Usage

Before you begin

To use this plug-in, the Oracle WebLogic Server version 10g or later and agent must be installed.

Step palette

To access this plug-in in the palette, click Application Server > WebLogic > WebLogic Security Management.

About this plug-in

All steps have a required property, which points to the location of a Java bean configuration file. The file contains information for accessing the WebLogic server. The plug-in contains a example file that you can use; however, you can use your own file. The example file is wlsMetadata.xml.

When you create an authentication provider or realm, use the Create or Update step for the object. Do not use the Update step to create objects.

After you deploy changes, you must restart the WebLogic server in order for the changes to take effect. The server does not detect changes until it is restarted.

Step properties also specify the following information.

JAR file paths on the WebLogic server
The steps rely on the following files on the WebLogic server. You provide the path to them in step properties.

  • <OracleServerDirectory>/wlserver_version/server/lib/wlthint3client.jar
  • <OracleServerDirectory>/wlserver_version/server/lib/wljmxclient.jar
  • <OracleServerDirectory>/wlserver_version/server/lib/wlclient.jar

Connection information file for accessing the WebLogic server
All steps also require connection information for accessing the WebLogic server. Access information is defined in a Java beans configuration file. You provide the path to it in step properties. The wlsMetadata.xml file provided with the plug-in is a working example. You can provide your own file.

Configuration information for security objects
You create JMX or XML properties files that define the security objects to create or modify. Objects such as role mapper, roles, realm, authentication provider, users and groups. You provide the path to it in step properties. Example files are provided with the plug-in for roles, users, and groups.

  • roles.xml
  • users_groups.xml

Troubleshooting

Troubleshooting hints and tips

If you experience one of the following problems when you use the plug-in, check the associated tip for resolving the issue.

Cannot connect to WebLogic server

Check that the Host Name property is a simple hostname or IP address. Do not use a protocol in the property value. For example, omit http:.

Changes do not seem to take affect

After you change security objects, you must restart the WebLogic server for changes to take affect. After the restart, changes can be viewed in the user interface.

Problems in working with roles, users, or groups

Use XML files to specify changes to these objects, rather than JMX files. Some errors can be caused by trying to create an object that already exists. For example, if you attempt to create a role that already exists, the step fails.

Incorrect provider name is used when an authentication provider is created

If the created authentication provider has a name that matches the provider type rather than the name you specified, an incorrect step might have been used. Use the Create or Update Authentication Provider step. Do not use the Update Authentication Provider step when you create an authentication provider.

JAR files on the server are inconvenient to track

You can set up and use a wlfullclient.jar file. See the instructions in the Oracle documentation.

Steps

Process steps in the WLS Security Management plug-in

Create Role Mapper

Use this step to create a role mapper on a WebLogic server.

Input properties for the Create Role Mapper step
Name Type Description Required
JMX JAR Path String The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
Realm String The name of the security realm for which the role mapper is created. Yes
Role Mapper Name String The name of the role mapper to be created. Yes
Role Mapper Properties String The path of the role mapper properties file. Yes
Role Mapper Type Enumeration The type of role mapper to be created. Specify either DefaultRoleMapper or XACMLRoleMapper. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
WebLogic Port String The port number of the WebLogic server. Yes

Create or Update Authentication Provider

Use this step to create an authentication provider on the WebLogic server.

Input properties for the Create or Update Authentication Provider step
Name Type Description Required
Authentication Provider Name String The name of the authentication provider to be created. Yes
Authentication Provider Properties String The path to the authentication provider properties file. Yes
Authentication Provider Type String The type of authentication provider to be created. Yes
JMX JAR Path String The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
Realm String The name of the security realm for which the authentication provider is created. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
Weblogic Port String The port number of the WebLogic server. Yes

Create or Update Realm

Use this step to create or update a realm on a WebLogic server.

Input properties for the Create or Update Realm step
Name Type Description Required
JMX JAR Path String The path to the wlfullclient.jar file which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
Realm String The name of the realm to be created on the WebLogic server. Yes
Realm Properties Path String The path to the realm properties file. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
WebLogic Port String The port number of the WebLogic server. Yes

Manage Users and or Groups

Use this step to manage users and groups that are associated with a security realm by using an XML file.

Input properties for the Manage Users and Groups step
Name Type Description Required
JMX JAR Path String The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
WebLogic Port String The port number of the WebLogic server. Yes
XML File Path String The path to the XML file that defines the actions to take for the specified users and groups. An example XML file, which is named users_groups.xml, is located in the /extras directory. Yes

Manages Roles

Use this step to manages roles on a WebLogic server using an XML file.

Input properties for the Manages Roles step
Name Type Description Required
JMX JAR Path String The path to the wlfullclient.jar file which is located in the server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
Role Operations String The path to the XML file that contains the role operations. This file describes the operations that are associated with each properties. An example XML file, which is named roles.xml, is located in the /extras directory. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
WebLogic Port String The port number of the WebLogic server. Yes

Update Authentication Provider

Use this step to update an authentication provider on a WebLogic server.

Input properties for the Update Authentication Provider step
Name Type Description Required
Authentication Provider Name String The name of the authentication provider to be updated. Yes
Authentication Provider Properties String The path to the authentication provider properties file. Yes
Authentication Provider Type String The type of authentication provider to be updated. Yes
JMX JAR Path String The path to the wlfullclient.jar file, which is located in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
Realm String The name of the security realm for which the authentication provider is updated. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
WebLogic Port String The port number of the WebLogic server. Yes

Update Realm

Use this step to update a security realm on a WebLogic server.

Input properties for the Update Realm step
Name Type Description Required
JMX JAR Path String The path to the wlfullclient.jar file which is location in the /server/lib directory. Specify the complete directory structure, for example: WebLogic_home_directory/server/lib/wlfullclient.jar. Yes
Metadata File Path String The path to the wlsMetadata.xml file. The file contains connection information for the WebLogic server. An example file is located in the /extras directory. Yes
Password Password The password to use to authenticate with the WebLogic server. Yes
Realm String The name of the security realm to be updated. Yes
Realm Properties Path String The path to the realm properties file. Yes
User Name String The user name to use to authenticate with the WebLogic server. Yes
WebLogic Hostname String The host name of the computer where the WebLogic server is installed. Yes
WebLogic Port String The port number of the WebLogic server. Yes