Discovery Mode in OES 11g for WebLogic/OSB Security Module : oracle.security.jps.discoveryMode

Oracle Entitlement Server (OES) is a fine grained Authorization Server from Oracle (acquired from BEA’s Aqualogic Entitlement Server) where you define Policy for an application that covers all application resources that must be protected. OES Security Module (OESSM) acts as Policy Enforcement Point (PEP) and can also act as Policy Decision Point (PDP)

.

How to identify what application resource to be protected and what policy to define ?

Well to achieve this, you install & configure OES Security Module and enable Discovery Mode for this Security Module. Once Security Module is configured in Discovery Mode then perform action on application that reflects actual use of application . Based on actions performed by user, OES will generate policy set to files that can be imported to OES Server .

Note: Discovery mode doesn’t implement policy, it just creates policy set that can be imported to OES for enforcement.

Note: Discovery mode doesn’t create policy set of everything and this policy set should be used as starting point to create policies required in OES to protect application.

.

How to enable Discovery Module for OESSM in OES 11g

1. Start OESSM Config tool

cd $OESCLIENT_ORACLE_HOME/oes_sm_instances/[OESSM_NAME]/bin/ (where OESSM_NAME in my case is )

./oessmconfig.sh  -jpsconfig [WEBLOGIC_APPS_DOMAIN]/config/fmwconfig/jps-config.xml  (jps-config.xml is from $DOMAIN_HOME/config/fmwconfig where application is deployed for which you wish to discovery policy set)

2. Select tab Advanced and set
a) Discovery Mode to TRUE
b) Discovered Policy Directory to Directory where you wish to store discovered policy files

 

3. Save the changes and it will add following property in [WEBLOGIC_APPS_DOMAIN]/config/fmwconfig/jps-config.xml

oracle.security.jps.discoveryMode
oracle.security.jps.discoveredPolicyDir

 

 

Note: Above step will create discovered policy in file discovery-jazn-data.xml under directory defined by oracle.security.jps.discoveredPolicyDir

More on discovered policy format and importing discovered policy data to OES in later posts !!

 

Note: During Discovery Mode of OESSM, OES policies for that Security Module are not enforced.

Related/References

 

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Not found