Database Reference
In-Depth Information
<jpsContexts default="default">
<!-- This is the default JPS context. All the mandatory services and Login Modules must be configured in this default context -->
<jpsContext name="default">
<serviceInstanceRef ref=
"credstore"
/>
<serviceInstanceRef ref=
"keystore"
/>
<serviceInstanceRef ref=
"policystore.xml"
/>
<serviceInstanceRef ref=
"audit"
/>
<serviceInstanceRef ref=
"idstore.ldap"
/>
</jpsContext>
A careful inspection of the preceding XML snippet gives a fair idea as to how
OWSM looks up service instance references that are registered for OPSS.
Among these services are login modules, authentication providers, authorization
policy providers, credential stores, and auditing services. A detailed read about
OPSS can be accessed at
http://www.oracle.com/technetwork/middleware/id-
Understanding
keystores
and
credential
stores
A
keystore
contains keys used to sign, encrypt, and/or decrypt messages, and
configuring a keystore to be used by the application server is mandatory while
working with message protection policies in OWSM. A keystore can have mul-
tiple keys and each key in the keystore is referred to by an
alias
. These ali-
ases and their corresponding passwords are stored in a credential store called a
cwallet.sso
file in an encrypted format. The keystore itself is protected with
a password that is in the same file. When access to the keystore is required,
the credential store is first queried for the necessary aliases and passwords. It is
confusing to visualize what keys and certificates are exchanged in scenarios like
message signing and encryption. But without a proper understanding of them, it
will be impossible for you to configure security using OWSM.
Both the default keystore and credential store are domain wide artifacts that
an application server expects under the
$DOMAIN_HOME/config/fmwconfig
