Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" schema-major-version="11" schema-minor-version="1">
- <property name="oracle.security.jps.jaas.mode" value="off"/>
- <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>
- <property name="oracle.security.jps.enterprise.role.class" value="weblogic.security.principal.WLSGroupImpl"/>
- <property name="app.roles.source" value="PDP"/>
- <propertySets>
- <propertySet name="saml.trusted.issuers.1">
- <property name="name" value="www.oracle.com"/>
- </propertySet>
- <propertySet name="UserOrgID">
- <property name="ootb.pip.attr.type" value="OOTB_PIP_ATTRIBUTE"/>
- <property name="name" value="UserOrgID"/>
- <property name="ootb.pip.ref" value="UserOrgAR"/>
- <property name="query" value="select * from ( select mda.VALUE from USER_ACCOUNT ua inner join SECURITY_PRINCIPAL sp on sp.SECURITY_PRINCIPAL_ID = ua.SECURITY_PRINCIPAL_ID inner join M_SECURITY_PRINCIPAL_DATA mspd on mspd.PARENT_ID = sp.SECURITY_PRINCIPAL_ID and mspd.KEY = N'PathName' inner join PERSONAGE pers on ua.PERSONAGE_ID = pers.PERSONAGE_ID inner join POST pst on pst.POST_ID = pers.POST_ID inner join DEPARTMENT d on d.DEPARTMENT_ID = pst.DEPARTMENT_ID inner join ( select connect_by_root( d.DEPARTMENT_ID ) ROOT_DEP_ID, d.DEPARTMENT_ID, LEVEL as TreeLevel from DEPARTMENT d connect by prior d.DEPARTMENT_ID = d.PARENT_ID order by LEVEL ) TreeDepartments on TreeDepartments.DEPARTMENT_ID = d.DEPARTMENT_ID inner join M_DEPARTMENT_DATA mda on mda.PARENT_ID = TreeDepartments.ROOT_DEP_ID where MDA.KEY = N'ExternalID' and upper(mspd.VALUE) = upper(%SYS_USER%) order by TreeDepartments.TreeLevel asc ) where rownum = 1;"/>
- </propertySet>
- </propertySets>
- <serviceProviders>
- <serviceProvider class="oracle.security.jps.az.internal.runtime.provider.PIPServiceProvider" name="pip.service.provider" type="PIP"/>
- <serviceProvider type="CREDENTIAL_STORE" name="credstoressp" class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider">
- <description>SecretStore-based CSF provider</description>
- </serviceProvider>
- <serviceProvider type="IDENTITY_STORE" name="idstore.xml.provider" class="oracle.security.jps.internal.idstore.xml.XmlIdentityStoreProvider">
- <description>XML-based IdStore Provider</description>
- </serviceProvider>
- <serviceProvider type="POLICY_STORE" name="policystore.xml.provider" class="oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider">
- <description>XML-based PolicyStore Provider</description>
- </serviceProvider>
- <serviceProvider type="LOGIN" name="jaas.login.provider" class="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider">
- <description>This is Jaas Login Service Provider and is used to configure login module service instances</description>
- </serviceProvider>
- <serviceProvider type="KEY_STORE" name="keystore.provider" class="oracle.security.jps.internal.keystore.KeyStoreProvider">
- <description>PKI Based Keystore Provider</description>
- <property name="provider.property.name" value="owsm"/>
- </serviceProvider>
- <serviceProvider type="AUDIT" name="audit.provider" class="oracle.security.jps.internal.audit.AuditProvider">
- <description>Audit Service</description>
- </serviceProvider>
- <serviceProvider type="PDP" name="pdp.service.provider" class="oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider"/>
- <serviceProvider type="POLICY_STORE" name="policy.rdbms" class="oracle.security.jps.internal.policystore.OPSSPolicyStoreProvider">
- <property name="policystore.type" value="DB_ORACLE"/>
- </serviceProvider>
- <serviceProvider type="POLICY_STORE" name="policy.oid" class="oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider">
- <property name="policystore.type" value="OID"/>
- </serviceProvider>
- </serviceProviders>
- <serviceInstances>
- <serviceInstance name="credstore" provider="credstoressp" location="./">
- <description>File Based Credential Store Service Instance</description>
- </serviceInstance>
- <serviceInstance name="idstore.xml" provider="idstore.xml.provider" location="./system-jazn-data.xml">
- <description>File Based Identity Store Service Instance</description>
- <property name="subscriber.name" value="jazn.com"/>
- </serviceInstance>
- <serviceInstance name="policystore.xml" provider="policystore.xml.provider" location="./system-jazn-data.xml">
- <description>File Based Policy Store Service Instance</description>
- </serviceInstance>
- <serviceInstance name="idstore.loginmodule" provider="jaas.login.provider">
- <description>Identity Store Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.idstore.IdStoreLoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- </serviceInstance>
- <serviceInstance name="keystore" provider="keystore.provider" location="./default-keystore.jks">
- <description>Default JPS Keystore Service</description>
- <property name="keystore.provider.type" value="file"/>
- <property name="keystore.file.path" value="./"/>
- <property name="keystore.type" value="JKS"/>
- <property name="keystore.csf.map" value="oracle.wsm.security"/>
- <property name="keystore.pass.csf.key" value="keystore-csf-key"/>
- <property name="keystore.sig.csf.key" value="sign-csf-key"/>
- <property name="keystore.enc.csf.key" value="enc-csf-key"/>
- </serviceInstance>
- <serviceInstance name="audit" provider="audit.provider">
- <property name="audit.filterPreset" value="None"/>
- <property name="audit.maxDirSize" value="0"/>
- <property name="audit.maxFileSize" value="104857600"/>
- <property name="audit.loader.jndi" value="jdbc/AuditDB"/>
- <property name="audit.loader.interval" value="15"/>
- <property name="audit.loader.repositoryType" value="File"/>
- </serviceInstance>
- <serviceInstance name="saml.loginmodule" provider="jaas.login.provider">
- <description>SAML Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.saml.JpsSAMLLoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- <propertySetRef ref="saml.trusted.issuers.1"/>
- </serviceInstance>
- <serviceInstance name="saml2.loginmodule" provider="jaas.login.provider">
- <description>SAML2 Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.saml.JpsSAML2LoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- <propertySetRef ref="saml.trusted.issuers.1"/>
- </serviceInstance>
- <serviceInstance name="krb5.loginmodule" provider="jaas.login.provider">
- <description>Kerberos Login Module</description>
- <property name="loginModuleClassName" value="com.sun.security.auth.module.Krb5LoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- <property name="storeKey" value="true"/>
- <property name="useKeyTab" value="true"/>
- <property name="doNotPrompt" value="true"/>
- <property name="keyTab" value="./krb5.keytab"/>
- <property name="principal" value="HOST/localhost@EXAMPLE.COM"/>
- </serviceInstance>
- <serviceInstance name="digest.authenticator.loginmodule" provider="jaas.login.provider">
- <description>Digest Authenticator Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.digest.DigestLoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- </serviceInstance>
- <serviceInstance name="certificate.authenticator.loginmodule" provider="jaas.login.provider">
- <description>X509 Certificate Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.x509.X509LoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- </serviceInstance>
- <serviceInstance name="wss.digest.loginmodule" provider="jaas.login.provider">
- <description>WSS Digest Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.digest.WSSDigestLoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- </serviceInstance>
- <serviceInstance name="user.authentication.loginmodule" provider="jaas.login.provider">
- <description>User Authentication Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- </serviceInstance>
- <serviceInstance name="bootstrap.credstore" provider="credstoressp" location="./bootstrap">
- <property name="location" value="./bootstrap"/>
- </serviceInstance>
- <serviceInstance name="user.assertion.loginmodule" provider="jaas.login.provider">
- <description>User Assertion Login Module</description>
- <property name="loginModuleClassName" value="oracle.security.jps.internal.jaas.module.assertion.JpsUserAssertionLoginModule"/>
- <property name="jaas.login.controlFlag" value="REQUIRED"/>
- </serviceInstance>
- <serviceInstance name="credstore.enroll" provider="credstoressp" location="/oracle/fmw/oes/oes_sm_instances/VPD1/config/enroll"/>
- <serviceInstance name="policystore.rdbms" provider="policy.rdbms">
- <property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>
- <property name="jdbc.url" value="jdbc:oracle:thin:@eb-oe-poib-db-rac:1526/poibdb.budget.gov.ru"/>
- <property name="oracle.security.jps.ldap.root.name" value="cn=jpsroot"/>
- <property name="oracle.security.jps.farm.name" value="cn=oes_domain"/>
- <property name="bootstrap.security.principal.key" value="oes_sm_key_new"/>
- <property name="bootstrap.security.principal.map" value="oes_sm_map_new"/>
- </serviceInstance>
- <serviceInstance name="pdp.service" provider="pdp.service.provider">
- <property name="oracle.security.jps.runtime.pd.client.policyDistributionMode" value="controlled-pull"/>
- <property name="oracle.security.jps.runtime.pd.client.sm_name" value="VPD1"/>
- <property name="oracle.security.jps.runtime.pd.client.SMinstanceType" value="java"/>
- <property name="oracle.security.jps.pd.client.PollingTimerEnabled" value="true"/>
- <property name="oracle.security.jps.pd.client.PollingTimerInterval" value="600"/>
- <property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>
- <property name="jdbc.url" value="jdbc:oracle:thin:@eb-oe-poib-db-rac:1526/poibdb.budget.gov.ru"/>
- <property name="oracle.security.jps.ldap.root.name" value="cn=jpsroot"/>
- <property name="oracle.security.jps.farm.name" value="cn=oes_domain"/>
- <property name="bootstrap.security.principal.key" value="oes_sm_key_new"/>
- <property name="bootstrap.security.principal.map" value="oes_sm_map_new"/>
- <property name="policystore.type" value="DB_ORACLE"/>
- </serviceInstance>
- <serviceInstance name="UserOrgAR" provider="pip.service.provider">
- <property name="type" value="RDBMS_PIP"/>
- <property name="jdbc.url" value="jdbc:oracle:thin:@eb-oe-poib-db-rac:1526/poibdb.budget.gov.ru"/>
- <property name="jdbc.driver" value="oracle.jdbc.driver.OracleDriver"/>
- <property name="bootstrap.security.principal.key" value="cube_key"/>
- <property name="bootstrap.security.principal.map" value="cube_map"/>
- <property name="failed.server.retry.interval" value="10"/>
- </serviceInstance>
- </serviceInstances>
- <jpsContexts default="default">
- <jpsContext name="default">
- <serviceInstanceRef ref="audit"/>
- <serviceInstanceRef ref="credstore"/>
- <serviceInstanceRef ref="idstore.xml"/>
- <serviceInstanceRef ref="pdp.service"/>
- <serviceInstanceRef ref="UserOrgAR"/>
- </jpsContext>
- <jpsContext name="bootstrap_credstore_context">
- <serviceInstanceRef ref="bootstrap.credstore"/>
- </jpsContext>
- <jpsContext name="oracle.security.jps.fmw.authenticator.DigestAuthenticator">
- <serviceInstanceRef ref="digest.authenticator.loginmodule"/>
- </jpsContext>
- <jpsContext name="oracle.security.jps.fmw.authenticator.BasicAuthenticator">
- <serviceInstanceRef ref="idstore.loginmodule"/>
- </jpsContext>
- <jpsContext name="X509CertificateAuthentication">
- <serviceInstanceRef ref="certificate.authenticator.loginmodule"/>
- </jpsContext>
- <jpsContext name="SAML">
- <serviceInstanceRef ref="saml.loginmodule"/>
- </jpsContext>
- <jpsContext name="smsec">
- <serviceInstanceRef ref="credstore.enroll"/>
- </jpsContext>
- </jpsContexts>
- </jpsConfig>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement