Professional Documents
Culture Documents
Applications Infrastructure
Oracle Wallet Manual Configuration Guide
Release 8.1.x
September 2021
OFS AAI Oracle Wallet Manual Configuration Guide
Copyright © 2021 Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions
on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in
your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-
free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable.
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users
are “commercial computer software” pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed
on the hardware, and/or documentation, shall be subject to license terms and license restrictions
applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and
expressly disclaim all warranties of any kind with respect to third-party content, products, and services
unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services, except as set forth in an applicable agreement between you and
Oracle.
For information on third party licenses, see the OFSAA Licensing Information User Manual.
2 Introduction............................................................................................................................ 7
3 Configure OFSAA and Web Application Servers with Oracle Wallet ................................. 8
1 Preface
OFS AAI provides the framework for building, running, and managing applications along with out-of-the-
box support for various Deployment Models, compliance to Technology Standards, and support for a host
of Operating Systems, Middleware, Database, and integration with Enterprise Standard Infrastructure.
1.2 Audience
This guide is intended for System Administrators (SA) and Implementation Consultants, who are
responsible for installing and maintaining the application pack components, maintaining and executing
batches, making the Infrastructure Application secure and operational, and configuring the Users and
Security of Infrastructure.
• OFSAA Architecture
• UNIX Commands
• Database Concepts
1.5 Conventions
The following text conventions are used in this document:
Convention Meaning
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code in
examples, file names, text that appears on the screen, or text that you
enter.
1.6 Abbreviations
The following table lists the abbreviations used in this document:
Abbreviation Meaning
2 Introduction
The Oracle Wallet is a simple and easy method to manage database credentials across multiple domains. It
is a directory on the server where passwords are stored in an encrypted format.
You can manually configure the Oracle Wallet by applying the information provided in the following
topics:
1. Configure OFSAA and Web Application Servers with Oracle Wallet
This is a common configuration procedure that you must apply to your system before you proceed
to configure the Oracle Wallet for a specific Web Server.
2. Select the Web Server Configuration that applies to your system from the following:
▪ Configure OFSAA and WebLogic with Oracle Wallet
▪ Configure OFSAA and Tomcat with Oracle Wallet
▪ Configure OFSAA and WebSphere with Oracle Wallet
3.1 Prerequisites
The following prerequisites must be met to configure OFSAA and Web Application Servers with Oracle
Wallet:
1. UNIX user credentials must be available with which OFSAA was installed.
2. UNIX user credentials must be available with which the Web Application Server (Oracle WebLogic
(WLS) or Apache Tomcat or IBM WebSphere) was installed.
3. OFS AAI version installed must be 8.1.0.0.0 and later.
4. Ensure that the OFSAA installed and deployed has JAVA 8.
NOTE:
The Java version must support the Java Unlimited Cryptographic Policy.
For example, Java version 1.8.0_161+ supports Unlimited Cryptographic Policy.
5. In the .profile file, set the following parameters for Oracle Wallet:
a. Set the Wallet Enabled Flag to TRUE as shown in the following:
OFS_ORA_WAL_ENABLED=TRUE
export OFS_ORA_WAL_ENABLED
b. Set the Wallet Home path for Wallet Creation:
WALLET_HOME=<PATH_TO_THE_DIRECTORY_WHERE_WALLET_RELATED_FILES_HAVE_TO-
BE_CREATED>
export WALLET_HOME
For example,
WALLET_HOME=$ORACLE_HOME/owm/wallet
export WALLET_HOME
c. Modify the entry X_ARGS_GEN in .profile. Add -Doracle.net.tns_admin and -
Doracle.net.wallet_location as shown in the following:
X_ARGS_GEN="-Doracle.net.tns_admin=/scratch/oracle/
app/oracle/product/19.3/client_1/network/admin -
Doracle.net.wallet_location=/scratch/oracle/app/oracle/product/19.3/cli
ent_1/owm/wallet"
export X_ARGS_GEN
Modify the X_ARGS_APP, X_ARGS_OBJMIG, X_ARGS_RLEXE, X_ARGS_RNEXE, and
X_ARGS_WSEXE Environment Variables to include $X_ARGS_GEN at the end of the definition.
6. Ensure that the TNS entries in the tnsnames.ora file, usually found (Location: $TNS_ADMIN) in
the ORACLE_HOME/network/admin directory, are available for each of the schemas created for
the Application Pack.
TIP:
To find the tnsname for the entries, you can connect to the Config Schema and execute
the following query:
select dbname from db_master;
7. Set the location of the Wallet in the sqlnet.ora file usually found (Location: $TNS_ADMIN) in the
ORACLE_HOME/network/admin directory.
Update the following entries in the file:
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY =
/scratch/oracle/app/oracle/product/19.3/client_1/owm/wallet)
)
)
SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0
8. Copy the oraclepki.jar, osdt_cert.jar and osdt_core.jar files from the
$ORACLE_HOME/jlib to $FIC_HOME/ficapp/common/FICServer/lib,
$FIC_HOME/ficapp/icc/lib, and $FIC_HOME/ficdb/lib directories.
9. Create the Oracle Wallet on the OFSAA Processing Tier.
a. Log in as a UNIX user with the permissions to modify the Oracle Wallet.
b. Execute the following command to create the Wallet Store which uses ORACLE_HOME as the
Oracle Client Path. Enter the password when prompted (the same password will be required
later in the procedural steps).
$ORACLE_HOME/bin/mkstore -wrl $WALLET_HOME -create
10. Configure the Oracle Wallet to connect to the Database Server from the Database Client. In other
words, all the database utilities such as sqlplus, tnsping, and sqlldr must communicate correctly
between the Client and the Server.
NOTE:
• CONFIG value is a TNS alias for Config Schema. Do not change this value.
• SYS value is a TNS alias for SYSDBA Schema Users. Do not change this value.
• ATOMICALIASNAME value is a TNS alias for Atomic Schema. It must not contain
underscores.
For example, if the Atomic Schema Name is PROD_OFSAAATM, then the value for
ATOMICALIASNAME must be entered as PRODOFSAAATM.
• If the Config and Atomic Schema passwords are changed over some time, new
password credentials have to be updated for Config and Atomic Schema in the
Oracle Wallet so that OFSAA and the Web Server take the new credentials.
Execute the following command to update passwords of Config and Atomic
Schema users and enter the password to store the credentials in the Wallet when
prompted.
5. Modify the existing JDBC Connection String value in the JDBC_CONN_STR column of the
AAI_DB_PROPERTY and DB_MASTER tables in the Configuration Schema. Update the value for all
entries in the tables mentioned in this step as shown in the following:
Syntax: jdbc:oracle:thin:/@<alias>
Example: jdbc:oracle:thin:/@CONFIG
6. Modify DEFAULT_CONNECTION_URL in the $FIC_HOME/conf/DynamicServices.xml file to
the JDBC URL which connects to the Configuration Schema as shown in the following:
Syntax: jdbc:oracle:thin:/@<alias>
Example: jdbc:oracle:thin:/@CONFIG
7. Restart the OFSAA Services.
NOTE:
Ensure that the TNS_ADMIN and WALLET LOCATION entry is in the Domain directory
so that after the configuration of the Cluster it can be copied to the secondary
WebLogic Server instances.
For more information, see the OFSAA Clustered Environment Configuration Guide.
4. Edit the ATOMIC and SANDBOX Schemas in the WLS JNDI Data Source Connections. Perform a
Test Connection on each Data Source.
5. Restart the WebLogic Services and all the managed services across all nodes if it is clustered.
7. Navigate to Resources > JDBC > Data sources and click the link that corresponds to the Config,
Atomic, and Sandbox Datasource. Update to use SSL.
10. Click OK and return to the main Datasource Configuration Window. Scroll to the bottom of the
window where the connection properties are displayed and update the URL to the SSL value.
12. Click Test connection to test the connection to the Oracle Server.
13. Restart the WebSphere Services and all the managed services across nodes if it is clustered.
OFSAA Support
Raise a Service Request (SR) in My Oracle Support for queries related to OFSAA Applications.