Steps to create a domain with RDBMS Security store in WebLogic 12c

Weblogic Server uses an embedded LDAP server as the default security store when you create a new domain.

Optionally, you could configure an external RDBMS as a security store.

Oracle recommends that you configure the RDBMS security store at the time of domain creation. In prior Weblogic releases, we had an option to configure RDBMS security store in config wizard, during the domain creation but it is now deprecated.

RDBMS security store can now be configured using WLST or via console.

In this example, I will install Oracle XE database and use the insta client to create tables in the XE database (which is required for RDBMS security store)

Check the following link for supported DB version with Weblogic :

Link: https://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

Step 1)

Download and install JDK 1.8

In this example, I will be using Oracle JDK 1.8. Download this from the following link:

Link: https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

Command: tar -xvzf /refresh/home/Downloads/jdk-8u231-linux-x64.tar.gz

Step 2)

Download and install Weblogic.

In this example, I will be using Weblogic 12.2.1.4.0.

Download this from the following URL :

Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html

Command: unzip fmw_12.2.1.4.0_wls_Disk1_1of1.zip

Command: java -jar fmw_12.2.1.4.0_wls.jar

Step 3)

Install Oracle XE database

In this example, I will be using Oracle Database Express Edition (XE) Release 18.4.0.0.0 (18c):

Download this from the following link :

Link: https://www.oracle.com/database/technologies/xe-downloads.html

Command: curl -o oracle-database-preinstall-18c-1.0-1.el7.x86_64.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/oracle-database-preinstall-18c-1.0-1.el7.x86_64.rpm

Command: yum -y localinstall oracle-database-preinstall-18c-1.0-1.el7.x86_64.rpm

Command: yum -y localinstall oracle-database-xe-18c-1.0-1.x86_64.rpm

Command: /etc/init.d/oracle-xe configure

Command:

Step 4)

Installing Insta client :

Command: cd /etc/yum.repos.d
Command: rm -f public-yum-ol7.repo
Command: wget https://yum.oracle.com/public-yum-ol7.repo

Command: yum install -y yum-utils
Command: yum-config-manager –enable ol7_oracle_instantclient

Command: yum list oracle-instantclient*

Command: yum install -y oracle-instantclient18.3-basic oracle-instantclient18.3-sqlplus

Command: export CLIENT_HOME=/usr/lib/oracle/18.3/client64
Command: export LD_LIBRARY_PATH=$CLIENT_HOME/lib
Command: export PATH=$PATH:$CLIENT_HOME/bin

Connect to Oracle Database XE using Insta Client:

Command: sqlplus “system/password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=blogbypuneeth.medium.com)(Port=1521))(CONNECT_DATA=(SID=XE)))”

SQL> @/refresh/home/Oracle/Middleware/Oracle_Home/wlserver/server/lib/rdbms_security_store_oracle.sql

Run the following query to check if the tables were created successfully and its ownership :

SQL> SELECT table_name,owner FROM dba_tables WHERE table_name=’BEAXACMLAP’; // This will show who the owner is

SQL> SELECT COUNT(1) FROM ALL_TABLES WHERE TABLE_NAME = ‘BEAXACMLAP’;

Step 5 :

Use WLST or console to configure RDBMS store in WLS

OPTION 1 : (Using WLST)

Steps to create a domain with RDBMS security store using WLST :

cd /refresh/home/Oracle/Middleware/Oracle_Home/oracle_common/common/bin

./wlst.sh

wls:/offline> selectTemplate(“Basic WebLogic Server Domain”, “12.2.1.3.0”)
wls:/offline/>loadTemplates()
wls:/offline/base_domain>cd(‘Servers/AdminServer’)
wls:/offline/base_domain/Server/AdminServer>set(‘ListenAddress’,”)
wls:/offline/base_domain/Server/AdminServer>set(‘ListenPort’, 7001)
wls:/offline/base_domain/Server/AdminServer>cd(‘/’)
wls:/offline/base_domain>cd(‘Security/base_domain/User/weblogic’)
wls:/offline/base_domain/Security/base_domain/User/weblogic>cmo.setPassword(‘password’)
wls:/offline/base_domain/Security/base_domain/User/weblogic>create(‘base_domain’,’SecurityConfiguration’)
Proxy for base_domain: Name=base_domain, Type=SecurityConfiguration
wls:/offline/base_domain/Security/base_domain/User/weblogic>cd(‘/SecurityConfiguration/base_domain’)
wls:/offline/base_domain/SecurityConfiguration/base_domain>a=get(‘DefaultRealm’)
wls:/offline/base_domain/SecurityConfiguration/base_domain>cd(‘Realm/myrealm’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>rdbms = create(“myRDBMSSecurityStore”, “RDBMSSecurityStore”)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>rdbms.setUsername(‘system’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>rdbms.setPasswordEncrypted(‘password’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>rdbms.setConnectionURL(‘jdbc:oracle:thin:@blogbypuneeth.medium.com:1521:XE’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>rdbms.setDriverName(‘oracle.jdbc.OracleDriver’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>rdbms.setConnectionProperties(‘user=system,portNumber=1521,SID=XE,serverName=blogbypuneeth.medium.com’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>setOption(‘OverwriteDomain’, ‘true’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>writeDomain(‘/domains/mydomain’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>writeDomain(‘/refresh/home/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain’)
wls:/offline/base_domain/SecurityConfiguration/base_domain/Realm/myrealm>closeTemplate()

exit()

If you want a distributed setup, then run the following on the other box (This will avoid using pack and unpack commands)

connect(‘weblogic’,’password’,’thelearnloop.medium.com:7001′)

#The path on the local machine where the template will be created, it should not already exist.
templatePath = ‘/refresh/home/Oracle/Middleware/Oracle_Home/user_templates/myTemplate.jar’

#get the packed template from the Administration Server
writeTemplate(templatePath)

#disconnect from online WLST connection to the Administration Server
disconnect()

#select and load the template that was downloaded from the Administration Server.
selectCustomTemplate(‘/refresh/home/Oracle/Middleware/Oracle_Home/user_templates/myTemplate.jar’)
loadTemplates()

#specify the domain directory where the domain needs to be created
domainPath = ‘/refresh/home/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain’

#create the domain
writeDomain(domainPath)

Now run the following command to enroll this domian :

nmEnroll(‘/refresh/home/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/nodemanager’)

Now start the nodemanager on remote machine;

./startNodeManager.sh

You can then create a machine and MS from admin console on Node1.

—

OPTION 2 : (Using console)

Alternatively you could also configure RDBMS security store from admin console :

Home >Summary of Security Realms >myrealm> RDBMS Security Store

RDBMS Security Store Enabled (enabled)

Connection URL : jdbc:oracle:thin:@blogbypuneeth.medium.com:1521:XE

Driver Name: oracle.jdbc.OracleDriver

JNDI Username : user=system,portNumber=1521,SID=XE,serverName=blogbypuneeth.medium.com

Steps to create a domain with RDBMS Security store in WebLogic 12c

Puneeth Prakash

Senior Principal Software Engineer

Steps to Generate OAuth Token by Creating OAuth Client in IDCS

Oracle Weblogic Server Critical Patch Update - April 2022

Steps to create a domain with RDBMS Security store in WebLogic 12c

Authors

Puneeth Prakash

Senior Principal Software Engineer

Steps to Generate OAuth Token by Creating OAuth Client in IDCS

Oracle Weblogic Server Critical Patch Update - April 2022