Friday, January 2, 2015

Credential Store Framework (CSF) API Example

Description: Shows how to use the Credential Store Framework (CSF) API to fetch credentials from the credential store.
References:
http://docs.oracle.com/cd/E40329_01/apirefs.1112/e27155/toc.htm
http://www.redheap.com/2013/06/secure-credentials-in-adf-application.html
https://thecattlecrew.wordpress.com/2013/12/17/using-credentials-store-when-communicating-with-oracle-human-workflow-api/
http://docs.oracle.com/cd/E23943_01/core.1111/e10043/devcsf.htm#JISEC3675

Adding Credentials to Store
1. Login to Oracle Enterprise Middleware Control (E.g. localhost:7001/em).


2. Expand WebLogic Domain, right click on the name of your domain, hover over to Security, and then click on Credentials.


3. Start adding keys to existing maps or create a new map with new keys. Each key can store credentials.




System Policies on Credential Store
You may need add a system policy in order to grant access for specific applications, JAR files, users or roles to read, write, or update the Credential Store.

1. Expand WebLogic Domain, right click on the name of your domain, hover over to Security, and then click on System Policies.


2. For this example, oiminternal is granted read access to all keys under a specific map. This is needed for the scheduled task code to work when running the job in OIM.



Permission Class: oracle.security.jps.service.credstore.CredentialAccessPermission
Resource Name: context=SYSTEM,mapName=oimScheduledTask,keyName=*
Permission Actions: read

Source Code
The plugin can be downloaded here.


Troubleshooting
Exception: java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=* read)
Reason: Application or user may not have access to credential store.
Fix: You may need to add a system policy via EM console to manage access.

4 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. I am getting below exception :
    java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=oim,keyName=* read)

    so do you know how to resolve this?

    ReplyDelete
    Replies
    1. I am also getting same error... Let me know if you found solution for that

      Delete
  3. I am also getting the same. Please mail me if you have soultion. sri.saileshkamma@gmail.com

    ReplyDelete