Stage the system jazn data xml file from Dev and PROD in a temporary location respectively as shown below
/u01/obiee/stage/dev
/u01/obiee/stage/prod
Then also make a jps-config-policy.xml file as below in the stage direcry. Update the Location respectively and save the file
--?xml version="1.0" encoding="UTF-8" standalone='yes'?>
--jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
schema-major-version="11" schema-minor-version="1">
--!-- This property is for jaas mode. Possible values are "off", "doas" and "doasprivileged" -->
--property name="oracle.security.jps.jaas.mode" value="off"/>
--propertySets>
--!-- SAML Trusted Issuer -->
--propertySet name="saml.trusted.issuers.1">
--property name="name" value="www.oracle.com"/>
--/propertySet> --/propertySets>
--serviceProviders>
--serviceProvider type="POLICY_SRE" name="policysre.xml.provider" class="oracle.security.jps.internal.policysre.xml.XmlPolicySreProvider"> --description>XML-based PolicySre Provider--/description> --/serviceProvider> --/serviceProviders>
--serviceInstances>
--!-- JPS XML Policy Sre Service Instance -->
--serviceInstance provider="policysre.xml.provider" location="/u01/obiee/stage/dev/system-jazn-data.xml" name="srcpolicysre.xml">
--description>File Based Policy Sre Service Instance--/description>
--/serviceInstance>
--serviceInstance provider="policysre.xml.provider" location="/cs/obiee/ial/stage/prod/system-jazn-data.xml" name="policysre.xml">
--description>File Based Policy Sre Service Instance--/description>
--/serviceInstance>
--/serviceInstances>
--jpsContexts default="default">
--!-- This is the default JPS context. All the mendary services and Login Modules must be configured in this default context -->
--jpsContext name="sourceFileSre">
--serviceInstanceRef ref="srcpolicysre.xml"/>
--/jpsContext> --jpsContext name="targetFileSre">
--serviceInstanceRef ref="policysre.xml"/>
--/jpsContext>
--/jpsContexts>
--/jpsConfig>
~
Now source the WLST : /middlewarehome/Oracle_BI1/common/bin
wlst.sh
migrateSecuritySre(type="appPolicies", srcApp="obi", configFile="/u01/obiee/stage/jps-config-policy.xml", src="sourceFileSre", dst="targetFileSre", overWrite="false")
Ignore any Warnings.
The prod (system-jazn-data.xml) file will be updated with the new roles from Dev (/u01/obiee/stage/prod).
Take this file and deploy in actual direcry in Prod.
/u01/obiee/stage/dev
/u01/obiee/stage/prod
Then also make a jps-config-policy.xml file as below in the stage direcry. Update the Location respectively and save the file
--?xml version="1.0" encoding="UTF-8" standalone='yes'?>
--jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd"
schema-major-version="11" schema-minor-version="1">
--!-- This property is for jaas mode. Possible values are "off", "doas" and "doasprivileged" -->
--property name="oracle.security.jps.jaas.mode" value="off"/>
--propertySets>
--!-- SAML Trusted Issuer -->
--propertySet name="saml.trusted.issuers.1">
--property name="name" value="www.oracle.com"/>
--/propertySet> --/propertySets>
--serviceProviders>
--serviceProvider type="POLICY_SRE" name="policysre.xml.provider" class="oracle.security.jps.internal.policysre.xml.XmlPolicySreProvider"> --description>XML-based PolicySre Provider--/description> --/serviceProvider> --/serviceProviders>
--serviceInstances>
--!-- JPS XML Policy Sre Service Instance -->
--serviceInstance provider="policysre.xml.provider" location="/u01/obiee/stage/dev/system-jazn-data.xml" name="srcpolicysre.xml">
--description>File Based Policy Sre Service Instance--/description>
--/serviceInstance>
--serviceInstance provider="policysre.xml.provider" location="/cs/obiee/ial/stage/prod/system-jazn-data.xml" name="policysre.xml">
--description>File Based Policy Sre Service Instance--/description>
--/serviceInstance>
--/serviceInstances>
--jpsContexts default="default">
--!-- This is the default JPS context. All the mendary services and Login Modules must be configured in this default context -->
--jpsContext name="sourceFileSre">
--serviceInstanceRef ref="srcpolicysre.xml"/>
--/jpsContext> --jpsContext name="targetFileSre">
--serviceInstanceRef ref="policysre.xml"/>
--/jpsContext>
--/jpsContexts>
--/jpsConfig>
~
Now source the WLST : /middlewarehome/Oracle_BI1/common/bin
wlst.sh
migrateSecuritySre(type="appPolicies", srcApp="obi", configFile="/u01/obiee/stage/jps-config-policy.xml", src="sourceFileSre", dst="targetFileSre", overWrite="false")
Ignore any Warnings.
The prod (system-jazn-data.xml) file will be updated with the new roles from Dev (/u01/obiee/stage/prod).
Take this file and deploy in actual direcry in Prod.
No comments:
Post a Comment