Automating CSF Key Credentials Configurations

What are CSF Key Credentials?

A credential store is a repository of security data (credentials). A credential can hold username and password combinations, tickets, or public key certificates.

Credential Store Framework (CSF) is a framework which provides a set of in-built APIs that can be used by applications to create, read, update, and manage the credentials securely.

CSF Uses: 

The credential store is mainly used to store the credentials (username and password) to access the service and the applications.

Use Case Scenario: 

We had a requirement to configure the SOA CSF Key Credentials programmatically using an automated process.

Solution

The credential store configuration can be accomplished using a WLST command. In addition, ANT scripts are used for automation.

Step 1: Open a Windows Command Prompt or Linux/Unix Shell Terminal to start the WebLogic Server Administration Scripting Shell utility. Enter the following, depending on the system.

(Windows Command Prompt)

C:\Users\<<username>> cd <<ORACLE_HOME>>\wlserver\common\bin

C:\<<ORACLE HOME>>\wlserver\common\bin> wlst

(Unix/Linux Shell Terminal)

[oracle@myhost ]$ cd <<ORACLE_HOME>>/wlserver/common/bin

[oracle@myhost bin]$ ./wlst

Step 2: At the WLST utility prompt, connect to the Admin Server.

wlst:/offline> connect(‘weblogic’,’welcome1′,’t3://localhost:7001′)

Step 3: Once the user is successfully connected to the Admin Server, the following commands can be executed (see the image below).

(For CSF Key Creation)

createCred(map=<<keyMapName>>,key=<<keyName>>,user=<<keyUser>>,password=<<keyPass>>,desc=<<keyDesc>>)

(For CSF Key Update)

updateCred(map=<<keyMapName>>,key=<<keyName>>,user=<<keyUser>>,password=<<keyPass>>,desc=<<keyDesc>>)

(For CSF Key Deletion)

deleteCred(map=<<keyMapName>>,key=<<keyName>>)

Automating CSF Key Credentials

Automation of CSF Key Credential Configuration at deployment time

ANT Scripts can be used to automate CSF Key Credential Configuration at deployment time.

<target name=”createCSFKeyCred”>
<wlst debug=”false” arguments=”${admin.username} ${admin.password} ${admin.server} ${map} ${keyCredentialsName} ${user} ${password} ${desc}”>
<script>
adminUser=sys.argv[0]
adminPassword=sys.argv[1]
adminUrl=sys.argv[2]
keyMap=sys.argv[3]
keyName=sys.argv[4]
keyUser=sys.argv[5]
keyPass=sys.argv[6]
keyDesc=sys.argv[7]
print(‘Connecting to WLST Server’)
connect (adminUser,adminPassword,adminUrl)
print(‘Creating Security Credentials’)
createCred(map=keyMap,key=keyName,user=keyUser,password=keyPass,desc=keyDesc)
disconnect()
print(‘Disconnecting….’)
</script>
</wlst>
</target>

References

https://docs.oracle.com/cd/E12839_01/core.1111/e10043/csfadmin.htm#CACGIGDB 

Tagged with: , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*