oracle® pedigree and serialization managervii preface intended audience welcome to release 1.1 of...

Oracle® Pedigree and Serialization ManagerInstallation GuideRelease 1.1Part No. E17349-06

May 2011

Oracle Pedigree and Serialization Manager Installation Guide, Release 1.1

Part No. E17349-06

Copyright © 2010, 2011, Oracle and/or its affiliates. All rights reserved.

Primary Author: Jan Lineberry

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTSPrograms, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

This software and documentation may provide access to or information on content, products and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third party content, products and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third party content, products or services.

iii

Contents

Send Us Your Comments

Preface

1 About Oracle Pedigree and Serialization Manager Oracle Pedigree and Serialization Manager Explained............................................................1-1Software Distribution and Language Support......................................................................... 1-2About This Guide...................................................................................................................... 1-2Conventions............................................................................................................................... 1-3

2 Pre-Installation ConsiderationsRequirements............................................................................................................................ 2-1

3 Installing Oracle Pedigree and Serialization Managerpas.zip File Explained............................................................................................................... 3-1Pre-Installation Tasks................................................................................................................3-3Installation Tasks...................................................................................................................... 3-6Post Installation Tasks.............................................................................................................. 3-8Reinstallation Tasks................................................................................................................ 3-10

4 SecuritySecuring Oracle Pedigree and Serialization Manager..............................................................4-1

Security Explained............................................................................................................... 4-1Creating Users and Groups..................................................................................................4-1Jobs, Duties, and Application Roles Explained.................................................................... 4-3

Securing Services Using Oracle Web Service Manager......................................................... 4-31

iv

Securing Services Explained.............................................................................................. 4-31Setting Up a Credential Store and Key...............................................................................4-32Setting Up Global Policy Attachments............................................................................... 4-33Setting Up Policies with Different Credentials.................................................................. 4-34Setting Up Global Policy Attachments for Composites......................................................4-35Verifying Policy Attachments............................................................................................ 4-37

5 Troubleshooting and Optional ConfigurationTuning....................................................................................................................................... 5-1Troubleshooting........................................................................................................................ 5-2

A Setting Up WebLogic Components for Serial DestinationsSetting Up WebLogic Components for Serial Destinations.................................................... A-1

Index

v

Send Us Your Comments

Oracle Pedigree and Serialization Manager Installation Guide, Release 1.1Part No. E17349-06

Oracle welcomes customers' comments and suggestions on the quality and usefulness of this document. Your feedback is important, and helps us to best meet your needs as a user of our products. For example:

• Are the implementation steps correct and complete? • Did you understand the context of the procedures? • Did you find any errors in the information? • Does the structure of the information help you with your tasks? • Do you need different information or graphics? If so, where, and in what format? • Are the examples correct? Do you need more examples?

If you find any errors or have any other suggestions for improvement, then please tell us your name, the name of the company who has licensed our products, the title and part number of the documentation andthe chapter, section, and page number (if available).

Note: Before sending us your comments, you might like to check that you have the latest version of the document and if any concerns are already addressed. To do this, access the new Oracle Applications Release Online Documentation CD available on My Oracle Support and www.oracle.com. It contains the most current Documentation Library plus all documents revised or released recently.

Send your comments to us using the electronic mail address: [email protected]

Please give your name, address, electronic mail address, and telephone number (optional).

If you need assistance with Oracle software, then please contact your support representative or Oracle Support Services.

If you require training or instruction in using Oracle software, then please contact your Oracle local officeand inquire about our Oracle University offerings. A list of Oracle offices is available on our Web site at www.oracle.com.

vii

Preface

Intended AudienceWelcome to Release 1.1 of the Oracle Pedigree and Serialization Manager Installation Guide.

See Related Information Sources on page vii for more Oracle Applications product information.

Documentation AccessibilityFor information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/us/corporate/accessibility/

Structure1 About Oracle Pedigree and Serialization Manager 2 Pre-Installation Considerations3 Installing Oracle Pedigree and Serialization Manager4 Security5 Troubleshooting and Optional ConfigurationA Setting Up WebLogic Components for Serial DestinationsThese components are only needed if you are using serial destinations. If serial destinations are not being used, these setup steps are not required. Not all components will be needed. The set up of each component is based on the destination being used.

Related Information Sources• Oracle Pedigree and Serialization Manager Process Guide

• Oracle Serialization and Tracking Integration Pack for Oracle Pedigree and Serialization Manager and Oracle E-Business Suite 3.1 - Implementation Guide

viii

Do Not Use Database Tools to Modify Oracle Applications DataOracle STRONGLY RECOMMENDS that you never use SQL*Plus, Oracle Data Browser, database triggers, or any other tool to modify Oracle Applications data unless otherwise instructed.

Oracle provides powerful tools you can use to create, store, change, retrieve, and maintain information in an Oracle database. But if you use Oracle tools such as SQL*Plus to modify Oracle Applications data, you risk destroying the integrity of your data and you lose the ability to audit changes to your data.

Because Oracle Applications tables are interrelated, any change you make using an Oracle Applications form can update many tables at once. But when you modify Oracle Applications data using anything other than Oracle Applications, you may change a row in one table without making corresponding changes in related tables. If your tables get out of synchronization with each other, you risk retrieving erroneous information and you risk unpredictable results throughout Oracle Applications.

When you use Oracle Applications to modify your data, Oracle Applications automatically checks that your changes are valid. Oracle Applications also keeps track of who changes information. If you enter information into database tables using database tools, you may store invalid information. You also lose the ability to track whohas changed your information because SQL*Plus and other database tools do not keep arecord of changes.

About Oracle Pedigree and Serialization Manager 1-1

1About Oracle Pedigree and Serialization

Manager

This chapter covers the following topics:

• Oracle Pedigree and Serialization Manager Explained

• Software Distribution and Language Support

• About This Guide

• Conventions

Oracle Pedigree and Serialization Manager ExplainedOracle Pedigree and Serialization Manager (OPSM) is an application that enables companies to manage serialization of products and share serialized product data across the supply chain. OPSM can integrate with your existing manufacturing, shipping, and receiving transactional systems, Oracle E-Business Suite (EBS), or it can operate as a standalone application. OPSM can support multiple transactional or EBS systems integrated to a single instance of OPSM. The multiple transactional or EBS systems may be multiple instances managed within your company or systems managed by your manufacturing and logistics partners.

For more information on OPSM, see the Oracle Pedigree and Serialization Manager Process Guide.

For more information on the integration between OPSM and EBS, see the Oracle Serialization and Tracking Integration Pack for Oracle Pedigree and Serialization Manager and Oracle E-Business Suite 3.1 - Implementation Guide.

This diagram illustrates a high-level overview of OPSM:

1-2 Oracle Pedigree and Serialization Manager Installation Guide

OPSM High-Level Overview

Software Distribution and Language SupportDownload Oracle Pedigree and Serialization Manager (OPSM) via E-delivery. Oracle can also supply the product on DVD to accommodate specific customer requests.

The user interface is in American English. American English is supported.

About This GuideThis installation guide provides information required to install the OPSM application on Oracle supported platforms.

The information contained in this guide is subject to change as the product technology evolves and as hardware, operating systems, and third-party software are created and modified. This guide is intended for information technology personnel and privileged users responsible for installing and configuring OPSM.

About Oracle Pedigree and Serialization Manager 1-3

ConventionsThese conventions are used throughout this guide:

• The notation / is used to refer to the location on your system where thesoftware is installed.

• Forward slashes (/) are used to separate the directory levels in a path name. A forward slash will always appear after the end of a directory name.

Pre-Installation Considerations 2-1

2Pre-Installation Considerations


• Requirements

Requirements

Hardware RequirementsThese requirements apply to most installations, assuming 1000-2500 named users and 50-75 concurrent users. The server specifications are typical, but additional analysis might be required to determine your final configuration.

• Hardware Specifications:

• 2GHz+ processor

• Dual CPU+

• 4GB+ RAM

• Application Server: 2 Managed Server JVMs with 1 GB RAM (an additional 500 MB is needed if using optional reporting Managed Server)

• Application Disk Space: 50 GB RAID

• Database Server: 2 GB SGA (with optional reporting, an additional 1 GB is required)

• Support for Unicode AL32UTF8 character set

• Database Table Space: 200 GB (with optional reporting, an additional 25 GB is required)


Software RequirementsThe following software must be installed before you can install OPSM:

Server Environment:• Oracle Database Server 11gR2 (11.2.0.1.0) 32-bit or 64-bit

• Oracle Service Oriented Architecture (SOA) Suite 11gR1PS3 (11.1.1.4.0) 64-bit, including Enterprise Manager and the Repository Creation Utility (RCU) 11gR1PS3.The following RCU components are required:

• Metadata Services (MDS schema)

• SOA Infrastructure (SOAINFRA schema)

• Business Activity Monitoring (ORABAM schema)

• User Messaging Service (ORASDPM schema)

• Oracle BI Publisher 10gR3 (10.1.3.4.1) 64-bit (not required unless you wish to print Pedigrees)

• Oracle WebLogic Server 11g R1PS3 (10.3.4.0) 64-bit

For installation details, refer to each software's documentation.

End User Environment:• Internet Explorer 7.0 or higher or Firefox 2.0.0.2+, 3.0+

• Adobe Flash plug-in installed

• JavaScript enabled

• Pop-up Blocker disabled for server hosts

Installing Oracle Pedigree and Serialization Manager 3-1

3Installing Oracle Pedigree and Serialization

Manager


• pas.zip File Explained

• Pre-Installation Tasks

• Installation Tasks

• Post Installation Tasks

• Reinstallation Tasks

pas.zip File ExplainedThe pas.zip contains the following files:

• adapters

• JmsAdapterPlan.xml: Deployment plan used to update the JmsAdapter resource adapter deployment to include a new outbound connection pool utilized by the JMS Queue for integrations.

• applications

• PasSerializationManager.ear: The main enterprise Oracle Pedigree and Serialization Manager (OPSM) application. This application is deployed into thePAS Managed Server (pas_server1).

• PasSerialsService_SerialsServices.ear: Supporting Web Services application for the main OPSM Application. Supports various web service methods for serialization. Deployed into the SOA Server (soa_server1).

• PasTransactionsService_TransactionsServices.ear: Supporting Web Services


application for the main OPSM Application. Supports various web service methods for serialization and pedigree transactions. Deployed into the SOA Server (soa_server1).

• bipublisher

• Pedigree.zip: Pre-configured Pedigree report for use by Oracle BI Publisher. Contains two templates (GenericPedigree.rtf and PedigreeFloridaXML.rtf) that are used to retrieve basic information applicable to either California or Florida Pedigree laws.

• db

• newInstall_step1_fepasSchema_createUsers.sql: SQL file used to create the PAS and PASJMS users used by the application.

• newInstall_step2_fepasSchema_installSchema.sql: SQL file used to create all theOPSM database objects.

• newInstall_step3_fepasSchema_loadSeedData.sql: SQL file used to load the seed data.

• seed_pas_dashboard.sql: SQL file used to load the dashboard table.

• seed_pas_dashboard_refresh.sql: SQL file used to load the dashboard refresh table.

• seed_pas_languages.sql: SQL file used to load the OPSM languages tables.

• seed_pas_lookups.sql: SQL file used to load the OPSM lookup tables.

• seed_pas_odi_extract_def.sql: SQL file used to load the Oracle Data Integrator extract definitions table.

• seed_pas_serial_type_groups.sql: SQL file used to load the serial type groups table.

• seed_pas_serial_types.sql: SQL file used to load the serial types table.

• seed_pas_system_parameters.sql: SQL file used to load the system parameters table.

• odi

• commons-codec-1.3.jar: Library utilized for the integration with Oracle Data Integrator.


• commons-httpclient-3.1.jar: Library utilized for the integration with Oracle DataIntegrator.

• odi-core.jar: Library utilized for the integration with Oracle Data Integrator.

• soa

• configPlan: Directory that contains the configuration plans that are attached to each composite during deployment. The configuration plans set the proper host/port information based on information provided in the properties file usedby the installer.

• PasSerializationManagerSoa.zip: The SOA composites used to support the mainenterprise OPSM application. Contains the PasCreateTransactionsComposite, PasLotSynchronizationComposite, PasSerialGenRequestComposite, PasTransactionsComposite, PasTransmitSerialsViaFileComposite, and PasTransmitSerialsViaWebComposite. This is a SAR file that is deployed into the SOA Server (soa_server1).

• scripts

• pasMasterInstall.py: The master installer script.

• pasMasterInstallWin.py: The master installer script for Windows installs.

• pasMasterUpgrade.py: The master upgrade script.

• pasMasterUpgradeWin.py: The master upgrade script for Windows upgrades.

• pas_install.properties: The properties file used by the installer.

• pasPasswordEncoder.py: The password encoder script.

• ext_getpass.py: The password retrieval script.

• templates

• oracle.pas_template_11.1.1.jar: The WebLogic Domain template used to configure a domain for Oracle Pedigree and Serialization Manager.

Pre-Installation TasksPerform the following steps before you begin your install, you must:

1. Install the Oracle 11gR2 (11.2.0.1.0) 32-bit or 64-bit Database.

2. Install WebLogic 11gR1PS3 (10.3.4.0) 64-bit.


3. Install SOA Suite 11gR1PS3 (11.1.1.4.0) 64-bit, including Enterprise Manager and the Repository Creation Utility (RCU) 11gR1PS3.

4. Run the Repository Creation Utility (RCU) to install the SOA and MDS schemas.

Note: RCU is currently only available for Windows and Linux platforms. Download and run RCU from Windows or Linux to install the SOA and MDS schemas.

5. Create an additional MDS schema for OPSM to support personalization and customizations within the application. Create the schema using the prefix "OPSM" so it results in an OPSM_MDS schema.

6. Set the following environment variables:

• MW_HOME to your Middleware Home.

For example, MW_HOME=/slot/ems6983/oracle/mwhome

• MW_ORA_HOME to your SOA HOME.

For example, MW_ORA_HOME=$MW_HOME/Oracle_SOA1

• ORACLE_HOME to MW_ORA_HOME.

For example, ORACLE_HOME=$MW_ORA_HOME

7. Copy the pas.zip file to the location that you've set in your MW_ORA_HOME environment variable.

8. Unzip the pas.zip file using the following command: unzip pas.zip (If you have unzipped the pas.zip elsewhere, move it to the location that you've set in your MW_ORA_HOME environment variable).

9. Create database schema user/owners for PAS and PASJMS by running the "newInstall_step1_fepasSchema_createUsers.sql" SQL script provided from within the db folder.

Important: This script should be run while connected to the database as the SYS user. In addition, the database schema user/owners will be created locked and password expired. Once thescript has run successfully, please be sure to edit the PAS and PASJMS owners to unlock them and set a new password.

10. Install the OPSM database objects (for example, tables, views, and so on) by running the "newInstall_step2_fepasSchema_installSchema.sql" SQL script provided within the db folder.


Important: This script should be run while connected to the database as the PAS user.

11. Load the seed data by running the "newInstall_step3_fepasSchema_loadSeedData.sql" SQL script provided from within the db folder.

Important: This script should be run while connected to the database as the PAS user.

12. Copy the "oracle.pas_template_11.1.1.jar" file from the /pas/templates directory that is provided within pas.zip to the MW_ORA_HOME/common/templates/applications directory.

13. Run the Domain Configuration wizard to create/extend a domain.

Important: To install the managed server, datasources, and so on, utilized by Oracle Pedigree and Serialization Manager (OPSM), youmust select the Oracle Pedigree and Serialization Manager product during the configuration process. Because the template provided is an extension template, you may either install it during the initial domain creation, or afterwards by extending an existing domain.

Make sure the following products are selected:

1. Oracle Pedigree and Serialization Manager (Oracle_SOA1)

2. Oracle SOA Suite (Oracle_SOA1)

3. Oracle Enterprise Manager (oracle_common)

4. Oracle WSM Policy Manager (oracle_common)

5. Oracle JRF WebServices Asynchronous services (oracle_common)

6. Oracle JRF (oracle_common)

Important: Oracle recommends using SSL in production environments. Please refer to the Configuring SSL section within the Securing Oracle WebLogic Server documentation for more information. In addition, the Enterprise Deployment Guide for Oracle SOA Suite should also be reviewed for proper environment configuration.


14. Move the jar utility from your JDK home folder into the search path. This is needed because the install script uses the jar utility to extract the files and modify the connection parameters.

15. Backup the user_projects directory under the middleware home. This is needed because the install script modifies the domain and if the install fails for any reason, you will need this backup to restore the original domain.

16. Populate the values in pas_install.properties to ensure that a description of every property is available before the property is referred to. The appropriate parameters are described in the comments of the pas_install.properties file.

Important: The installation script will provide a prompt to ask if you would like to configure the Oracle Pedigree and Serialization Manager application for SSL. Oracle's recommendation is to run applications over SSL; therefore, the default is to configure the application for SSL. Please be sure to provide the desired SSL port numbers within the pas_install.properties file to ensure the SSL ports are set properly.

Optional Steps:1. Optional: PROXY_SETTINGS to –Dhttp.proxySet=true –

Dhttp.proxyHost=[PROXY_SERVER] –Dhttp.proxyPort=[PROXY_PORT] –Dhttp.nonProxyHosts=localhost|[SOA SERVER HOSTNAME]|*.[your domain]

2. USER_MEM_ARGS to –Xms512m –Xmx1024m –XX:CompileThreshold=8000 –XX:Permsize=512m –XX:MaxPermSize=1024m

Installation Tasks1. Make sure that the admin server and SOA server are not running.

2. Navigate to the PAS script directory.

For example, cd MW_ORA_HOME/pas/scripts

3. Execute the appropriate install script to install Oracle Pedigree and Serialization Manager.

For Unix-based installs, utilize the "pasMasterInstall.py" script. Run the installation script using the following command:

$MW_ORA_HOME/common/bin/wlst.sh ./pasMasterInstall.py

For Windows-based installs, utilize the "pasMasterInstallWin.py" script. Run the installation script using the following command:


%MW_ORA_HOME%\common\bin\wlst.cmd pasMasterInstallWin.py

Ensure that the terminal on which you are running the install has sufficient scroll-back lines (for example, 2000) to capture all the output from the install activities. This enables you to review all of the install activities later.

Important: The install script attempts to start the Admin Server. It tests in a loop if the server is up before it continues. If you installed your WebLogic Server in Production Mode, the Admin server requires a userid and password to start which the script does not set for security reasons. In this case, you must start a new terminal window to start the Admin Server. After the script detects the server has started, it will continue.

After the Admin Server has been started, the install script will prompt you to start up the managed servers (soa_server1 and pas_server1). To do so, please make sure the environment variables are set as described in the Pre-Installation Tasks, page 3-3 section, then navigate to MW_HOME/user_projects/domains/base_domain/bin. Issue the following commands in separate terminals to the managed servers soa_server1 and pas_server1:

For Unix-based installs:

• sh startManagedWebLogic.sh soa_server1

• sh startManagedWebLogic.sh pas_server1

For Windows-based installs:

• startManagedWebLogic.cmd soa_server1

• startManagedWebLogic.cmd pas_server1

After the managed servers are started, press enter in the first terminal where pasMasterInstall.py or pasMasterInstallWin.py is run to continue processing the install script.

4. The OPSM installation output is captured in the scroll buffer of the terminal on which you run the installation. Scroll through the buffer to check for errors.

5. After the install script has completed successfully, you must restart the Admin Server and managed servers (i.e. soa_server1 and pas_server1) for changes made bythe install script to take affect.

6. (Optional) Set up WebLogic components for serial destinations.

Important: If you are not using serial destinations this setup is not


required.

For information on how to set up WebLogic components for serial destinations, see Appendix A - Setting Up WebLogic Components for Serial Destinations, page A-1.

Post Installation TasksAfter installation is complete your domain should be running with at least the following:

• AdminServer

• SOA Server (for example, soa_server1)

• PAS Server (for example, pas_server1)

• BIP Server (Optional if you opted to install Oracle BI Publisher for Pedigree)

To Verify that the Servers are Running:1. Login to Enterprise Manager 11g.

2. Select the appropriate domain from the WebLogic Domain folder.


Example of Oracle Enterprise Manager page

The current statuses are displayed.

The SOA server will have all the PAS composites marked as active. All of the web services are targeted to the SOA server and they should be marked as active. The Oracle Pedigree and Serialization Manager (OPSM) application called PasSerializationManager should be targeted to the PAS server and should be marked as active. There should be a pasDB and pasJMSDB JDBC Data Source that should be targeted to both the PAS and SOA servers.

The following are helpful URLs if the Oracle Pedigree and Serialization Manager application was not configured for SSL:

• WLS (WebLogic Server) Console: http://:/console

• EM (Enterprise Manager) Console: http://:/em

• WorklistApp: http://:/integration/worklistapp

• OPSM: http://:/opsm/faces/index.jspx

The following are helpful URLs if the Oracle Pedigree and Serialization Manager application was configured for SSL:

• WLS (WebLogic Server) Console: https://:/console

• EM (Enterprise Manager) Console: https://:/em


• WorklistApp: https://:/integration/worklistapp

• OPSM: https://:/opsm/faces/index.jspx

Note: After completing all post installation tasks, you must create a valid OPSM user and associate relevant roles to the user as described in the Creating Users and Groups, page 4-1 section of this guide.

Reinstallation TasksIn the event that an installation fails, follow this procedure to perform a new installation:

1. Make sure that the environment variables are set as described in Pre-Installation Tasks, page 3-3, and that you are in the DOMAIN_HOME (typically MW_HOME/user_projects/domains/base_domain).

2. Stop the SOA Server.

Go to DOMAIN_HOME/bin and issue the following command at the prompt:


sh stopManagedWebLogic.sh soa_server1 t3://:

For example:

sh stopManagedWebLogic.sh soa_server1 t3://host.oracle.com:7001


stopManagedWebLogic.cmd soa_server1 t3://:

For example:

stopManagedWebLogic.cmd soa_server1 t3://host.oracle.com:7001

3. Stop the PAS Server.



sh stopManagedWebLogic.sh pas_server1 t3://:

For example:

sh stopManagedWebLogic.sh pas_server1 t3://host.oracle.com:7001


stopManagedWebLogic.cmd pas_server1 t3://:


For example:

stopManagedWebLogic.cmd pas_server1 t3://host.oracle.com:7001

4. Stop the Admin Server.



sh stopWebLogic.sh


stopWebLogic.cmd

5. Perform cleanup tasks:

1. Clean up the MW_HOME/user_projects directory and restore from the backup taken before the initial installation.

2. Delete the pas directory under MW_ORA_HOME.

3. Delete oracle.pas_template_11.1.1.jar from MW_ORA_HOME/common/templates/applications directory.

6. Perform step 6 from Pre-Installation Tasks, page 3-3.



9. Perform a new install.

Follow the steps for a new install starting with step 1 under the section Installation Tasks, page 3-6.

Security 4-1

4Security


• Securing Oracle Pedigree and Serialization Manager

• Securing Services Using Oracle Web Service Manager

Securing Oracle Pedigree and Serialization Manager

Security ExplainedOracle Pedigree and Serialization Manager (OPSM) provides functional security. Functional security is a statement of what you can do. It typically mirrors what you would see on a job description. For example, a Supply Chain Application Administratoris responsible for creating and maintaining the system setup for OPSM such as, definitions of locations, serial types, serial destinations, and system parameters.

Creating Users and GroupsYou can manage users and groups for Oracle Pedigree and Serialization Manager (OPSM) using this procedure.

To Create Users and Enterprise Groups in Embedded LDAP:Follow this procedure to create new users and Enterprise groups:

1. Navigate to the WebLogic Server Administration Console:

http://:/console

2. Click the Security Realms link.

The Summary of Security Realm is displayed.

3. Click the myrealm link in the Summary of Security Realms region.


The Myrealm Settings page is displayed.

4. Click the Users and Groups tab.

A list of existing users is displayed.

5. Click the New button.

The User Creation page is displayed.

6. Enter a name, description, and password for the user.

Note: The name is what the user will enter when they login, and the description is how the user is displayed in the lists of values.

Tip: Use an LDAP browser (such as JExplorer LDAP) to add an e-mail address to the user definition. This is the e-mail address that is used when sending notifications.

7. Click OK.

8. Click the username that you just created.

9. Click the Groups tab.

10. Assign one or more job roles to the user.

11. Click Save.

12. Enterprise groups map to job, abstract, and data roles. To create an enterprise group, navigate back to the Users and Groups tab and click the Groups tab.

A page appears displaying all existing groups.

13. Click the New button.

The Enterprise Group Creation page is displayed.

14. Enter the group details and leave everything else as the default.

Note: You must suffix Enterprise group names with "_Job".

15. Click OK when finished.

Security 4-3

Jobs, Duties, and Application Roles ExplainedA job is the actual job description such as, what you would view on a job board. Duties are the tasks that the job owner performs. Application roles are collections of duties thatjob owners perform. Only application roles may be the beneficiary of a permission grant. For example:

• Job: Individual responsible for supply chain application administration. Collaborates with supply chain application users to maintain consistent application setup, rules, and access.

• Duties: Manage Pedigree and Serialization System Setup, Serial Destinations, and Product Synchronization.

• Job Role: Supply Chain Application Administrator.

Roles ExplainedAll users are assigned specific roles that allow them to perform only those tasks that areappropriate to their job. This provides security as only users that are assigned certain roles are allowed to perform certain tasks and to access certain data. Administrators cancreate roles and users as needed.

Note: All job roles must be suffixed with "_Job, for example, Supply_Chain_Application_Administrator_Job

Each Job Role has Duty roles that are associated to it; each Duty Role has Privileges associated with it. Access to functionality is determined by the Duty Role and Privilege. For example:

Job Role Duty Role Privilege

Inventory Control Manager Manage Product Lot for Pedigree and Serialization Duty

• Create Product Lot for Pedigree and Serialization

• Delete Product Lot for Pedigree and Serialization

• Edit Product Lot for Pedigree and Serialization


Job Role Duty Role Privilege

Product Data Steward Manage Product for Pedigree and Serialization Duty

• Create Product for Pedigree and Serialization

• Delete Product for Pedigree and Serialization

• Edit Product for Pedigreeand Serialization

Summary of Seeded RolesThe following roles are seeded in Oracle Pedigree and Serialization Manager (OPSM):

Note: Administrators can view the job role code when they create users in LDAP.

• Application Implementation Consultant

• Industry Description: Individual responsible for enterprise-wide implementation of applications. Collaborates with specific application administrators to implement consistent enterprise application setup, architecture, information, rules, and access. This role has access to all setup tasks across products. It inherits all family level setups administrator job roles.

• Job Role Code: ASM_APPLICATION_IMPLEMENTATION_CONSULTANT_JOB

Duty Roles:

Security 4-5

This Duty Role... Has Access to this Functionality (Privilege)

Manage Pedigree and Serialization System Setup Duty

• Create Location for Pedigree and Serialization

• Create Serial Type Group for Pedigree and Serialization

• Delete Location for Pedigree and Serialization

• Delete Serial Type for Pedigree and Serialization

• Delete Serial Type Group for Pedigree and Serialization

• Edit Location for Pedigree and Serialization

• Edit Lookup for Pedigree and Serialization

• Edit Serial Type for Pedigree and Serialization

• Edit Serial Type Group for Pedigree and Serialization

• Edit System Parameter for Pedigree and Serialization

Manage Serial Destination for Pedigree and Serialization Duty

• Create Serial Destination for Pedigree and Serialization

• Delete Serial Destination for Pedigree and Serialization

• Edit Serial Destination for Pedigree andSerialization

• View Serial Destination for Pedigree and Serialization



Synchronize Product for Pedigree and Serialization Duty

Perform Product Synchronization for Pedigree and Serialization

Synchronize Product Lot for Pedigree and Serialization Duty

Perform Product Lot Synchronization for Pedigree and Serialization

View Dashboard Work Area for Pedigree and Serialization Duty

View Dashboard Work Area for Pedigree and Serialization

View Location Contact for Pedigree and Serialization Duty

View Location Contact for Pedigree and Serialization

View Serials Work Area for Pedigree and Serialization Duty

View Serials Work Area for Pedigree and Serialization

View System Setup Work Area for Pedigree and Serialization Duty

View System Setup Work Area for Pedigree and Serialization

View Transactions Work Area for Pedigree and Serialization Duty

View Transactions Work Area for Pedigree and Serialization

View Web Service Exceptions for Pedigree and Serialization Duty

View Web Service Exceptions for Pedigree and Serialization

• Compliance Business Analyst

• Industry Description: Individual responsible for reviewing compliance programs such as, Sarbanes-Oxley (SOX), enterprise risk management (ERM), operational risk, incident management, and so on, and analyzing performance evidence to determine an organization's compliance with legislative or industrymandates as well as internal policies.

• Job Role Code: EDR_COMPLIANCE_BUSINESS_ANALYST_JOB

Duty Roles:

Security 4-7


Create Job Instance Web Service for Pedigree and Serialization Duty

Create Job Instance Web Service for Pedigree and Serialization

Create Serial Generation Request Web Service for Pedigree and Serialization Duty

Create Serial Generation Request Web Service for Pedigree and Serialization

Create Transaction Web Service for Pedigree and Serialization Duty

Create Transaction Web Service for Pedigree and Serialization

Generate Serial Transaction for Pedigree and Serialization Duty

• Add Serial Generation Transaction for Pedigree and Serialization

• Create Package for Pedigree and Serialization for Pedigree and Serialization

• Create Serial Generation Request for Pedigree and Serialization

• Delete Serial Generation Request for Pedigree and Serialization

• Submit Serial Generation Request for Pedigree and Serialization

• View Product Transaction for Pedigree and Serialization

Import Serial Transaction Exception for Pedigree and Serialization Duty

• Clear Serial Import Exception for Pedigree and Serialization




Import Serial Transaction for Pedigree and Serialization Duty

• Add Serial Import Transaction for Pedigree and Serialization

• Reprocess Serial Import Transaction forPedigree and Serialization


Manage Location Contact for Pedigree and Serialization Duty

• Create Location Contact for Pedigree and Serialization

• Delete Location Contact for Pedigree and Serialization

• Edit Location Contact for Pedigree and Serialization

• View Location Contact for Pedigree and Serialization

Manage Packaging Hierarchy for Pedigree and Serialization Duty

• Create Package for Pedigree and Serialization

• Delete Package for Pedigree and Serialization

• Edit Package for Pedigree and Serialization

• Edit Packaging Hierarchy for Pedigree and Serialization

Manage Packaging Hierarchy Web Service for Pedigree and Serialization Duty

• Pack Package Web Service for Pedigree and Serialization

• Unpack Package Web Service for Pedigree and Serialization

Security 4-9


Manage Product Return Exception for Pedigree and Serialization Duty

• Clear Product Return Exception for Pedigree and Serialization

• Edit Product Return Exception for Pedigree and Serialization


Manage Product Return Transaction for Pedigree and Serialization Duty

• Add Product Return Transaction for Pedigree and Serialization

• Reprocess Product Return Transaction for Pedigree and Serialization


Manage Product Shipment Exception for Pedigree and Serialization Duty

• Clear Product Shipment Exception for Pedigree and Serialization

• Edit Product Shipment Exception for Pedigree and Serialization




Manage Product Shipment Transaction for Pedigree and Serialization Duty

• Add Product Shipment Transaction for Pedigree and Serialization

• Create Pedigree for Pedigree and Serialization

• Print Pedigree for Pedigree and Serialization

• Reprocess Product Shipment Transaction for Pedigree and Serialization







Security 4-11


Manage Serial for Pedigree and Serialization Duty



• Edit Serial for Pedigree and Serialization

• Perform Serial Commission for Pedigree and Serialization

• Perform Serial Decommission for Pedigree and Serialization

Manage Serial Range for Pedigree and Serialization Duty

• Create Serial Range for Pedigree and Serialization

• Delete Serial Range for Pedigree and Serialization

• Edit Serial Range for Pedigree and Serialization

• View Serial Range for Pedigree and Serialization

Manage Serial Transmission Exception for Pedigree and Serialization Duty

• Clear Serial Transmission Exception forPedigree and Serialization


Manage Serial Transmission Transaction forPedigree and Serialization Duty

• Add Serial Transmission Transaction for Pedigree and Serialization




Manage Serial Transmission Transaction Web Service for Pedigree and Serialization Duty

Transmit Serials Web Service for Pedigree and Serialization Manager

Manage Serial Web Service for Pedigree andSerialization Duty

• Edit Serial by Label Web Service for Pedigree and Serialization

• Edit Serial by List Web Service for Pedigree and Serialization

• Edit Serial by Primary Document Web Service for Pedigree and Serialization

Process Serial Generation Request Web Service for Pedigree and Serialization Duty

Process Serial Generation Request Web Service for Pedigree and Serialization

Process Transaction Web Service for Pedigree and Serialization Duty

Process Transaction Web Service for Pedigree and Serialization

Recommission Serial for Pedigree and Serialization Duty

Perform Serial Recommission for Pedigree and Serialization

View Dashboard for Pedigree and Serialization Duty

View Counterfeit Serial Analysis for Pedigree and Serialization



View Packaging Hierarchy Work Area for Pedigree and Serialization Duty

View Packaging Hierarchy Work Area for Pedigree and Serialization







Security 4-13


Work Order Serialization for Pedigree and Serialization Duty

• Add Serial Generation Transaction for Pedigree and Serialization Manager

• Create Package for Pedigree and Serialization Manager

• Create Serial Generation Request for Pedigree and Serialization Manager

• Delete Serial Generation Request for Pedigree and Serialization Manager

• Perform Work Order Serialization for Pedigree and Serialization Manager

• Submit Serial Generation Request for Pedigree and Serialization Manager

• View Product Transaction for Pedigree and Serialization Manager

• Inventory Control Manager

• Industry Description: Individual responsible for overseeing the process whereby the company knows where everything is located at all times and efficiently moves inventory from one station to another as needed.

• Job Role Code: INV_INVENTORY_CONTROL_MANAGER_JOB

Duty Roles:


Create Job Instance Web Service for Pedigree and Serialization Duty

Create Job Instance Web Service for Pedigree and Serialization



Manage Product Lot for Pedigree and Serialization Duty

• Create Product Lot for Pedigree and Serialization

• Delete Product Lot for Pedigree and Serialization

• Edit Product Lot for Pedigree and Serialization

Merge Product Lot Web Service for Pedigree and Serialization Duty

Merge Product Lot Web Service for Pedigree and Serialization



View Product Lot Work Area for Pedigree and Serialization

View Product Lot Work Area for Pedigree and Serialization



• Product Data Steward

• Industry Description: Individual responsible for managing and maintaining product data quality and integrity.

• Job Role Code: EGI_PRODUCT_DATA_STEWARD_JOB

Duty Roles:

Security 4-15


Manage Product for Pedigree and Serialization Duty

• Create Product for Pedigree and Serialization

• Edit Product for Pedigree and Serialization

• Delete Product for Pedigree and Serialization





• Production Manager

• Industry Description: Individual responsible for directing production operations and processes for a plant, division, or company, including production scheduling, staffing, equipment, quality control, inventory control, and the coordination of production activities with those of other departments; measures progress by established standards of performance.

• Job Role Code: WIP_PRODUCTION_MANAGER_JOB

Duty Roles:













Import Serial Transaction Exception for Pedigree and Serialization Duty

• Clear Serial Import Exception for Pedigree and Serialization


Import Serial Transaction for Pedigree and Serialization Duty

• Add Serial Import Transaction for Pedigree and Serialization

• Reprocess Serial Import Transaction forPedigree and Serialization


Security 4-17
































View Packaging Work Area for Pedigree and Serialization Duty

View Packaging Work Area for Pedigree and Serialization

View Serial Destination for Pedigree and Serialization Duty

View Serial Destination for Pedigree and Serialization

View Serial Range for Pedigree and Serialization Duty

View Serial Range for Pedigree and Serialization

View Serial Work Area for Pedigree and Serialization Duty

View Serial Work Area for Pedigree and Serialization





Security 4-19


Work Order Serialization for Pedigree and Serialization Duty

• Add Serial Generation Transaction for Pedigree and Serialization Manager

• Create Package for Pedigree and Serialization Manager

• Create Serial Generation Request for Pedigree and Serialization Manager

• Delete Serial Generation Request for Pedigree and Serialization Manager

• Perform Work Order Serialization for Pedigree and Serialization Manager

• Submit Serial Generation Request for Pedigree and Serialization Manager

• View Product Transaction for Pedigree and Serialization Manager

• Production Worker

• Industry Description: A worker directly engaged in production, including fabrication, machining, assembly, finishing, and related activities.

• Job Role Code: WIP_PRODUCTION_WORKER_JOB

Duty Roles:




Security 4-21


















View Serial Work Area for Pedigree and Serialization Duty

View Serial Work Area for Pedigree and Serialization






• Receiving Agent

• Industry Description: Individual responsible for material control of all productsdelivered to the business from suppliers.

• Job Role Code: RCV_RECEIVING_AGENT_JOB

Duty Roles:













• Receiving and Inspection Manager

• Industry Description: Individual responsible for the receipt and inspection of incoming materials, parts or products; obtains, verifies and submits receiving documents and information for matching against invoices; controls assets and inventory until delivered to and accepted by procuring parties; arranges for return of refused receipts; plans, organizes and coordinates the receiving department.

• Job Role Code: RCV_RECEIVING_AND_INSPECTION_MANAGER_JOB

Duty Roles:

Security 4-23


Manage Product Return Exception for Pedigree and Serialization Duty

• Clear Product Return Exception for Pedigree and Serialization

• Edit Product Return Transaction for Pedigree and Serialization






















• Shipping Agent

• Industry Description: Individual responsible for material control of all productsdelivered to the business from suppliers.

• Job Role Code: WSH_SHIPPING_AGENT_JOB

Duty Roles:













Security 4-25




• Shipping Manager

• Industry Description: Individual responsible for the shipment of outgoing materials, parts or products; ensures order accuracy and improves production standards; oversees stock placement, warehouse space utilization, and changes that effect loading time; ensures warehouse drawings and floor plan layouts aremaintained and updated as changes occur; manages safety programs for all operations in accordance with applicable safety and OSHA regulations; develops, submits, and controls annual shipping budget; monitors and controls operator staffing and workload; reviews all customer loading requirements andensures compliance; investigates and responds to customer complaints.

• Job Role Code: WSH_SHIPPING_MANAGER_JOB

Duty Roles:


Manage Product Shipment Exception for Pedigree and Serialization Duty

• Clear Product Shipment Exception for Pedigree and Serialization

• Edit Product Shipment Transaction for Pedigree and Serialization


Security 4-27

• Supply Chain Application Administrator

• Industry Description: Individual responsible for the performance of recurring operational tasks related to the support of an enterprise infrastructure.

• Job Role Code: RCS_SUPPLY_CHAIN_APPLICATION_ADMINISTRATOR_JOB

Duty Roles:


Manage Pedigree and Serialization System Setup Duty

• Create Location for Pedigree and Serialization

• Delete Location for Pedigree and Serialization

• Edit Location for Pedigree and Serialization

• Edit Serial Type Group for Pedigree and Serialization

• Create Serial Type Group for Pedigree and Serialization

• Delete Serial Type Group for Pedigree and Serialization

• Edit Serial Type for Pedigree and Serialization

• Delete Serial Type for Pedigree and Serialization

• Edit Lookup for Pedigree and Serialization

• Edit Pedigree and Serialization System Parameter








Synchronize Product for Pedigree and Serialization Duty

Perform Product Synchronization for Pedigree and Serialization

Synchronize Product Lot for Pedigree and Serialization Duty

Perform Product Lot Synchronization for Pedigree and Serialization



View Location Contact for Pedigree and Serialization Duty

View Location Contact for Pedigree and Serialization







View Web Service Exceptions for Pedigree and Serialization Duty

View Web Service Exceptions for Pedigree and Serialization

• Warehouse Manager

• Industry Description: Manages the supply and demand for products in the warehouse and ensures the smooth flow of product through the fulfillment cycle. This user could benefit from information from the system to be alerted

Security 4-29

when demand is "stuck" and not moving because of a) short supply or b) inefficiencies in the pick, pack, and shipping process. This users also has a forecasted or target shipment revenue to attain, and needs to be alerted when this target is in danger of not being met so that corrective action can be taken. Ultimately, this individual helps create customer satisfaction by ensuring smooth operation of the supply chain.

• Job Role Code: INV_WAREHOUSE_MANAGER_JOB

Duty Roles:




























• Warehouse Operator

• Industry Description: Move material within the warehouse including putting material away to stock, cross docking, picking material, consolidating picked material, labeling product or packages, replenishing, cycle counting, and performing physical inventories. Moving the material may require heavy liftingand equipment to handle the material such as, fork lifts.

Security 4-31

• Job Role Code: INV_WAREHOUSE_OPERATOR_JOB

Duty Roles:














Securing Services Using Oracle Web Service Manager

Securing Services ExplainedOracle Web Services Manager (OWSM) is a comprehensive and easy-to-use solution for policy management and security of service infrastructure. It provides visibility and control of the policies through a centralized administration interface offered by Oracle Enterprise Manager. To secure the service infrastructure (for example, web services, SOA composites, and so on) offered by the Oracle Pedigree and Serialization Manager product, it is highly recommended that you use OWSM.


Important: The policies mentioned below are "access control" service policies. As a result, they only enforce who is authorized to invoke the service. The connection between the client and the WebLogic Service is not secure, and the SOAP message is in plain text. Where appropriate, itis highly recommended that services are further hardened to utilize more secure "transport-level" or "message-level" policies as described inthe Security and Administrator's Guide for Web Services documentation.

Setting Up a Credential Store and KeyThe following steps provide instructions on how to set up a credential store used to store credentials used by the identity switching policies described below.

To Create a Credential Store and Key: Follow this procedure to create a credential store and related key for use when securing Oracle Pedigree and Serialization Manager services:

1. Navigate to the Oracle Enterprise Manager URL:

http://:/em

2. On the Enterprise Manager Control page, expand the WebLogic Domain node under the navigation tree and select your domain (for example, base_domain).

3. Select WebLogic Domain, Security, and Credentials to navigate to the credential store setup page.

4. Using the Create Map button, create the following new map name:

• oracle.wsm.security

5. Select the newly created map, and use the Create Key button to create a new key. Provide the following values:

• Key: (for example, basic.credentials, opsm.credentials, and so on)

• Type: Password

• User Name:

• Password:

• Confirm Password:

Security 4-33

Important: In addition to providing functional security for the application, the system also provides equivalent functional security for web services. As such, it may be necessary to create multiple credential store keys to store different users. For example, you may want to create a credential store key of "opsm.lotsynch.credentials" to store the user that is authorized to invoke services related to management of lots. In addition, you may want to create an additional credential store key of "opsm.transactions.credentials" to store the user that is authorized to invoke services related to creation of shipment and/or return transactions. These credential store keys can then be referenced on the security policies as described in the Setting Up Policies With Different Credentials, page 4-34 section below.

Setting Up Global Policy AttachmentsThe following steps provide instructions on how to set up global policy attachments that apply to the Oracle Pedigree and Serialization Manager services:

To Create Global Policy Attachments:Follow this procedure to create global policy attachments (for example, policy sets) for use when securing Oracle Pedigree and Serialization Manager services:


http://:/em


3. Select WebLogic Domain, Web Services, and Policy Sets to set up global policy attachments.

4. Using the Create button, add new policy sets for each of the following resources:

• SOA Reference

• SOA Service

• Web Service Client

• Web Service Connection

• Web Service Endpoint

• Asynchronous Callback Client

When it is necessary to select the service policy, please utilize the


"oracle/wss_saml_or_username_token_service_policy" policy.

When it is necessary to select the client policy, please utilize the "oracle/wss10_saml_token_client_policy" policy.

Note: Be sure to provide the appropriate resource scope (for example, domain name, server instance name, application name, soa composite name, and so on) to control the scope of resources for the policy set.

For more information, see the Oracle Fusion Middleware Security and Administrator's Guide for Web Services, "Creating and Managing Policy Sets".

Important: Remember to enable the policy set for the security policies to be applied when running the Oracle Pedigree and Serialization Manager services.

Setting Up Policies with Different CredentialsIn the Setting Up Global Policy Attachments For Composites, page 4-35 section below, you will be using policies that utilize identity switching. By default, these security polices utilize the "basic.credentials" credential store key when looking for the appropriate user credentials. If you did not utilize "basic.credentials" as your credential store key, or you set up multiple credential store keys due to functional security requirements, you will need to copy the existing default web service policy to modify the value being used as the credential store key. The following steps provide instructions on how to set up basic security policies that use different credential store keys:

To Create Policies Using Different Credentials: Important: The following steps are only required if you are not using "basic.credentials" as your credential store key.

Follow this procedure to create a copy of the existing Oracle Web Service Manager policies for use when securing Oracle Pedigree and Serialization Manager services:


http://:/em


3. Select WebLogic Domain, Web Services, and Policies to navigate to the available

Security 4-35

web service policies.

4. Select the following web service policy then click the Create Like button:

• oracle/wss_username_token_client_policy

Note: The filters on the web service policies page may need to be modified to be able to view the client policies.

5. On the Configurations tab, edit the property set for the csf-key and enter the value of the key you specified in step 5 of the Setting Up a Credential Store and Key, page4-32 section.

6. Repeat steps 4 and 5 for each credential store key you set up in step 5 of the Setting Up a Credential Store and Key, page 4-32 section.

Setting Up Global Policy Attachments for CompositesThe following steps provide instructions on how to set up global policy attachments that apply specifically to the Oracle Pedigree and Serialization Manager SOA composites utilized by integrations:

To Create Global Policy Attachments for Composites:Separate global policies are required for the SOA composites that are utilized by integrations. Specifically, they are used to override the default global policy attachment that utilizes identity propagation, to instead utilize a policy that utilizes identity switching.

Follow this procedure to create global policy attachments for web service references utilized within the PasCreateTransactionsComposite and PasLotSynchronizationComposite SOA composites:


http://:/em


3. Select WebLogic Domain, Web Services, and Policy Sets to set up global policy attachments.

4. Using the Create button, add a new policy set for the following resource:

• SOA Reference

5. Enter a name and optionally a description for this policy set, then click the Next


button to continue.

Tip: Use either the name or the description, to identify that this policy set is used specifically for SOA references within the PasCreateTransactionsComposite.

6. Provide appropriate resource scope values for Domain Name and Server Instance Name. In addition, enter PasCreateTransactionsComposite for the SOA CompositeName. Click the Next button to continue.

7. Attach the following web service policy then click the Next button to continue:


Important: If you created a copy of the above policy as described in the Setting Up Policies With Different Credentials, page 4-34 section, be sure to attach that policy instead.

8. Validate the policy set, then press the Save button.

9. Using the Create button, add a new policy set for the following resource:

• SOA Reference

10. Enter a name and optionally a description for this policy set, then click the Next button to continue.

Tip: Use either the name, or the description, to identify that this policy set is used specifically for SOA references within the PasLotSynchronizationComposite.

11. Provide appropriate resource scope values for Domain Name and Server Instance Name. In addition, enter PasLotSynchronizationComposite for the SOA Composite Name. Click the Next button to continue.

12. Attach the following web service policy then click the Next button to continue:


Important: If you created a copy of the above policy as described in the Setting Up Policies With Different Credentials, page 4-34 section, be sure to attach that policy instead.

Security 4-37

13. Validate the policy set, then press the Save button.

Verifying Policy AttachmentsThe following steps provide instructions on how to verify policy attachments to ensure the appropriate Oracle Pedigree and Serialization Manager (OPSM) web services are secured.

To Verify Policy Attachments:Use this procedure to verify policy attachments for all services and clients used by the OPSM product:

1. Start a WLST session to run custom web services WLST commands.

Note: Review the "Accessing the Web Services Custom WLST Commands" section in the Security and Administrator's Guide for WebServices for instructions.

2. Verify service policies are attached and the endpoint is secure by running the following WLST command:

• listWebServices(None,None,true)

Note: Use this table to verify the services used within the OPSM product.

Service/Composite Reference Service Policy

PasTransmitSerialsViaFileComposite

transmitserialsviafile_client_ep

oracle/wss_saml_or_username_token_service_policy

PasTransmitSerialsViaWebComposite

transmitserialsviaweb_client_ep


PasSerialsService_SerialsService

SerialsServiceAMService oracle/wss_saml_or_username_token_service_policy


LotsServiceAMService oracle/wss_saml_or_username_token_service_policy


PackagingServiceAMService oracle/wss_saml_or_username_token_service_policy


Service/Composite Reference Service Policy

PasTransactionsService_TransactionsService

SerialGenerationRequestProcessServiceAMService



JobInstanceServiceAMService



TransactionsProcessingServiceAMService



SerialGenRequestServiceAMService



TransactionsServiceAMService


3. Verify client policies are attached and the endpoint is secure by running the following WLST command:

• listWebServiceClients(None,None,true)

Note: Use this table to verify the clients used within the OPSM product.

Service/Composite Reference Client Policy

PasTransmitSerialsViaWebComposite

ExampleWebService oracle/wss10_saml_token_client_policy

PasTransactionsComposite TransmitViaWeb oracle/wss10_saml_token_client_policy

PasTransactionsComposite TransmitViaFile oracle/wss10_saml_token_client_policy

PasLotSynchronizationComposite

MergeLotWebService Client policy you attached instep 12 of the Setting Up Global Policy Attachments for Composites, page 4-35 section.

Security 4-39

Service/Composite Reference Client Policy

PasLotSynchronizationComposite

JobInstanceServiceAMService

Client policy you attached instep 12 of the Setting Up Global Policy Attachments for Composites, page 4-35 section.

PasSerialGenRequestComposite

SerialGenRequestWebService

oracle/wss10_saml_token_client_policy

PasCreateTransactionsComposite

CreateTransactionWebService


PasCreateTransactionsComposite

CreateJobInstanceWebService


PasTransactionsComposite TransactionWebServices oracle/wss10_saml_token_client_policy


SerialsServiceAMServiceImpl/_oracleAsyncResponseClient



LotsServiceAMServiceImpl/_oracleAsyncResponseClient



PackagingServiceAMServiceImpl/_oracleAsyncResponseClient



TransactionsProcessingServiceAMServiceImpl/_oracleAsyncResponseClient

oracle/wss10_saml_token

oracle® pedigree and serialization managervii preface intended audience welcome to release 1.1 of...

Documents