This tutorial covers configuring an Oracle Internet Directory (OID) authentication provider in Oracle WebLogic Server using the WebLogic Administration console. Oracle Platform Security Services (OPSS) uses the authentication provider configuration within a WebLogic domain to bootstrap its connection with an identity store.
After completing this exercise, you should be able to:
Approximately 1 hour or less
OPSS is Oracle's security framework for developing and managing security services in Java SE and EE environments. This tutorial is Configuring an OID Authentication Provider in WebLogic.
Configuring an OID Authentication Provider in WebLogic
This is the architecture that depicts the configuration of an OID LDAP-based authentication provider used by OPSS applications deployed on a WebLogic Server environment. This OBE covers how to configure the OID authentication provider alongside the WebLogic embedded LDAP provider for use with OPSS. The environment consists of the following:
The following is a list of requirements:
Before starting this tutorial, complete the following prerequisites:
1. |
This OBE requires that you have completed the OPSS Set Up OBE. |
---|
Follow the steps below to configure an OID authentication provider using the Weblogic Administration Console:
1. |
Open the Firefox web browser using the
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2. |
Open the WebLogic Administration Console by browsing to http://localhost:7001/console. Login using the following credentials: Username: weblogic
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3. |
Click the Security Realms link in the Domain Structure pane to show the list of security realms for the domain.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
4. |
Click the myrealm link in the Realms pane to show the settings for the domain's security realm.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
5. |
Click the Providers tab to show the security providers configured for myrealm.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
6. |
Click the Authentication tab to list the currently configured authentication providers for this domain's security realm. The default out-of-the-box providers are shown for the embedded LDAP authentication provider and identity asserter. This is where you configure the new OID authentication provider.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
7. |
Click New to create a new authentication provider for this domain.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
8. |
The Create a new Authentication Provider page is displayed. Give your new authentication provider a name, such as OID Authenticator, select the type called OracleInternetDirectoryAuthenticator, and click OK.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
9. |
You should now see your new OID authenticator in the list of authentication providers, at the bottom of the list.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
10. |
Click the link for your OID authentication provider to configure its settings.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
11. |
The Settings for OID Authenticator is displayed. Click the Provider Specific tab to configure the detailed settings for this provider.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
12. |
This step guides you through all of the settings for configuring your new OID authentication provider. All the settings are made on a single configuration page, however we go through them one section at a time in this instruction. The first section contains the Connection settings for the OID server. Use the values from the table below for this section:
Validate your settings against the screen shot below: The next section contains the Users settings for the OID provider. Use the values from the table below for this section:
Validate your settings against the screen shot below: The next section contains the Groups settings for the OID provider. Use the values from the table below for this section:
Validate your settings against the screen shot below: Click Save to persist your changes.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
13. |
Click the Common tab in the Settings for OID Authenticator pane to show settings common to all authentication providers.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
14. |
Change the Control Flag setting to SUFFICIENT and click Save. This setting allows this provider to participate in the authentication process without requiring the user to be in its identity store.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
15. |
Click the Providers link the breadcrumb displayed near the top of the page to quickly navigate back to the Authentication Providers page.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
16. |
Click the DefaultAuthenticator link to display its common settings so you can change its control flag to SUFFICIENT as well.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
17. |
Change the Control Flag setting to SUFFICIENT and click Save. This setting allows this provider to participate in the authentication process without requiring the user to be in its identity store.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
18. |
Click the Providers link the breadcrumb displayed near the top of the page to quickly navigate back to the Authentication Providers page.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19. |
Click Reorder to change the order of your configured authentication providers. If you remember from the OPSS Concepts self-study course, OPSS obtains its authentication configuration from the authentication provider configuration found in the WebLogic Server domain. It also states that OPSS first looks at all of the LDAP-based authentication providers in the list, and chooses the first one in the list with the highest control flag setting. Because we configured both LDAP-based authentication providers to use the SUFFICIENT control flag setting, OPSS would use the default authenticator if we left the configuration as it is now. In order to ensure that OPSS recognizes your new OID authenticator as its authentication provider, you must reorder your list of authentication providers so that the OID authentication provider is first in the list.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20. |
Select the OID Authenticator and use the arrows on the right to move it into the first position. Click OK.
|
This section guides you through the steps to verify that WebLogic Server is successfully connected to the OID LDAP server.
1. |
Restart WebLogic Server for your changes to take effect. The fastest way to restart WebLogic is to press Ctrl-C in the terminal window where it was started, and then rerun the startWebLogic.sh script.
|
---|---|
2. |
After the WebLogic Server is in RUNNING mode again, login to the WebLogic Administration Console to test the server's connection to OID.
|
3. |
Within the WebLogic Administration Console, select Security Realms > myrealm > Users and Groups tab. The Users sub-tab should be selected by default. You should see the users you browsed earlier in the OPSS Set Up OBE, such as joemanager and joeuser. Note how each user also has the authentication provider listed where the user was obtained.
|
4. |
Click the Groups tab to see the list of groups the server can see. You should see the groups you browsed earlier in the OPSS Set Up OBE, such as employees and supervisors. Note that the screen shot below has been altered slightly to conserve space. The supervisors group may not be visible on the first paginated view of the group list. Click Next to view this group.
|
You have now completed the Configuring an OID Authentication Provider in WebLogic OBE . You are ready to continue with the other OBE tutorials included in this series. This tutorial is a dependency for all of the other OBE tutorials in this series.
In this tutorial, you have learned how to:
Credits
![]() |
Copyright © 2012, Oracle and/or its affiliates. All rights reserved |