This section describes how to configure external Oracle Internet Directory for in-process servers and standalone servers and to reassociate Reports with Oracle Internet Directory and another Portal.
It discusses the following topics:
Configuring External Oracle Internet Directory for In-Process Servers
Configuring External Oracle Internet Directory for Standalone Servers
You can migrate from the default embedded ID store of WebLogic Server to an external Oracle Internet Directory to configure the ID store and Policy store settings. Note that configuration of an external Oracle Internet Directory is a post-installation procedure.
If you are using JPS-based security, you can configure an external Oracle Internet Directory as ID store through the Oracle WebLogic Server Administration Console.
To configure an external Oracle Internet Directory as an ID store through Oracle WebLogic Server, complete the following steps:
Navigate to the WebLogic Server Administration Console.
From the Domain Structure window, select Security Realms.
The Summary of Security Realms page is displayed.
Select a Realm from the Realms table.
From the settings for the realm page, click the Providers tab.
Select New from the list of Authentication Providers.
Enter a name in the Name field. From the Type drop-down list, select OracleInternetDirectoryAuthenticator, and click OK.
Select the new authenticator, and set the Control Flag to Sufficient.
Select the Provider Specific tab, and enter valid values in the appropriate fields.
Select the default Authenticator and set the Control Flag to OPTIONAL.
Click Save.
Restart the Admin Server.
Select the Security Realm > Users and Groups. Ensure that all users of external Oracle Internet Directory are seen on this page.
Now, users trying to access the in-process servers are authenticated based on the users specified in the external Oracle Internet Directory.
If you are using JPS-based security, you can configure an external Oracle Internet Directory as policy store though Oracle Enterprise Manager.
To configure the policy store in Oracle Enterprise Manager, complete the following steps:
Log in to Oracle Enterprise Manager.
Navigate to the WebLogic domain.
From the WebLogic Domain menu, select Security > Security Provider Configuration.
Click Configure.
Provide the Oracle Internet Directory and JPS root node details and click OK.
Note:
If the JPS root node does not exist on Oracle Internet Directory, you must create it. For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.The policies configured in the system-jazn-data.xml file are migrated to the external Oracle Internet Directory.
If you have configured an external Oracle Internet Directory, you must reassociate Reports to map to the new Oracle Internet Directory.
To map Reports to associate with the new Oracle Internet Directory using Oracle Enterprise Manager, complete the following steps:
Log in to Oracle Enterprise Manager.
Navigate to your Reports Application home page.
From Reports menu select Administration > Reports OID Association.
The Reports OID Association Details Page is displayed.
Click the Associate tab.
Specify the Oracle Internet Directory Host, Oracle Internet Directory Port, Username and Password.
Click OK.
Note:
Associating or deassociating Oracle Internet Directory affects all the Reports components associated with that particular Oracle Instance home. If Reports components are associated with different Oracle Instance homes, you must associate or deassociate Oracle Internet Directory individually for each Oracle Instance home.Ensure that you have reassociated Reports to the new Oracle Internet Directory. To reassociate Reports to Portal, complete the following steps:
Log in to Oracle Enterprise Manager.
Navigate to the WebLogic Domain Home page.
From the WebLogic Domain menu, select Security > Credentials.
Add Portal Credentials in the Credential Store.
Add a new key value pair in the reports map. For example, add a key as hrportalPasswdKey and key value as portal schema password.
Add the corresponding entries in $DOMAIN_HOME/servers/WLS_REPORTS/stage/reports/reports/configuration/rwserver.conf file.
For example:
<security id="rwSec" class="oracle.reports.server.RWSecurity">
...
...
<property name="portalUserName" value="<portal_schema_username>"/>
<!-- portal connections details of form host:port:dbalias -->
<property name="portalConnection" value="<portal_connection_details>"/>
<property name="portalPasswdKey" value="csf:reports:<portal_key>"/>
</security>
After you add the values, the configuration file should look like this:
<security id="rwSec" class="oracle.reports.server.RWSecurity">
...
...
<property name="portalUserName" value="hrportal"/>
<property name="portalConnection" value="host.domain.com:1521:dbalias"/>
<property name="portalPasswdKey" value="csf:reports:hrportalPasswdKey"/>
</security>
For more information about deploying Reports in Portal, see Chapter 15, "Deploying Reports in Oracle Portal"
You can migrate from the default ID store (JAZN-XML) to an external Oracle Internet Directory to configure the ID store and Policy store settings. Note that the configuration of an external Oracle Internet Directory is a post-installation step.
To configure an external Oracle Internet Directory as an ID store or policy store, you must modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml file manually.
To configure an external Oracle Internet Directory as an ID store, modify the jps-config-jse.xml file as follows:
Under <jpsContext name="default">, add the following entries:
<serviceInstanceRef ref="idstore.oid"/>
Comment out the following:
<!--serviceInstanceRef ref="idstore.xml"/-->
Under <serviceInstances>, add the following entry:
<serviceInstance name="idstore.oid" provider="idstore.ldap.provider"> <property name="subscriber.name" value="dc=us,dc=abc,dc=com"/> <property name="idstore.type" value="OID"/> <property name="cleartext.ldap.credentials" value="cn=password"/> <property name="ldap.url" value="ldap://abc.us.com:389"/> <extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=us,dc=abc,dc=com</value> </values> </extendedProperty> <extendedProperty> <name>group.search.bases</name> <values> <value>cn=groups,dc=us,dc=abc,dc=com</value> </values> </extendedProperty> <property name="username.attr" value="uid"/> <propperty name="groupname.attr" value="cn"/> </serviceInstance>
Under < serviceProviders> add the following:
<serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider"
class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider">
</serviceProvider>
<description>Prototype LDAP-based ID store</description>
To configure an external Oracle Internet Directory as a policy store, modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml file as follows:
Under <jpsContext name="default"> add the following:
<serviceInstanceRef ref="policystore.ldap"/>
Comment out the following:
<!--serviceInstanceRef ref="policystore.xml"/-->
Under <serviceInstances>, add the following:
<serviceInstance provider="ldap.policystore.provider" name="policystore.ldap">
<property value="OID" name="policystore.type"/>
<property name="security.principal" value="cn=orcladmin" />
<property name="security.credential" value="password" />
<property value="cn=PRDomain" name="oracle.security.jps.farm.name"/>
<property value="cn=sta796_sa_root" name="oracle.security.jps.ldap.root.name"/>
<property value="ldap://abc.us.com:389" name="ldap.url"/>
</serviceInstance>
Under <serviceProviders>, add the following:
<serviceProvider type="POLICY_STORE" name="ldap.policystore.provider"
class="oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider">
<description>Prototype LDAP-based ID store</description>
</serviceProvider>
Save and restart WLS_REPORTS.