Administration Console Online Help

WebLogic Credential Mapping-->General

Tasks Related Topics Attributes

Overview

Use this page to configure a WebLogic Credential Mapping provider for a security realm.

Note: The WebLogic Server Administration Console refers to the WebLogic Credential Mapping provider as the Default Credential Mapper.

Credential mapping is the process whereby a remote system's authentication and authorization mechanisms are used to obtain an appropriate set of credentials to authenticate users to a target resource. In the WebLogic Server security architecture, a Credential Mapping provider is used to provide credential mapping services and bring new types of credentials into the WebLogic Server environment.

By default, the WebLogic Credential Mapping provider is configured in the default security realm (myrealm). You can use a Custom Credential Mapping provider instead of the WebLogic Credential Mapping provider. For a Custom Credential Mapping provider to be available in the WebLogic Server Administration Console, the MBean JAR file for the provider must be in the WL_HOME\lib\mbeantypes directory.

The Credential Mapping Deployment Enabled attribute specifies whether or not this Credential Mapping provider imports credential maps from the weblogic-ra.xml deployment descriptor.

In order to support the Credential Mapping Deployment Enabled attribute, a Credential Mapping provider must implement the DeployableCredentialProvider SSPI. By default, the WebLogic Credential Mapping provider has this attribute enabled. Therefore, information from a weblogic-ra.xml deployment descriptor file is automatically loaded into the WebLogic Credential Mapping provider when the resource adapter is deployed.

It is important to understand that once information from a weblogic-ra.xml deployment descriptor file is loaded into the embedded LDAP server, the original resource adapter remains unchanged. Therefore, if you redeploy the original resource adapter (which will happen if you redeploy it through the WebLogic Server Administration Console, modify it on disk, or restart WebLogic Server), the data will once again be imported from the weblogic-ra.xml deployment descriptor file and credential mapping information may be lost.

To avoid overwriting new credential mapping information with old information in a weblogic-ra.xml deployment descriptor file, enable the Ignore Security Data in Deployment Descriptors attribute on the security realm.

Tasks

Configuring a New Security Realm

Configuring the WebLogic Credential Mapping Provider

Configuring a Custom Security Provider

Attributes

Table 180-1

Attribute Label	Description	Value Constraints
Name	The name of this WebLogic Credential Mapping provider.configuration MBean: `weblogic.security. providers.credentials. DefaultCredentialMapperMBean` Attribute: `Name`
Description	A short description of this WebLogic Credential Mapping provider. MBean: `weblogic.security. providers.credentials. DefaultCredentialMapperMBean` Attribute: `Description`	Default: "WebLogic Credential Mapping Provider"
Version	The version number of this WebLogic Credential Mapping provider. MBean: `weblogic.security. providers.credentials. DefaultCredentialMapperMBean` Attribute: `Version`	Default: "1.0"
Credential Mapping Deployment Enabled	Specifies whether this WebLogic Credential Mapping provider stores credential maps that are created while deploying a Resource Adapter (RA). MBean: `weblogic.security. providers.credentials. DefaultCredentialMapperMBean` Attribute: `CredentialMappingDeployment Enabled`	Default: new java.lang.Boolean(true) Valid values: true false