Skip Headers
Oracle® Fusion Middleware Publishing Reports to the Web with Oracle Reports Services
11g Release 1 (11.1.1)

Part Number B32121-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

15.5 End-to-End Security Scenarios

This section describes end-to-end security scenarios that involve both authentication and authorization.

The following table describes JPS-based security scenarios.

Table 15-7 JPS-Based Security Scenarios

Security Scenario Description

JPS-OID Authorization with Single-Sign-On Authentication for Reports Servlet

 

This scenario involves the following:

  • Single Sign-On for authentication

  • JPS-OID for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-On.

  2. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  3. Ensure that all users that are present in the Oracle Internet Directory used by Single Sign-On are in the ID store used by JPS. Alternatively, configure JPS to point to the ID store used by Single Sign-On.

  4. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  5. Configure JPS Oracle Internet Directory as a policy store. For more information, see Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based Security.

  6. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports" to use Oracle Enterprise Manager to update the report security policies defined in Oracle Internet Directory.

  7. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.

JPS-OID Authorization with JPS-OID as ID Store for Other Reports Clients

 

This scenario involves the following:

  • JPS-OID for authentication

  • JPS-OID for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  2. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  3. Configure JPS-OID as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store When Using JPS-Based Security.

  4. Configure JPS-OID as a policy store. For more information, see Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based Security.

  5. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports" to use Oracle Enterprise Manager to update the report security policies defined in Oracle Internet Directory.

  6. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.

JAZN-XML Authorization with Single Sign-On Authentication for Reports Servlet

 

This scenario involves the following:

  • Single Sign-On for authentication

  • JAZN-XML for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-On.

  2. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  3. Ensure that all users that are present in the Oracle Internet Directory used by Single Sign-On are in the ID store used by JPS. Alternatively, configure JPS to point to the ID store used by Single Sign-On.

  4. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  5. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports".

  6. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.

  7. If the system-jazn-data.xml file is used as the policy store, search for the "reports" application in the system-jazn-data.xml file. To use JPS to authorize users in Oracle Internet Directory, add the corresponding users in the member section of the system-jazn-data.xml file. For more information, see Section 15.4.2, "Additional Step When Using JPS for Authorization".

JAZN-XML Authorization with JPS-OID Authentication for Other Reports Clients

 

This scenario involves the following:

  • JPS-OID for authentication

  • JAZN-XML for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  2. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  3. Configure JPS-OID as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store When Using JPS-Based Security.

  4. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports" to update the report security policies defined in Oracle Internet Directory.

  5. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.

  6. If the system-jazn-data.xml file is used as the policy store, search for the "reports" application in the system-jazn-data.xml file. To use JPS to authorize users in Oracle Internet Directory, add the corresponding users in the member section of the system-jazn-data.xml. For more information, see Section 15.4.2, "Additional Step When Using JPS for Authorization".


The following table describes Portal-based security scenarios.

Table 15-8 Portal-Based Security Scenarios

Security Scenario Description

Portal-Based Authorization with Single-Sign-On Authentication for Reports Servlet

 

This scenario involves the following:

  • Single Sign-On for authentication

  • Portal-based authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-On.

  2. Ensure that Portal-based security is enabled. If you have enabled JPS-based security, switch to Portal-based security. In the Advanced Configuration Page in Enterprise Manager, select the Enable Security check box and then the Security features available through Oracle Portal option under the Reports Security section.

  3. Create security policies in Oracle Portal. For more information about creating security policies in Oracle Portal, see the Securing Oracle Portal chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal.

  4. Map users to application roles. For more information about mapping users to application roles, see Section 16.1, "Creating Reports Users and Named Groups"

Portal-Based Authorization with Oracle Internet Directory as ID Store for Other Reports Clients

 

This scenario involves the following:

  • Oracle Internet Directory for authentication

  • Portal-based for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Configure Oracle Internet Directory as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store.

  2. Ensure that Portal-based security is enabled. If you have enabled JPS-based security, switch to Portal-based security. In the Advanced Configuration Page in Enterprise Manager, select the Enable Security check box and then the Security features available through Oracle Portal option under the Reports Security section.

  3. Create security policies in Oracle Portal. For more information about creating security policies in Oracle Portal, see the Securing Oracle Portal chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal.

  4. Map users to application roles. For more information about mapping users to application roles, see Section 16.1, "Creating Reports Users and Named Groups"