This chapter provides an overview of your options to integrate Oracle WebCenter Sites with an LDAP server.
This chapter contains the following sections:
WebCenter Sites connects to an authentication system through the Directory Services API. This API provides out-of-the-box support for two types of authentication systems, as shown in Figure 19-1.
The native authentication system, which validates WebCenter Sites users against the WebCenter Sites user management tables SystemUsers
and SystemUserAttrs
.
External directory server (LDAP server), which must be integrated with WebCenter Sites in order to validate WebCenter Sites users against the users that are listed in the directory server's database.
Note:
External user managers can also be integrated with WebCenter Sites, but must be customized to authenticate and/or authorize users.The following types of external directory servers can be integrated with WebCenter Sites:
Flat schema LDAP, which provides authentication and authorization services for web applications. LDAP schema is automatically configured when you run the WebCenter Sites-LDAP integrator (included with WebCenter Sites). The integrator requires you to first install a supported LDAP server (listed in the Oracle WebCenter Sites Certification Matrix available here: http://www.oracle.com/technetwork/middleware/webcenter/sites/downloads/index.html
).
Hierarchical schema LDAP, which provides authentication and authorization services for web applications and requires manual integration with WebCenter Sites.
Both integration options involve connecting the LDAP server to the Directory Services API by setting connection properties in the WebCenter Sites futuretense.ini
, futuretense_xcel.ini
, and dir.ini
files. Integration is complete when the WebCenter Sites user data is written to the LDAP server. Which type of data must be written depends on LDAP schema:
Flat schema LDAP requires authentication and authorization to be managed in the LDAP server, which means that WebCenter Sites users, ACLs, roles, and sites must be written to LDAP. Users include user accounts, user profiles, and user attributes.
Hierarchical schema LDAP requires only authentication to be managed in the LDAP server, which means that only users and ACLs must be written to LDAP. (Again, users include user accounts, user profiles, and user attributes.)
Writing roles and sites is optional. Choosing this option requires you to create a site organizational unit in the LDAP server by subordinating the WebCenter Sites roles to their relevant sites.
The following table summarizes LDAP schema and integration requirements.
Integration Type/Method | Flat Schema LDAP - Authentication | Flat Schema LDAP - Authorization | Hierarchal Schema LDAP - Authentication | Hierarchal Schema LDAP - Authorization |
---|---|---|---|---|
WebCenter Sites Web Application | Required | Required | Required | Optional |
Method | Integrator writes WebCenter Sites users and ACLs to LDAP | Use integrator or manually write WebCenter Sites roles and sites to LDAP | Integrate manually | Integrate manually |
For procedures on integrating with flat schema LDAP, see Chapter 20, "Integrating Oracle WebCenter Sites with Flat Schema LDAP Servers."
For procedures on integrating with hierarchical schema LDAP, see Chapter 21, "Integrating Oracle WebCenter Sites with Hierarchical Schema LDAP Servers."