19 Overview of the Oracle WebCenter Sites-LDAP Integration

This chapter provides an overview of your options to integrate Oracle WebCenter Sites with an LDAP server.

This chapter contains the following sections:

19.1 Introduction

WebCenter Sites connects to an authentication system through the Directory Services API. This API provides out-of-the-box support for two types of authentication systems, as shown in Figure 19-1.

  • The native authentication system, which validates WebCenter Sites users against the WebCenter Sites user management tables SystemUsers and SystemUserAttrs.

  • External directory server (LDAP server), which must be integrated with WebCenter Sites in order to validate WebCenter Sites users against the users that are listed in the directory server's database.

Figure 19-1 Two Types of Authentication

Description of Figure 19-1 follows
Description of "Figure 19-1 Two Types of Authentication"

Note:

External user managers can also be integrated with WebCenter Sites, but must be customized to authenticate and/or authorize users.

19.2 LDAP Integration Options

The following types of external directory servers can be integrated with WebCenter Sites:

  • Flat schema LDAP, which provides authentication and authorization services for web applications. LDAP schema is automatically configured when you run the WebCenter Sites-LDAP integrator (included with WebCenter Sites). The integrator requires you to first install a supported LDAP server (listed in the Oracle WebCenter Sites Certification Matrix available here: http://www.oracle.com/technetwork/middleware/webcenter/sites/downloads/index.html).

  • Hierarchical schema LDAP, which provides authentication and authorization services for web applications and requires manual integration with WebCenter Sites.

Both integration options involve connecting the LDAP server to the Directory Services API by setting connection properties in the WebCenter Sites futuretense.ini, futuretense_xcel.ini, and dir.ini files. Integration is complete when the WebCenter Sites user data is written to the LDAP server. Which type of data must be written depends on LDAP schema:

  • Flat schema LDAP requires authentication and authorization to be managed in the LDAP server, which means that WebCenter Sites users, ACLs, roles, and sites must be written to LDAP. Users include user accounts, user profiles, and user attributes.

  • Hierarchical schema LDAP requires only authentication to be managed in the LDAP server, which means that only users and ACLs must be written to LDAP. (Again, users include user accounts, user profiles, and user attributes.)

    Writing roles and sites is optional. Choosing this option requires you to create a site organizational unit in the LDAP server by subordinating the WebCenter Sites roles to their relevant sites.

The following table summarizes LDAP schema and integration requirements.

Integration Type/Method Flat Schema LDAP - Authentication Flat Schema LDAP - Authorization Hierarchal Schema LDAP - Authentication Hierarchal Schema LDAP - Authorization

WebCenter Sites Web Application

Required

Required

Required

Optional

Method

Integrator writes WebCenter Sites users and ACLs to LDAP

Use integrator or manually write WebCenter Sites roles and sites to LDAP

Integrate manually

Integrate manually