JPS-OID Authorization with Single-Sign-On Authentication for Reports Servlet
|
|
This scenario involves the following:
|
To use this combination of authentication and authorization, complete the following steps:
-
Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-On.
-
Enable JPS-based security by editing reports server config file.
-
Ensure that all users that are present in the Oracle Internet Directory used by Single Sign-On are in the ID store used by JPS. Alternatively, configure JPS to point to the ID store used by Single Sign-On.
-
Add the following property in the jps-config-jse.xml file:
<property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>
-
Configure JPS Oracle Internet Directory as a policy store. Alternatively you can use the database as policy store which is the default policy store. For more information, see Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based Security.
-
Create security policies. Refer to Section 6.3.2, "Defining Security Policies for Reports" to use Oracle Enterprise Manager to update the report security policies defined in Oracle Internet Directory.
-
Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.
|
JPS-OID Authorization with JPS-OID as ID Store for Other Reports Clients
|
|
This scenario involves the following:
|
To use this combination of authentication and authorization, complete the following steps:
-
Enable JPS-based security by editing reports server config file.
-
Add the following property in the jps-config-jse.xml file:
<property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>
-
Configure JPS-OID as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store When Using JPS-Based Security.
-
Configure JPS-OID as a policy store. Alternatively you can use the database as policy store which is the default policy store. For more information, see Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based Security.
-
Create security policies. Refer to Section 6.3.2, "Defining Security Policies for Reports" to use Oracle Enterprise Manager to update the report security policies defined in Oracle Internet Directory.
-
Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.
|
JAZN-XML Authorization with Single Sign-On Authentication for Reports Servlet
|
|
This scenario involves the following:
|
To use this combination of authentication and authorization, complete the following steps:
-
Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-On.
-
Enable JPS-based security. by editing reports server config file.
-
Ensure that all users that are present in the Oracle Internet Directory used by Single Sign-On are in the ID store used by JPS. Alternatively, configure JPS to point to the ID store used by Single Sign-On.
-
Add the following property in the jps-config-jse.xml file:
<property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>
-
Create security policies. Refer to Section 6.3.2, "Defining Security Policies for Reports".
-
Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.
-
If the system-jazn-data.xml file is used as the policy store, search for the "reports" application in the system-jazn-data.xml file. Database is used as default policy store. It is not recommended to change this to file based policy store (system-jazn-data.xml ). To use JPS to authorize users in Oracle Internet Directory, add the corresponding users in the member section of the system-jazn-data.xml file. For more information, see Section 15.4.2, "Additional Step When Using JPS for Authorization".
|
JAZN-XML Authorization with JPS-OID Authentication for Other Reports Clients
|
|
This scenario involves the following:
|
To use this combination of authentication and authorization, complete the following steps:
-
Enable JPS-based security by editing reports server config file.
-
Add the following property in the jps-config-jse.xml file:
<property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>
-
Configure JPS-OID as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store When Using JPS-Based Security.
-
Create security policies. Refer to Section 6.3.2, "Defining Security Policies for Reports" to update the report security policies defined in Oracle Internet Directory.
-
Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application Roles.
-
If the system-jazn-data.xml file is used as the policy store, search for the "reports" application in the system-jazn-data.xml file. Database is used as default policy store. It is not recommended to change this to file based policy store (system-jazn-data.xml ). To use JPS to authorize users in Oracle Internet Directory, add the corresponding users in the member section of the system-jazn-data.xml . For more information, see Section 15.4.2, "Additional Step When Using JPS for Authorization".
|