User Name Token, or UNT, is an alternative to SAML and provides the same basic single sign-on capability as SAML provides. User Name Token lets you map the local user on the consumer to a user on the producer. This chapter explains how to configure User Name Token security for a federated portal.
This chapter includes the following sections:
On the consumer, you need to set up credential mappings. Credential mapping is the process whereby a legacy system’s database is used to obtain an appropriate set of credentials to authenticate users to a target resource. In WebLogic Server, a Credential Mapping provider is used to provide credential mapping services and bring new types of credentials into the WebLogic Server environment. For more information on credential mapping, see the WebLogic Server topic, “Credential Mapping Providers.”
http://
servername
:
portnumber
/console
where servername
is your server’s IP name, and portnumber
is the server’s port. For example:
myproducer
7001
/
”. For example:
/myProducerWebProject/producer/wsrp-1.0/markup
/myProducerWebProject/producer/wsrp-1.0/portletManagement
/myProducerWebProject/producer/wsrp-1.0/registration
/myProducerWebProject/producer/wsrp-wlp-ext-1.0/markup
/myProducerWebProject/producer/wsrp-1.0/serviceDescription
To obtain this path, you can enter the WSDL address of the producer in a browser. For example, if the producer web application is called myProducerWebApp, the WSDL URL is:
http://
producerHost
:
producerPort
/myProducerWebApp/producer?wsdl
where producerHost
is the host name of the producer server and producerPort
is the port number of the producer server.
The producer’s WSDL definition appears in the browser. Locate the service description, and copy the markup path, as shown in Figure 18-4.
Note: | The local user you enter must exist on the consumer. If the user does not exist, you need to create it using the User Management feature of the WebLogic Portal Administration Console. |
Tip: | The local user name and the user name on the producer can be the same name or different names. |
Checkpoint: You have configured a credential mapping on the consumer. The next step is to configure the producer to recognize that mapping.
On the producer, you need to set up authentication.
Tip: | The WebLogic Authentication provider allows you to manage users and groups in one place, the embedded LDAP server. Note that the Administration Console refers to the WebLogic Authentication provider as the Default Authenticator. For more information on authentication, see the WebLogic Server topic, “Configure Authentication and Identity Assertion Providers.” |
http://
servername
:
portnumber
/console
where servername
is your server’s IP name, and portnumber
is the server’s port. For example:
Tip: | If the DefaultAuthenticator selection is not present, you need to add it and restart the server. |
Note: | The existing user name and password will not work. |
The User Name Token security feature lets you set up single sign-on between consumers and producers. The User Name Token method is an alternative to SAML, which is the default security for WebLogic Portal consumers and producers.