5 Credential Mapping

This chapter describes how to configure credential mapping for Oracle WebCenter Ensemble resources. It is divided into the following topics:

• About Credential Mapping, describes what credential mapping is and how it can be used.

• Configuring Credential Mapping, provides details on how to configure credential mapping.

About Credential Mapping

Credential mapping allows Oracle WebCenter Ensemble to supply credentials to proxied applications automatically. The credentials used by Oracle WebCenter Ensemble to log in to the application can come from:

• The Credential Vault. When the user logs into the proxied resource, her credentials are stored in the Credential Vault. Subsequent access to that resource is authenticated using the stored credentials.

• The user's Oracle WebCenter Interaction or LDAP profile. Credentials for specific applications can be stored in the user's profile and used by Oracle WebCenter Ensemble to automatically log the user into proxied applications.

• Static credentials. The Oracle WebCenter Ensemble resource can be configured with static credentials that are used for every user with access to the resource.

Configuring Credential Mapping

Oracle WebCenter Ensemble can automatically log in to resources through HTML forms and basic authentication.

The following sections describe how to configure credential mapping for authentication:

• Configuring Credential Mapping for HTML Forms, describes how to configure a resource to log in automatically to a resource that prompts for authentication with an HTML form.

• Configuring Credential Mapping with Basic Authentication, describes how to configure a resource to log in automatically to a resource that prompts for authentication with basic authentication.

• Authentication Field Sources, describes the static, user profile, and credential vault authentication field sources.

Configuring Credential Mapping for HTML Forms

This section describes how to configure credential mapping for a resource that prompts for authentication with an HTML form.

To configure a resource for HTML form credential mapping:

1. Launch the Ensemble Console.

2. Click the APPLICATIONS tab.

3. Click the Resources sub-tab.

4. Click the name of the resource you want to edit.

5. On the Credential Mapping page, next to Status, select Enabled.

6. Next to Login Method, select HTML Form.

7. Create a new login form mapping by clicking New Form Configuration.

8. The login page can be identified by an URL or a regular expression:

   • If the login form is located at a static URL, select An URL and type the URL into the box.

   • If the login form is dynamic, select A Regular Expression and type the regular expression pattern into the box.

9. Map one or more field values to authentication field sources.

   1. Type the name of the HTML form input in the Field Name box.

   2. For details on how to configure the Source and Mapped Value properties, see Authentication Field Sources.

   3. To automatically detect and populate field mappings, click Detect Form Fields.

   4. To add additional field mappings, click Add.

   5. To delete field mappings, click the delete icon.

10. Set the login form action.

    • If the login form action is a static URL, select An URL and type the URL into the box.

    • If the login form is dynamic, select The url returned by the above regular expression and type the regular expression pattern into the box.

11. To submit the login form data as an HTTP POST, select Submit action as post. Otherwise, login form data will be submitted as an HTTP GET.

Configuring Credential Mapping with Basic Authentication

This section describes how to configure credential mapping for a resource that prompts for authentication with basic authentication.

To configure a resource for basic authentication credential mapping:

1. Launch the Ensemble Console.

2. Click the APPLICATIONS tab.

3. Click the Resources sub-tab.

4. Click the name of the resource you want to edit.

5. On the Credential Mapping page, next to Status, select Enabled.

6. Next to Login Method, select Basic.

7. Enter values for Basic Auth Username and Basic Auth Password. For details on how to configure the Credential Source and Credential Value properties, see Authentication Field Sources.

Configuring Credential Mapping with SPNEGO Authentication

This section describes how to configure credential mapping for a resource that prompts for SPNEGO authentication.

For instructions on integrating with Microsoft Active Directory via SPNEGO, see Integrating with Microsoft Active Directory via SPNEGO.

To configure a resource for SPNEGO authentication credential mapping:

1. Launch the Ensemble Console.

2. Click the APPLICATIONS tab.

3. Click the Resources sub-tab.

4. Click the name of the resource you want to edit.

5. On the Credential Mapping page select Send Spnego Token.

   The Spnego token enables Spnego authentication with the resource.

6. Click Save.

Authentication Field Sources

Authentication field sources map values to login fields. The following table describes each of the authentication field source values in the Source drop-down:

Table 5-1 Authentication Field Sources

Source	Description
Static	Use the static source when the authentication field is the same for all users accessing the resource. Type the static value in the Mapped Value box.
Masked Static	The masked static source is like the static source, except that the value typed into the Mapped Value box is obscured in the Ensemble Console UI. Use this source to protect the values of passwords and other sensitive fields.
User Profile	The user profile source uses properties from the user's Oracle WebCenter Interaction profile to supply credential data for authentication. For each form field with a user profile source, select the profile property from the picker.
Ensemble authentication credentials	Ensemble authentication credentials are the credentials a user has with Ensemble. In the Credential Value field, supply either the text username or password to specify whether the field should map to the user's username or password values.
Credential Vault	With the Credential Vault source, Oracle WebCenter Ensemble prompts the user for credentials the first time she accesses the resource. The supplied credentials are stored in the credential vault, and each subsequent access to that resource is authenticated with the stored credentials.