NoDocTitle

     Previous Next  Open TOC in new window   View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Creating a Custom Credential Mapping

Oracle WebCenter Ensemble provides an API for creating custom mappings to external credential stores, allowing you to authenticate users against a custom credential source.

The IVendorCredentialMapper interface defines the Ensemble interface for objects capable of obtaining an appropriate set of credentials needed for secondary authentication for a particular user in an application. To implement this interface, follow the directions below.
  1. Create a java class that implements thecom.plumtree.runner.credentialmapper.IVendorCredentialMapper interface.
  2. Map the getCredential and setCredential methods of this interface to your credential vault. The simplified example below uses an internal class called VConnector and calls VConnector.getInstance().getCrededentialsForDomain. Note: This step is vendor-specific. It will probably include a network hop, since the credential store will most likely reside on another server. You must give the mapper a unique name, and localized ones if necessary. See the IVendorCredentialMapper API documentation for all required names.
  3. Compile the class into a jar. The build process must link to common.jar, included with the Ensemble distribution.
  4. To load the custom vault into Oracle WebCenter Ensemble, copy the jar file to the Ensemble server and edit the configuration.xml file. Add the following component, and include the path to the custom jar file in the <value> element: 
    <component name="runner:credentialproviders" type="http://www.plumtree.com/config/component/type/credentialproviders">
	<setting name="CredentialVaultClassPath">
		<value xsi:type="xsd:string">c:/jarfolder/jarname.jar</value>
	</setting>
	<clients>
		<client name="runnercontext" />
	</clients>
</component>
    If the Ensemble proxy and adminui run on different servers, the jar file must be copied to both servers, and the configuration.xml file on both servers must be edited.
  5. Restart the Ensemble server (both proxy and adminui if they are on separate servers). The custom credential vault should show up in the list of credential sources on the Credential Mapping page of the Resource editor.
The example below is simplified for illustration purposes. 
package com.oracle.credentialvault;

import com.oracle.connector.CredentialsSet;
import com.oracle.connector.VConnector;
import com.plumtree.runner.credentialmapper.Credential;
import com.plumtree.runner.credentialmapper.IVendorCredentialMapper;

public class OracleCredentialVault implements IVendorCredentialMapper {

    /*
     * Ensemble will pass credential types as following:
     * Runner_*, where * is what the credential value type associated with this login form in the Ensemble adminui.
     * For example, if the credential value type is 'username' then "Runner_username" will be passed to the mapper.
     */
    public Credential getCredential(String initiator, String credType) {
        System.out.println("OracleCredentialVault::getCredential, initiator: " + initiator + ", credType: " + credType);
        
        /*
         * Since this vault stores credentials per user and domain, we need to devise a scheme to
         * map Ensemble's credential type to a domain. One way to do this is to specify the credential 
         * type as something like: "domain_type", which would translate to credTypes like:
         * Runner_domain.com_username and Runner_domain.com_password
         */
        
        String username = initiator.toLowerCase(); // lets assume that the vault stores all usernames in lowercase
        String domain = "oracle.com"; //getDomain(credType); // lets assume that the vault stores all domains in lowercase
        String type = credType; //getType(credType);
        
        CredentialsSet credSet = VConnector.getInstance().getCrededentialsForDomain(username, domain);
        if( credSet != null ) {
            System.out.println("OracleCredentialVault::getCredential, found vault set: " + credSet.toString() + ", returning type = " + type);
            return new Credential(credSet.getCredential(type));
        } else {
            System.out.println("OracleCredentialVault::getCredential, found null vault set");
            return null;
        }
        
    }

    public String getDescription(String userLocale) {
        return "Test mapper that mimics a mapper between Ensemble and a credential vault that associates credentials with a username/domain relationship";
    }

    public String getName() {
        return "OracleCredentialVault";
    }

    public String getName(String userLocale) {
        return "OracleCredentialVault";
    }

    public String getVendorName(String userLocale) {
        return "Oracle";
    }

  
    public boolean setCredential(String initiator, Credential credential, String credType) {
        System.out.println("OracleCredentialVault::setCredential, initiator: " + initiator + ", credType: " + credType + ", Credential: " + credential.getCredentialValue());
              
        String username = initiator.toLowerCase(); // lets assume that the vault stores all usernames in lowercase
        String domain = "oracle.com"; //getDomain(credType); // lets assume that the vault stores all domains in lowercase
        String type = credType; //getType(credType);
        
        System.out.println("OracleCredentialVault::setCredential setting username: " + credential.getCredentialValue());
        CredentialsSet userCredSet = VConnector.getInstance().getCrededentialsForDomain(username, domain);
        userCredSet.setCrededential(type, credential.getCredentialValue());
        VConnector.getInstance().setCrededentialsForDomain(username, domain, userCredSet);
        return true;
        
    }

    public boolean supportsCredentialsEditing() {
        // We can set new credentials using this vault
        return true;
    }

    /*
    private String getDomain(String credType) {
        int dstart = credType.indexOf("_");
        int dend = credType.indexOf("_", dstart+1);
        String domain = credType.substring(dstart+1, dend);
        System.out.println("TestMapper::getDomain, reading domain as: " + domain);
        return domain;
    }
    */
    
    /*
    private String getType(String credType) {
        int dstart = credType.indexOf("_");
        dstart = credType.indexOf("_", dstart+1);
        String type = credType.substring(dstart+1, credType.length());
        System.out.println("TestMapper::getType, reading type as: " + type);
        return type;
    }
    */
    
    /*
    private String doGetPropertyValue(String principal, String property) { 
        return doGetPropertyValue(principal, property, ",", "=");
    }
    */
    
    /*
    private String doGetPropertyValue(String principal, String property, String propDelim, String valueDelim) {
        int propertyindex = principal.toLowerCase().indexOf(property.toLowerCase());
        String uname = null;
        if( propertyindex != -1) {
            // found a property occurence
            int beginIndex = propertyindex;
            int endIndex = principal.toLowerCase().indexOf(propDelim.toLowerCase(), beginIndex);

            String prop = null;
            if(endIndex != -1) {
                prop = principal.subSequence(beginIndex, endIndex).toString().trim();
            } else {
                prop = principal.subSequence(beginIndex, principal.length()).toString().trim();
            }

            if( prop != null ) {
                int valueIndex = prop.toLowerCase().indexOf(valueDelim);
                if(valueIndex != -1) {
                    uname = prop.subSequence(valueIndex + valueDelim.length(), prop.length()).toString().trim();
                }
            }

        }
        return uname;
    }
    */
    
}
For details on configuring resources to use credential mappings, see the Oracle WebCenter Ensemble Administrator Guide and the online help.

  Back to Top      Previous Next