View Security Provider Properties
The Security Providers tool in the WebLogic Administration Portal shows the providers you have configured to supply authentication (Who are you?) and authorization (What can you see?) for your portal applications (as described in the Overview of Portal Security).
The authentication providers and role mappers you connect to WebLogic Server are configured in specific ways. For example, the WebLogic Server LDAP authentication provider may be configured to let you add and remove users, and an RDBMS provider may be configured to provide only read access to users and groups from the WebLogic Administration Portal. These access rights are displayed for each provider in the WebLogic Administration Portal's Security Provider page.
The following tables describe the properties displayed for your authentication providers and role mappers.
Authentication Provider Properties
Authentication providers contain users (with passwords) and groups. Those users and groups can be viewed and managed directly in those providers, but the providers are configured with rules for how tools such as the WebLogic Administration Portal interact with them.
The Security Providers tool lets you view the level of access each configured provider gives to the WebLogic Administration Portal. The access properties are described in the following table.
| Display Name, Description, and Version | The name is entered in the WebLogic Server Administration Console when you create a connection to an authentication provider. WebLogic Server's default LDAP provider, created automatically when you create a new portal domain with the Configuration Wizard, is called DefaultAuthenticator. If you set up a new WebLogic Server default authenticator, you can give it any name. Description is hard-coded by WebLogic Server. The description tells you what kind of authenticator the provider is. |
| Group Editor | Shows whether or not you can manage groups with the WebLogic Administration Portal: add groups, move groups, and add users to groups. |
| Group Member Lister | Shows whether or not you can use the WebLogic Administration Portal to search within a group for users or subgroups that match a given name pattern. |
| Group Reader Lister | Shows whether or not you can view groups with the WebLogic Administration Portal. |
| Group Remover | Shows whether or not you can remove groups with the WebLogic Administration Portal. |
| Member Group Lister | Shows whether or not you can view groups in the WebLogic Administration Portal that directly contain a user or a group. |
| User Editor | Shows whether or not you can modify group membership for users with the WebLogic Administration Portal. |
| User Lockout Manager | User lockout settings include how many unsuccessful login attempts a user can make before being prevented from future login attempts. Modify user lockout settings in the WebLogic Server Administration Console by selecting Security --> Realms --> <realm_name> and selecting the User Lockout tab. |
| User Password Editor | Shows whether or not you can modify user passwords with the WebLogic Administration Portal. |
| User Reader | Shows whether or not you can view users with the WebLogic Administration Portal. |
| User Remover | Shows whether or not you can remove users with the WebLogic Administration Portal. |
To provide write access to external users and groups from the WebLogic Administration Portal, the authentication provider must be configured to allow write access. This is a development task. For more information, see Developing Security Providers for WebLogic Server.
If an authentication provider does not even provide read access to users and groups with the WebLogic Administration Portal, you can still use text entry fields to type in the names of existing users and groups for selection. For example, if you want to change the WebLogic Portal user profile property values for a user stored in a provider that doesn't support read access, you can type the name of the user in the Users & Groups tools to select the user for property modifications.
If you want to add an authentication provider to the WebLogic Administration Portal, see Using Multiple Authentication Providers with WebLogic Portal.
Role Mapper Properties
Role mappers provide authorization for portal applications by mapping specific users to specific portal resources. Authorization roles can be viewed and managed directly in those providers, but the providers are configured with rules for how tools such as the WebLogic Administration Portal interact with them.
The Security Providers tool lets you view the level of access each configured provider gives to the WebLogic Administration Portal. The access properties are described in the following table.
For information on developing a role mapper and connecting it to WebLogic Server, see the WebLogic Server documentation on "Role Mapping Providers" in Developing Security Providers for WebLogic Server at http://download.oracle.com/docs/cd/E13222_01/wls/docs81/dvspisec/rm.html.
Note: WebLogic Portal provides its own role mapper. In most circumstances it should be the only role mapper you need.
| Display Name, Description, and Version | The name is entered in the WebLogic Server Administration Console when you create a connection to a role mapper. WebLogic Portal's default role mapper, created automatically when you create a new portal domain with the Configuration Wizard, is called DefaultRoleMapper. Description is hard-coded by WebLogic Server. The description tells you what kind of mapper the provider is. |
| Role Editor | Shows whether or not you can modify role definitions in the role mapper with the WebLogic Administration Portal. |
| Role Reader | Shows whether or not you can read roles in the role mapper with the WebLogic Administration Portal. |
Related Help Topics: