To Allow Access Manager Users to Access the Manager Web Application
Using the Apache Tomcat Servlet/JSP Container instance, add the appropriate users and roles to the Manager web application's web.xml file as described in this task. The method for adding users to the web.xml file is not the same for Access Manager 7 and Access Manager 6.3. The differences relate to how user and role information is retrieved. Access Manager 7 takes advantage of a universal ID (UUID) system of identification while Access Manager 6.3 uses the distinguished name (DN) of users. Universal ID retrieval is achieved with the agentadmin program. For more information about the specific agentadmin commands to use, see agentadmin --getUuid.
-
Change to the following directory:
$CATALINA_HOME/server/webapps/manager/WEB-INF
-
Open the web.xml file.
-
Retrieve user and role information for the Manager role using the appropriate method according to the version of Access Manager you are configuring as follows:
- Access Manager 7
-
Use Universal ID for identification information.
- Access Manager 6.3 Patch 1 or Greater
-
Use DN for identification information.
-
Delete the Manager security role.
This role is defined in the <role-name> element under the <security-role> element.
-
Create a new Manager security role using the user and role information created previously in Access Manager as described in To Create and Assign Access Manager Roles.
The following examples demonstrate how to create a new Manager security role for Access Manager 7 and Access Manager 6.3 Patch 1 or greater.
-
Security Role Element for Access Manager 7
For this example, the following values apply to the universal ID for the Manager role in Access Manager 7, where realmName is a representation of organization name:
- userName
-
id=manager
- IdType
-
ou=role
- realmName
-
dc=subexample,dc=example,dc=com
The preceding values are used in the following example of a universal ID for the Manager role in Access Manager 7:
id=manager,ou=role,dc=subexample,dc=example,dc=com
The following is an example of a security role element, given the preceding universal ID information for the Manager role in Access Manager 7:
<security-role> <role-name>id=manager,ou=role,dc=subexample,dc=example,dc=com</role-name> </security-role>
-
Security Role Element for Access Manager 6.3 Patch 1 or Greater
The following is an example of a role DN for the Manager role in Access Manager 6.3 where the organization is represented by dc=subexample,dc=example,dc=com:
cn=manager,ou=groups,dc=subexample,dc=example,dc=com
The following is an example of a security role element, given the preceding DN information for the Manager role in Access Manager 6.3:
<security-role> <role-name>cn=manager,ou=groups,dc=subexample,dc= example,dc=com</role-name></security-role>
-
-
Replace the Manager role defined in the <role-name> element under the <auth-constraint> element.
This Manager role should be replaced with the contents of the <role-name> element as described in the previous step and demonstrated as follows:
-
Manager Role for Access Manager 7
After the Manager role definition has been replaced, the <auth-constraint> element for the Manager role in Access Manager 7 for the dc=subexample,dc=example,dc=com realm would appear as such:
<auth-constraint> <role-name>id=manager,ou=role,dc=subexample,dc=example,dc=com</role-name> </auth-constraint>
-
Manager Role for Access Manager 6.3 Patch 1 or Greater
After the Manager role definition has been replaced, the <auth-constraint> element for the Manager role in Access Manager 6.3 for the dc=subexample,dc=example,dc=com organization would appear as such:
<auth-constraint> <role-name>cn=manager,ou=groups,dc=subexample,dc=example,dc=com</role-name> </auth-constraint>
-
- © 2010, Oracle Corporation and/or its affiliates