Previous
3.2.2 Configuring Authentication Providers
The application uses a WebLogic Authentication Provider to connect to a user store for authenticating users. Examples of configurable user identity stores are Oracle Internet Directory (OID) or to a third party LDAP server. This section describes the configuration of an OID or third party LDAP Authentication Provider.
Alternatively, for creating a new WebLogic domain for OHI Components use the WLST scripts for setting up the Authentication Provider.
- Login to the WebLogic admin console and click the Security Realms link.
- Click the myrealm link.
- Click the Providers tab.
- Click the New button in order to create a New Authentication Provider
In WebLogic Production-mode use the Lock & Edit button before clicking on the New button.
- Change Name and Type to OHIAuthenticationProvider and OracleInternetDirectoryAuthenticator (or to LDAPAuthenticator in case a third party LDAP server is used) respectively in Create a new Authentication Provider page and click the OK button.
- Click the OHIAuthenticationProvider link.
- Change the Control Flag to SUFFICIENT and click the Save button.
- Click the Provider Specific tab.
- Enter/change the values for various fields as shown below and select the option Propagate Cause For Login Exception.
|
Field |
Value |
|---|---|
|
Host |
LDAP hostname or IP address |
|
Port |
LDAP Port or SSL Port if the LDAP is SSL enabled. E.g.: 3060. In case LDAPS is used, make sure to check the SSLEnabled flag as well. |
|
Principal |
LDAP admin principal: E.g.: cn=orcladmin |
|
Credential |
LDAP admin password |
|
Confirm Credential |
LDAP admin password |
|
User Base DN |
User Base distinguished name. E.g.: ou=Users,dc=healthinsurance,dc=oracle,dc=com |
|
All Users Filter |
E.g.: (&(uid=*)(objectclass=person)) |
|
User From Name Filter |
E.g.: (&(uid=%u)(objectclass=person)) |
|
User Name Attribute |
E.g.: uid |
|
Group Base DN |
If there are no groups in the LDAP, leave this field empty. |
There are a few more properties (or fields in the page) which are not mentioned in the table above. Change the values of those fields to suit your LDAP settings.
- Click the Save button.
- Click the myrealm link and then DefaultAuthenticator link. Change the Control Flag to SUFFICIENT and click the Save button.
- Restart the WebLogic Server.
Optionally, verify that the authentication provider is configured successfully (after the WebLogic Server is restarted) by following the steps mentioned below:
Step 1: Login to WLS Admin Console and click on Security Realms
Step 2: Click on myrealm
Step 3: Click on Users and Groups tab
Step 4: You should be able to see the list of users from OHIAuthenticationProvider (in addition to the default users from DefaultAuthenticator).