Configuring External Authentication Authorization

The Mediation Engine Connector supports authenticating users using an external authentication provider, like LDAP, RADIUS, or single sign-on authentication. This authentication must be configured on the reverse proxy (NGINX or Apache) which acts as a gateway for the Mediation Engine Connector. Authorization for the user must be done using Mediation Engine Connector permissions, as described in the section "Configuring User Access".

If external authentication is enabled in the Mediation Engine Connector settings, the X-Forwarded-User HTTP header set by the reverse proxy must contain the authenticated user's login name. Configuration file for Apache, which sets up HTTP basic external authentication, can be found at the location, /opt/oracle/ocsm/etc/httpd/conf.d.