Implementing the Security Provider
Note: Before using the provider ensure a data source has been created to connect to the product database to access the SC_USER table.
Note: Each Plugin Properties must exist on a separate line
The Oracle Utilities Application Framework security provider is provided in the $SPLEBASE/tools/bin/auth subdirectory as ouaf-dbmsauth-<version>.jar. This jar file must be copied to the $DOMAIN_HOME/lib directory. After restarting the Administration server, the following must be configured to use this security provider:
• Login to the Oracle WebLogic Administration console using the appropriate administrator account.
• Navigate to the Security Realms myrealm Providers tab from the console.
• Select New to add a new Provider.
• Assign an appropriate name for the provider according to your site standards.
• Use the CustomDBMSAuthenticator for the Provider type.
• Use the Ok button to save the authenticator definition.
• Select the Name you assigned the provider to complete the configuration.
• Select the appropriate Control Flag for your site standards to determine the how the provider fits into the login sequence.
• Select the Provider Specific tab to configure the provider using the following settings:
• Specify the data source created to connect to the database created earlier in the Data Source Name attribute.
• Specify com.oracle.ouaf.fed.OuafDBMSAuthenticator for the Plugin Class Name.
• Specify the userGroup=<usergroupname> where <usergroupname> is the realm group created for the product (set by WEB_APPVIEWER_ROLE_NAME) in the Plugin Properties. By default, this is set to cisusers if parameter not present. For example:
userGroup=cisusers
• Optionally, specify the users you wish to bypass from this Security provider by specifying the excludeUser=<listofusers> where <listofusers> is a list of authentication users delimited by "," to be excluded. For example:
excludeUsers=system,weblogic,OracleSystemUser
• Save the Provider configuration.
• Optionally, use Reorder to set the order of check.
• Optionally, configure the Adjudicator Provider for additional rules.