Domain Authentication Group
The default installation of your application includes a default Authentication Group(role-name) defined within the Web Application descriptor (web.xml). This role name is used by the Web Application to link the authorized users within the application to the associated domain physical resources (pages and configuration files) within Oracle WebLogic. The specification of the group in the web descriptor is in the security section.
Note: The security role is used in several sections of the Web Application descriptor.
For example:
By default, this group is set to cisusers, which is configurable for each web component. When the product is deployed to Oracle WebLogic, this group is instantiated ready to be allocated to individual users. Users of the product must be attached to this group to use it.
From a configuration point of view there are several options for this setting:
• The default group may be changed at installation and configuration time using the configuration settings as shown below as outlined in the Server Administration Guide. The group name should have no embedded blanks.
Component | Principal Name | Role Name |
|---|---|---|
Online/Help | WEB_PRINCIPAL_NAME | WEB_ROLE_NAME |
AppViewer | WEB_APPVIEWER_PRINCIPAL_NAME | WEB_APPVIEWER_ROLE_NAME |
• If Oracle WebLogic is configured to use an external security repository the configured administration group must exist in the security repository and the users must be connected to this group.
Note: If the domain administration group is changed after installation time, users will need to be migrated to the new domain administration group either manually, using tools provided with the security repository or through Oracle WebLogic.