Implementing the Security Provider

Note: Before using the provider ensure a data source has been created to connect to the product database to access the SC_USER table.

Note: Each Plugin Properties must exist on a separate line

The Oracle Utilities Application Framework security provider is provided in the $SPLEBASE/tools/bin/auth subdirectory as ouaf-dbmsauth-<version>.jar. This jar file must be copied to the $DOMAIN_HOME/lib directory. After restarting the Administration server, the following must be configured to use this security provider:

• Login to the Oracle WebLogic Administration console using the appropriate administrator account.

• Navigate to the Security Realms  myrealm  Providers tab from the console.

• Select New to add a new Provider.

• Assign an appropriate name for the provider according to your site standards.

• Use the CustomDBMSAuthenticator for the Provider type.

• Use the Ok button to save the authenticator definition.

• Select the Name you assigned the provider to complete the configuration.

• Select the appropriate Control Flag for your site standards to determine the how the provider fits into the login sequence.

• Select the Provider Specific tab to configure the provider using the following settings:

• Specify the data source created to connect to the database created earlier in the Data Source Name attribute.

• Specify com.oracle.ouaf.fed.OuafDBMSAuthenticator for the Plugin Class Name.

• Specify the userGroup=<usergroupname> where <usergroupname> is the realm group created for the product (set by WEB_APPVIEWER_ROLE_NAME) in the Plugin Properties. By default, this is set to cisusers if parameter not present. For example:

userGroup=cisusers

• Optionally, specify the users you wish to bypass from this Security provider by specifying the excludeUser=<listofusers> where <listofusers> is a list of authentication users delimited by "," to be excluded. For example:

excludeUsers=system,weblogic,OracleSystemUser

• Save the Provider configuration.

• Optionally, use Reorder to set the order of check.

• Optionally, configure the Adjudicator Provider for additional rules.