Reconfigure Microsoft Active Directory as the Authentication Provider

Follow this procedure to reconfigure your Oracle Analytics Server installation to use Microsoft Active Directory.

You can configure identity store virtualization so the identity store service can use multiple identity stores. You can split the user profile information across different authentication providers (identity stores). See Configure Identity Store Virtualization Using Fusion Middleware Control.

The example data in this section uses a fictional company called XYZ Corporation that wants to set up SSO for Oracle Analytics Server for their internal users.

This example uses the following information:

  • Active Directory domain

    The XYZ Corporation has an Active Directory domain, called xyzcorp.com, which authenticates all the internal users. When users log in to the corporate network, the log in to the Active Directory domain. The domain controller is addc.xyzcorp.com, which controls the Active Directory domain.

  • Oracle Analytics Server WebLogic domain

    The XYZ Corporation has a WebLogic domain called bi, default name, installed on a network server domain called bieesvr1.xyz2.com.

  • System Administrator and Test user

    The following system administrator and domain user test the configuration:

    • System Administrator user

      Jo Smith (login=jsmith, hostname=xyz1.xyzcorp.com)

    • Domain user

      Bob Jones (login=bjones hostname=xyz47.xyzcorp.com)

  1. Log in to Oracle WebLogic Server Administration Console, and click Lock & Edit in the Change Center.
  2. Select Security Realms from the left pane and click myrealm.

    myrealm is the default Security Realm.

  3. Display the Providers tab, then display the Authentication sub-tab.
  4. Click New to launch the Create a New Authentication Provider page.
  5. Enter values in the Create a New Authentication Provider page as follows:

    • Name: Enter a name for the authentication provider. For example, ADAuthenticator.

      Type: Select ActiveDirectoryAuthenticator from the list.

    • Click OK to save the changes and display the authentication providers list updated with the new authentication provider.

  6. Click DefaultAuthenticator in the Name column to display the Settings page.
  7. In the Common Authentication Provider Settings page, change the Control Flag from REQUIRED to SUFFICIENT and click Save.
  8. In the authentication providers table, click ADDirectory in the Name column to display the Settings page.
  9. Display the Configuration\Common tab, and use the Control Flag list to select 'SUFFICIENT', then click Save.
  10. Display the Provider Specific tab to access the options which apply specifically to connecting to an Active Directory LDAP authentication store.
  11. Use the Provider Specific tab to specify the provider specific details.
  12. Optional: If the User Name attribute, or the Group Name attribute is configured to a value other than cn in Microsoft Active Directory, you must change corresponding values in Oracle WebLogic Server Administration Console.

    Note:

    The LDAP authenticators provided by WebLogic including OracleInternetDirectoryAuthenticator and ActiveDirectoryAuthenticator, use cn as the default user name and group name attributes. You can use alternative attributes for the user name, for example uid or mail.

  13. Click Save.
  14. In Settings for myrealm page, click the Providers tab, then click the Authentication tab.
  15. Click Reorder.
  16. In the Reorder Authentication Providers page, select ADDirectory and use the arrow buttons to move it into the first position in the list, then click OK.
  17. In the Change Center, click Activate Changes.
  18. Restart Oracle WebLogic Server.