| |
Authentication Providers
An Authentication provider allows WebLogic Server to establish trust by validating a user. You must have one Authentication provider in a security realm, and you can configure multiple Authentication providers in a security realm. Different types of Authentication providers are designed to access different data stores, such as LDAP servers or DBMS.
Identity assertion involves establishing a client's identity using client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username by which a user can be validated. You can configure multiple Identity Assertion providers in a security realm, but none are required.
Note: The order in which the Authentication and Identity Assertion providers are configured can affect the outcome of the authentication process.
When one or more Authentication providers are configured, this Authentication Providers page displays key information about each of them. Click the appropriate link to configure a WebLogic Authentication provider, a WebLogic Identity Assertion provider, a LDAP Authentication provider, or an RDBMS Authentication provider. If custom Authentication or Identity Assertion providers are available, you may be able to click the appropriate links to configure them instead.
Oracle recommends that you also configure the Password Validation provider, which works with several out-of-the-box authentication providers to manage and enforce password composition rules. Whenever a password is created or updated in the security realm, the corresponding authentication provider automatically invokes the Password Validation provider to ensure that the password meets the composition requirements that are established.
|