Prepare the External Authentication Provider for STA Authentication
Prepare an external authentication provider to authenticate STA users. This procedure provides general guidelines only, as the specific details depend on your site configuration. Perform these steps on the external authentication server.
- Identify or create the LDAP Principal User, which WebLogic Server will use to access the external authentication provider.
- Create the STA Access Group. This group must have the name
StorageTapeAnalyticsUser. - Identify all users needing access to STA and assign them to the STA access group.
- Record site-specific configuration information, which you will use to configure the provider in WebLogic Server. See Define Provider-specific Information for examples of the information to gather.
LDAP Principal User
Each external authentication provider must include a user account that WebLogic Server can use to connect to the external provider. In WebLogic Sever, this user is called the Principal user.
You can either create a new user account or use an existing one. This user must have read and write access to the external provider's authentication directory so WebLogic Server can resolve user and group searches and authentications. This user does not need to be assigned to the STA access group.
STA Access Group
All users requiring access to STA must belong to the STA access group, which has the
name StorageTapeAnalyticsUser. All providers performing authentication for
STA must include this group.
For the DefaultAuthenticator, this group is created during STA installation, and all users added through the STA installer, WebLogic Administration console, and STA user interface are assigned to this group automatically.
For external authentication providers, you must create this group in the provider and assign the appropriate users to it.