This chapter explains how to configure the WebLogic Authentication provider, also known as the DefaultAuthenticator, in WebLogic Server 12.1.3.
This chapter includes the following sections:
The WebLogic Authentication provider (also called the DefaultAuthenticator) uses WebLogic Server's embedded LDAP server to store user and group membership information and, optionally, a set of user attributes such as phone number, email address, and so on. This provider allows you to create, modify, list, and manage users and group membership in the WebLogic Server Administration Console. By default, most configuration options for the WebLogic Authentication provider are already defined. You should need to configure a WebLogic Authentication provider only when creating a new security realm. However, note the following:
The WebLogic Authentication provider is configured in the default security realm with the name DefaultAuthenticator.
User and group names in the WebLogic Authentication provider are case insensitive. For information about creating and managing users and groups in the WebLogic Server Administration Console, see "Manage users and groups" in the Oracle WebLogic Server Administration Console Online Help.
Ensure that all user names are unique.
Specify the minimum length of passwords defined for users that are stored in the embedded LDAP server, which you can by means of the Minimum Password Length option that is available on the Configuration > Provider Specific page for the WebLogic Authentication provider.
Users in the WebLogic Authentication provider can be modified to include a set of attributes. See Setting User Attributes.
If you are using multiple Authentication providers, set the JAAS Control Flag to determine how the WebLogic Authentication provider is used in the authentication process. See Using More Than One Authentication Provider.
After you have defined a user in the WebLogic Authentication provider, you can set or modify for that user one more of the attributes listed in Table 13-1. These attributes conform to the user schema for representing individuals in the inetOrgPerson LDAP object class, described in RFC 2798.
Table 13-1 Attributes that Can Be Set for a User
| Attribute | Description |
|---|---|
c |
Two-letter ISO 3166 country code |
departmentnumber |
Code for department to which the user belongs |
displayname |
Preferred name of the user |
employeenumber |
Numeric or alphanumeric identifier assigned to the user |
employeetype |
Type of employment, which represents the employer to employee relationship |
facsimiletelephonenumber |
Facsimile (fax) telephone number |
givenname |
First name; that is, not surname (last name) or middle name |
homephone |
Home telephone number |
homepostaladdress |
Home postal address |
l |
Name of a locality, such as a city, county or other geographic region |
|
|
Electronic address of user (email) |
mobile |
Mobile telephone number |
pager |
Pager telephone number |
postaladdress |
Postal address at location of employment |
postofficebox |
Post office box |
preferredlanguage |
User's preferred written or spoken language |
st |
Full name of state or province |
street |
Physical location of user |
telephonenumber |
User's telephone number in organization |
title |
Title representing user's job function |
When you set a value for an attribute, the attribute is added for the user. Likewise, if you subsequently delete the value of an attribute, the attribute is removed for the user. The set of available attributes is limited to the preceding list, however. The attribute names cannot be customized.
These attributes can be managed for a user by operations on the UserAttributeEditorMBean, or viewed via operations on the UserAttributeReaderMBean.
For more information about setting, modifying, or viewing the attributes for a user created in the WebLogic Authentication provider, see "Manage values for user attributes" in Oracle WebLogic Server Administration Console Online Help.