Managing Authentication

Authentication is the process of verifying identity by confirming the user is who he claims to be. Oracle WebLogic Server embedded directory server is the authentication provider for the default security configuration.

Users, groups, and passwords are managed using Oracle WebLogic Server Administration Console. It is fine to use the default authentication provider for a development or test environment. In a production environment, best practice is to use a full featured authentication provider.

Note:

Refer to the system requirements and certification documentation for information about hardware and software requirements, platforms, databases, and other information. These documents are available on Oracle Technology Network (OTN).

During installation an Oracle WebLogic Server domain is created. BI Publisher is installed into that domain and uses the Oracle WebLogic Server security realm. The security realm can have multiple authentication providers configured but only one provider can be active at a time. The order of providers in the list determines priority. The effect of having multiple authentication providers defined in a security realm is not cumulative; rather, the first provider in list is the source for all user and password data needed during authentication. This enables you to switch between authentication providers as needed. For example, if you have separate LDAP servers for your development and production environments, you can change which directory server is used for authentication by re-ordering them in the Administration Console. For information about how to configure a different authentication provider, see Configuring a New Authentication Provider.

Detailed information about managing an authentication provider in Oracle WebLogic Server is available in its online help. For more information, log in to Oracle WebLogic Server Administration Console and launch Oracle WebLogic Server Administration Console Online Help.

Accessing Oracle WebLogic Server Administration Console

Oracle WebLogic Server is automatically installed and serves as the default administration server.

The Administration Console is browser-based and is used to manage the embedded directory server that is configured as the default authenticator. It is launched by entering its URL into a web browser. The default URL takes the following form: http://hostname:port_number/console. The port number is the number of the administration server. By default, the port number is 7001.

To launch the Oracle WebLogic Server Administration Console:

1. Log in to Oracle WebLogic Server by entering its URL into a Web browser.

   For example, http://hostname:7001/console. The Administration Console login page displays, as shown the figure below.

   
   

   
   Description of the illustration GUID-090B2D6F-248D-425C-A798-088C2BC2D70B-default.gif

   
   
2. Log in using the BI Publisher administrative user and password and click Login.

   The password is the one you supplied during the installation of BI Publisher. If these values have been changed, then use the current administrative user name and password combination.

   The Administration Console displays, as shown the figure below.

   
   

   
   Description of the illustration GUID-D3EC421D-7D8C-4F6F-84BD-712F9E91074A-default.gif

   
   

Managing Users and Groups Using the Default Authentication Provider

Managing a group is more efficient than managing a large number of users individually. Best practice is to first organize all BI Publisher users into groups that have similar system access requirements.

These groups can then be mapped to application roles that provide the correct level of access. If system access requires change, then you need only modify the permissions granted by the application roles, or create a new application role with appropriate permissions. Once your groups are established, continue to add or remove users directly in the identity store using its administration interface as you normally would.

To create a user in the default directory server:

1. If needed, launch Oracle WebLogic Server Administration Console.

   See Accessing Oracle WebLogic Server Administration Console.

2. Log in as an administrative user.

3. In the Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.

4. Select Users and Groups tab (shown below), then Users. Click New.

   
   

   
   Description of the illustration GUID-8BF51D6D-7335-4EF2-B07D-C5F7B6C5CC0C-default.gif

   
   

5. In the Create a New User page (shown below) provide the following information:

   • Name: Enter the name of the user. See online help for a list of invalid characters.

   • (Optional) Description: Enter a description.

   • Provider: Select the authentication provider from the list that corresponds to where the user information is contained. DefaultAuthenticator is the name for the default authentication provider.

   • Password: Enter a password for the user that is at least 8 characters long.

   • Confirm Password: Re-enter the user password.

   
   

   
   Description of the illustration GUID-DFF775FD-E310-48D2-B341-C50AFAE22A2A-default.gif

   
   

6. Click OK.

   The user name is added to the User table.

To create a group in the default directory server:

1. If needed, launch Oracle WebLogic Server Administration Console.

   See Accessing Oracle WebLogic Server Administration Console.

2. Log in as an administrative user.

3. In the Administration Console, select Security Realm from the left pane and click the realm you are configuring. For example, myrealm.

4. Select Users and Groups tab, then Groups. Click New.

5. In the Create a New Group page provide the following information:

   • Name: Enter the name of the Group. Group names are case insensitive but must be unique. See the online help for a list of invalid characters.

   • (Optional) Description: Enter a description.

   • Provider: Select the authentication provider from the list that corresponds to where the group information is contained. DefaultAuthenticator is the name for the default authentication provider.

6. Click OK.

   The group name is added to the Group table.

To add a user to a group in the default directory server:

1. If needed, launch Oracle WebLogic Server Administration Console.

   See Accessing Oracle WebLogic Server Administration Console.

2. Log in as an administrative user.

3. In the Administration Console, select Security Realm from the left pane and click the realm you are configuring. For example, myrealm.

4. Select Users and Groups tab, then Users, as shown in the figure below. Select the user from Name.

   
   

   
   Description of the illustration GUID-2BEAFC79-11DF-4510-BAA0-C6FEA6579A76-default.gif

   
   

5. From the Settings page, select the Groups tab to display the list of available groups.

6. Select one or more groups from the Available list and use the shuttle controls to move them to the Chosen list, as shown below.

   
   

   
   Description of the illustration GUID-1DAF0DF2-87A1-489D-B99F-7793D198435C-default.gif

   
   

7. Click Save.

   The user is added to the group.

To change a user password in the default directory server:

1. If needed, launch Oracle WebLogic Server Administration Console.

   See Accessing Oracle WebLogic Server Administration Console.

2. Log in as an administrative user.
3. In the Administration Console, select Security Realms from the left pane and click the realm you are configuring. For example, myrealm.
4. Select Users and Groups tab, then Users.
5. In the Users table select the user you want to change the password for.

   The settings page for the user displays, as shown below.

   
   

   
   Description of the illustration GUID-59021C96-4025-4C02-9FE5-48588E481546-default.gif

   
   
6. Select the Passwords tab and enter the password in the New Password and Confirm Password fields.
7. Click Save.