Home / Middleware / Oracle Fusion Middleware Online Documentation Library, 11g Release 1 (11.1.1.8) / Portal, Forms, Reports, and Discoverer
Fusion Middleware Publishing Reports to the Web with Oracle Reports Services
ContentsOpens a new window
Opens a new window
Page 131 of 242

15.5 End-to-End Security Scenarios

This section describes end-to-end security scenarios that involve both authentication and authorization.

The following table describes JPS-based security scenarios.

Table 15-7 JPS-Based Security Scenarios

Security Scenario Description

JPS-OID Authorization with Single-Sign-On Authentication for Reports Servlet

  

This scenario involves the following:

  • Single Sign-On for authentication

  • JPS-OID for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-OnOpens a new window.

  2. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  3. Ensure that all users that are present in the Oracle Internet Directory used by Single Sign-On are in the ID store used by JPS. Alternatively, configure JPS to point to the ID store used by Single Sign-On.

  4. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  5. Configure JPS Oracle Internet Directory as a policy store. For more information, see Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based SecurityOpens a new window.

  6. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports"Opens a new window to use Oracle Enterprise Manager to update the report security policies defined in Oracle Internet Directory.

  7. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application RolesOpens a new window.

JPS-OID Authorization with JPS-OID as ID Store for Other Reports Clients

  

This scenario involves the following:

  • JPS-OID for authentication

  • JPS-OID for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  2. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  3. Configure JPS-OID as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store When Using JPS-Based SecurityOpens a new window.

  4. Configure JPS-OID as a policy store. For more information, see Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based SecurityOpens a new window.

  5. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports"Opens a new window to use Oracle Enterprise Manager to update the report security policies defined in Oracle Internet Directory.

  6. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application RolesOpens a new window.

JAZN-XML Authorization with Single Sign-On Authentication for Reports Servlet

  

This scenario involves the following:

  • Single Sign-On for authentication

  • JAZN-XML for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-OnOpens a new window.

  2. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  3. Ensure that all users that are present in the Oracle Internet Directory used by Single Sign-On are in the ID store used by JPS. Alternatively, configure JPS to point to the ID store used by Single Sign-On.

  4. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  5. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports"Opens a new window.

  6. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application RolesOpens a new window.

  7. If the system-jazn-data.xml file is used as the policy store, search for the "reports" application in the system-jazn-data.xml file. To use JPS to authorize users in Oracle Internet Directory, add the corresponding users in the member section of the system-jazn-data.xml file. For more information, see Section 15.4.2, "Additional Step When Using JPS for Authorization"Opens a new window.

JAZN-XML Authorization with JPS-OID Authentication for Other Reports Clients

  

This scenario involves the following:

  • JPS-OID for authentication

  • JAZN-XML for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable JPS-based security. On the Reports Server Advanced Configuration page in Enterprise Manager, select the Enable Security check box, and then select the Oracle Platform Security for Java option.

  2. Add the following property in the jps-config-jse.xml file:

    <property name="oracle.security.jps.enterprise.user.class" value="weblogic.security.principal.WLSUserImpl"/>

  3. Configure JPS-OID as an ID store. For more information, see Configuring External Oracle Internet Directory as ID Store When Using JPS-Based SecurityOpens a new window.

  4. Create security policies. Refer to Section 7.8.2, "Defining Security Policies for Reports"Opens a new window to update the report security policies defined in Oracle Internet Directory.

  5. Map users to application roles. For more information about mapping users to application roles, see Mapping Users to Application RolesOpens a new window.

  6. If the system-jazn-data.xml file is used as the policy store, search for the "reports" application in the system-jazn-data.xml file. To use JPS to authorize users in Oracle Internet Directory, add the corresponding users in the member section of the system-jazn-data.xml. For more information, see Section 15.4.2, "Additional Step When Using JPS for Authorization"Opens a new window.

The following table describes Portal-based security scenarios.

Table 15-8 Portal-Based Security Scenarios

Security Scenario Description

Portal-Based Authorization with Single-Sign-On Authentication for Reports Servlet

  

This scenario involves the following:

  • Single Sign-On for authentication

  • Portal-based authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Enable Single Sign-On. For more information, see Enabling and Disabling Single Sign-OnOpens a new window.

  2. Ensure that Portal-based security is enabled. If you have enabled JPS-based security, switch to Portal-based security. In the Advanced Configuration Page in Enterprise Manager, select the Enable Security check box and then the Security features available through Oracle Portal option under the Reports Security section.

  3. Create security policies in Oracle Portal. For more information about creating security policies in Oracle Portal, see the Securing Oracle Portal chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal.

  4. Map users to application roles. For more information about mapping users to application roles, see Section 16.1, "Creating Reports Users and Named Groups"Opens a new window

Portal-Based Authorization with Oracle Internet Directory as ID Store for Other Reports Clients

  

This scenario involves the following:

  • Oracle Internet Directory for authentication

  • Portal-based for authorization (policies)

To use this combination of authentication and authorization, complete the following steps:

  1. Configure Oracle Internet Directory as an ID store. For more information, see Configuring External Oracle Internet Directory as ID StoreOpens a new window.

  2. Ensure that Portal-based security is enabled. If you have enabled JPS-based security, switch to Portal-based security. In the Advanced Configuration Page in Enterprise Manager, select the Enable Security check box and then the Security features available through Oracle Portal option under the Reports Security section.

  3. Create security policies in Oracle Portal. For more information about creating security policies in Oracle Portal, see the Securing Oracle Portal chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal.

  4. Map users to application roles. For more information about mapping users to application roles, see Section 16.1, "Creating Reports Users and Named Groups"Opens a new window