1. Security Guide
  2. Configuring Digest Authentication
  3. Sample Digest Authentication Configuration Using Embedded LDAP

Sample Digest Authentication Configuration Using Embedded LDAP

You can use Converged Application Server's embedded LDAP implementation for Digest authentication in a test or demo environment. Because you cannot change the schema of the embedded LDAP store, you must store password information in the existing "description" field.

To use the embedded LDAP store for Digest authentication, follow the instructions in the sections that follow.

Store User Password Information in the Description Field

To create new users with password information in the existing description field:

  1. Log in to the Administration Console for the Converged Application Server domain you want to configure.

  2. In the left pane of the Console, select the Security Realms node.

  3. Select the name of your security realm in the Realms table in the right pane of the Console.

  4. Select the Users and Groups tab, then select the Users subtab.

  5. Click New.

  6. Enter a name for the new user in the Name field.

  7. Enter the Digest password information for the user in the Description field. The password information can be either the clear-text password, a pre-calculated hash value, or a reverse-encrypted password.

  8. Enter an 8-character password in the Password and Confirm Password fields. You cannot proceed without adding a standard password entry.

  9. Click OK.

Set the Embedded LDAP Password

Follow these instructions to set the password for the embedded LDAP store to a known password. You will use this password when configuring the Digest Identity Asserter provider as described in "Configure an LDAP Digest Identity Asserter Provider":

  1. Log in to the Administration Console for the Converged Application Server domain you want to configure.

  2. In the left pane, click the name of the domain you are configuring.

  3. Select the Security tab in the right pane, then select the Embedded LDAP subtab.

  4. Enter the password you would like to use in the Credential and Confirm Credential fields.

  5. Click Save.

  6. Reboot the server.

Configure the Digest Identity Asserter Provider

Example 3-1 shows the security provider configuration in config.xml for a domain that uses LDAP implementation embedded in Converged Application Server. Note that such a configuration is recommended only for testing or development purposes. Example 3-1 highlights values that you must define when configuring the provider using the instructions in "Configure an LDAP Digest Identity Asserter Provider".

Example 3-1 Sample Security Provider Configuration with Embedded LDAP

<sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:ldap-digest-identity-asserterType">
        <sec:name>myrealmLdapDigestIdentityAsserter</sec:name>
        <ext:user-base-dn>ou=people, ou=myrealm, dc=mydomain</ext:user-base-dn>
        <ext:credential-attribute-name>description</ext:credential-attribute-name>
        <ext:digest-realm-name>wlss.oracle.com</ext:digest-realm-name>
        <ext:host>server.example.com</ext:host>
        <ext:port>7001</ext:port>
        <ext:principal>cn=Admin</ext:principal>
      </sec:authentication-provider>