Configure a New Authenticator for Oracle WebLogic Server

After installing Publisher, the Oracle WebLogic Server embedded LDAP server is the default authentication source (identity store). To use a new identity store (for example, OID), as the main authentication source, you must configure the Oracle WebLogic Server domain (where Publisher is installed).

For more information about configuring authentication providers in Oracle WebLogic Server, see Administering Security for Oracle WebLogic Server.

To configure a new authenticator in Oracle WebLogic Server:
  1. Log in to Oracle WebLogic Server Administration Console and click Lock & Edit in the Change Center.
  2. Select Security Realms from the left pane and click myrealm.
    The default Security Realm is named myrealm.
  3. Display the Providers tab, then display the Authentication sub-tab.
  4. Click New to launch the Create a New Authentication Provider page.

    Complete the fields as follows:

    • Name: OID Provider, or a name of your choosing.

    • Type: OracleInternetDirectoryAuthenticator

    • Click OK to save the changes and display the authentication providers list updated with the new authentication provider.

  5. Click the newly added authenticator in the authentication providers table.
  6. Navigate to Settings, select the Configuration\Commontab, then select SUFFICIENT from the Control Flag list, and click Save.
  7. Display the Provider Specific tab and specify the following connection, users, groups, and general settings using appropriate values for your environment:
    • Host - The LDAP host name. For example, <localhost>.
    • Port - The LDAP host listening port number. For example, 6050.
    • Principal - The distinguished name (DN) of the user that connects to the LDAP server. For example, cn=orcladmin.
    • Credential - The password for the LDAP administrative user entered as the Principal.
    • User Base DN - The base distinguished name (DN) of the LDAP server tree that contains users. For example, use the same value as in Oracle Access Manager.
    • All Users Filter - The LDAP search filter. For example, (&(uid=*) (objectclass=person)). The asterisk (*) filters for all users. Click More Info... for details.
    • User From Name Filter - The LDAP search filter. Click More Info... for details.
    • User Name Attribute - The attribute that you want to use to authenticate (for example, cn, uid, or mail). Set as the default attribute for user name in the directory server. For example, uid. Note: The value that you specify here must match the User Name Attribute that you're using in the authentication provider.
    • Group Base DN - The base distinguished name (DN) of the LDAP server tree that contains groups (same as User Base DN).
    • GUID attribute - The attribute used to define object GUIDs in LDAP. orclguid
  8. Click Save.
  9. Perform the following steps to set up the default authenticator for use with the Identity Asserter:
    1. At the main Settings for myrealm page, display the Providers tab, then display the Authentication sub-tab, and then select DefaultAuthenticator to display its configuration page.
    2. Display the Configuration\Common tab and select 'SUFFICIENT' from the Control Flag list.
    3. Click Save.
  10. Perform the following steps to reorder Providers:
    1. In the Providers tab, click Reorder to display the Reorder Authentication Providers page.
    2. Select a provider name and use the arrow buttons to order the list of providers as follows:

      • OID Authenticator (SUFFICIENT)

      • OAM Identity Asserter (REQUIRED)

      • Default Authenticator (SUFFICIENT)

    3. Click OK to save your changes.
  11. In the Change Center, click Activate Changes.
  12. Restart Oracle WebLogic Server.