This is a short post explaining how to do AD (Active directory) setup in SOA 11g weblogic admin console. AD helps to authenticate users trying to access BPM Worklist or BPM Workspace.
In Weblogic Admin console go to Home >Security Realms >myrealm >Providers
Once done Click on New and provide Name (say ADProvider) and Type as ActiveDirectoryAuthenticator
You can Reorder the Authentication Providers and make sure ADProvider is the topmost one.
Provide the AD specific configuration details on below screen. You may get these details/credentials from your LDAP administrator.
Once all changes are done, save and Activate changes. Then restart the servers and test the LDAP authentication by logging into BPM Workspace or Worklist and ensure that only authenticated users are allowed to login.
In Weblogic Admin console go to Home >Security Realms >myrealm >Providers
Once done Click on New and provide Name (say ADProvider) and Type as ActiveDirectoryAuthenticator
You can Reorder the Authentication Providers and make sure ADProvider is the topmost one.
Provide the AD specific configuration details on below screen. You may get these details/credentials from your LDAP administrator.
Once all changes are done, save and Activate changes. Then restart the servers and test the LDAP authentication by logging into BPM Workspace or Worklist and ensure that only authenticated users are allowed to login.
Hi Subhankar,
ReplyDeleteThank you very much for the knowledge sharing.
I have a quick question, When LDAP is integrated with Weblogic then what is role&privilege those LDAP users get in Weblogic. Is it by default or we need to assign there Group a specific Weblogic Role or does this role comes from LDAP itself. I have seen the User's Group in LDAP too comes along in Weblogic but I am not aware of the role.
Thanks,
Neeraj.
Neeraj,
DeleteYou have to assign specific groups to the LDAP users if they are not part of any group already based on need. Also these need not be the seeded groups within weblogic like monitors, administrators etc, these can be your LDAP groups as well. Depending on what requirement your application has this needs to be configured.
Subhankar
Hi Subhankar,
ReplyDeleteThanks for the post. I need to configure the OWSM to authenticate users on the LDAP (Oracle IAM). Can you please give some references or details of what I should do. I have been looking into oracle documentation and there I found this - oracle/wss_oam_token_service_policy is needed. Where can i find this policy and how do I configure it.
Thanks,
S Dey