15.9 Configuring External Oracle Internet Directory and Reassociating Reports

This section describes how to configure external Oracle Internet Directory for in-process servers and standalone servers and to reassociate Reports with Oracle Internet Directory and another Portal.

It discusses the following topics:

15.9.1 Configuring External Oracle Internet Directory for In-Process Servers

You can migrate from the default embedded ID store of WebLogic Server to an external Oracle Internet Directory to configure the ID store and Policy store settings. Note that configuration of an external Oracle Internet Directory is a post-installation procedure.

15.9.1.1 Configuring External Oracle Internet Directory as ID Store When Using JPS-Based Security

If you are using JPS-based security, you can configure an external Oracle Internet Directory as ID store through the Oracle WebLogic Server Administration Console.

To configure an external Oracle Internet Directory as an ID store through Oracle WebLogic Server, complete the following steps:

  1. Navigate to the WebLogic Server Administration Console.

  2. From the Domain Structure window, select Security Realms.

    The Summary of Security Realms page is displayed.

  3. Select a Realm from the Realms table.

  4. From the settings for the realm page, click the Providers tab.

  5. Select New from the list of Authentication Providers.

  6. Enter a name in the Name field. From the Type drop-down list, select OracleInternetDirectoryAuthenticator, and click OK.

  7. Select the new authenticator, and set the Control Flag to Sufficient.

  8. Select the Provider Specific tab, and enter valid values in the appropriate fields.

  9. Select the default Authenticator and set the Control Flag to OPTIONAL.

  10. Click Save.

  11. Restart the Admin Server.

  12. Select the Security Realm > Users and Groups. Ensure that all users of external Oracle Internet Directory are seen on this page.

Now, users trying to access the in-process servers are authenticated based on the users specified in the external Oracle Internet Directory.

15.9.1.2 Configuring an External Oracle Internet Directory as Policy Store When Using JPS-Based Security

If you are using JPS-based security, you can configure an external Oracle Internet Directory as policy store though Oracle Enterprise Manager.

To configure the policy store in Oracle Enterprise Manager, complete the following steps:

  1. Log in to Oracle Enterprise Manager.

  2. Navigate to the WebLogic domain.

  3. From the WebLogic Domain menu, select Security > Security Provider Configuration.

  4. Click Configure.

  5. Provide the Oracle Internet Directory and JPS root node details and click OK.

    Note:

    If the JPS root node does not exist on Oracle Internet Directory, you must create it. For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

The policies configured in the system-jazn-data.xml file are migrated to the external Oracle Internet Directory.

15.9.2 Reassociating Reports with Oracle Internet Directory

If you have configured an external Oracle Internet Directory, you must reassociate Reports to map to the new Oracle Internet Directory.

To map Reports to associate with the new Oracle Internet Directory using Oracle Enterprise Manager, complete the following steps:

  1. Log in to Oracle Enterprise Manager.

  2. Navigate to your Reports Application home page.

  3. From Reports menu select Administration > Reports OID Association.

    The Reports OID Association Details Page is displayed.

  4. Click the Associate tab.

  5. Specify the Oracle Internet Directory Host, Oracle Internet Directory Port, Username and Password.

  6. Click OK.

Note:

Associating or deassociating Oracle Internet Directory affects all the Reports components associated with that particular Oracle Instance home. If Reports components are associated with different Oracle Instance homes, you must associate or deassociate Oracle Internet Directory individually for each Oracle Instance home.

15.9.3 Reassociating Oracle Reports to Oracle Portal

Ensure that you have associated Reports with the Oracle Internet Directory. To reassociate Oracle Reports to new Oracle Portal, complete the following steps:

  1. Log in to Oracle Enterprise Manager.

  2. Navigate to the WebLogic Domain Home page.

  3. From the WebLogic Domain menu, select Security > Credentials.

  4. Add Portal Credentials in the Credential Store.

    Add a new key value pair in the reports map. For example, add a key as hrportalPasswdKey and key value as the portal schema password.

    For more information, see Section 7.8.7, "Managing Credentials".

  5. Navigate to the Reports Server home page.

  6. From the Reports menu, select Administration > Advanced Configuration.

    The Reports Server Advanced Configuration page is displayed.

  7. In the Portal Information section, enter valid values for Portal Connection, Portal Username, and Portal Password Key.

  8. Click Apply.

Note:

Reassociating Oracle Reports to Oracle Portal affects only the particular server on which the changes are made. You must repeat the procedure to reassociate each Reports server in the Oracle Instance home to an Oracle Portal.

15.9.4 Configuring External Oracle Internet Directory for Standalone Servers

You can migrate from the default ID store (JAZN-XML) to an external Oracle Internet Directory to configure the ID store and Policy store settings. Note that the configuration of an external Oracle Internet Directory is a post-installation step.

To configure an external Oracle Internet Directory as an ID store or policy store, you must modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml file manually.

15.9.4.1 Configuring External Oracle Internet Directory as ID Store

To configure an external Oracle Internet Directory as an ID store, modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml file as described in the following procedure.

Note:

This is just an example. You must replace the example values provided in the entries with your install-specific values.
  1. Under <jpsContext name="default">, add the following:

    <serviceInstanceRef ref="idstore.oid"/>
    

    Comment out the following:

    <!--serviceInstanceRef ref="idstore.xml"/-->
    
  2. Under <serviceInstances>, add the following entries:

    <serviceInstance name="idstore.oid" provider="idstore.ldap.provider"> 
                 <property name="subscriber.name"
     value="dc=us,dc=abc,dc=com"/> 
                 <property name="idstore.type" value="OID"/> 
                 <property name="cleartext.ldap.credentials" 
     value="cn=password"/> 
                 <property name="ldap.url" 
     value="ldap://abc.us.com:389"/> 
                 <extendedProperty> 
                     <name>user.search.bases</name> 
                     <values> 
                        <value>cn=users,dc=us,dc=abc,dc=com</value> 
                     </values> 
                 </extendedProperty> 
                 <extendedProperty> 
                     <name>group.search.bases</name> 
                     <values> 
                       <value>cn=groups,dc=us,dc=abc,dc=com</value> 
                     </values> 
                 </extendedProperty> 
                 <property name="username.attr" value="uid"/> 
                 <propperty name="groupname.attr" value="cn"/> 
      </serviceInstance> 
    
  3. Under < serviceProviders>, add the following:

    <serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" 
     class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider"> 
            </serviceProvider>
                 <description>Prototype LDAP-based ID store</description> 
    

15.9.4.2 Configuring External Oracle Internet Directory as Policy Store

To configure an external Oracle Internet Directory as a policy store, modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml file as described in the following procedure.

Note:

This is just an example. You must replace the example values provided in the entries with your install-specific values.
  1. Under <jpsContext name="default"> add the following:

    <serviceInstanceRef ref="policystore.ldap"/>
    

    Comment out the following:

     <!--serviceInstanceRef ref="policystore.xml"/-->
    
  2. Under <serviceInstances>, add the following:

    <serviceInstance provider="ldap.policystore.provider" name="policystore.ldap">
                <property value="OID" name="policystore.type"/>
                <property name="security.principal" value="cn=orcladmin" /> 
                <property name="security.credential" value="password" /> 
                <property value="cn=PRDomain" name="oracle.security.jps.farm.name"/>
                <property value="cn=sta796_sa_root" name="oracle.security.jps.ldap.root.name"/>
                <property value="ldap://abc.us.com:389" name="ldap.url"/>
            </serviceInstance>
    
  3. Under <serviceProviders>, add the following:

    <serviceProvider type="POLICY_STORE" name="ldap.policystore.provider" 
     class="oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider"> 
                 <description>Prototype LDAP-based ID store</description> 
            </serviceProvider>
    
  4. Save and restart WLS_REPORTS.