Creating Groups and Users
Each client company or organization created in OIDG will be represented by a named group defined in the WLS security realm. Each group can contain further sub-groups as deemed necessary by the customer. These could be defined via in Fusion Middleware Control (FMWC) or in the WebLogic console by an OIDG administrator. Users created in the security realm will need to be assigned to an appropriate named group. Access roles should be assigned to groups rather than users.
Note: The configuration steps below are based on using the embedded WebLogic LDAP server. The steps could vary if another supported LDAP provider was chosen. Below is the configuration for Embedded LDAP.
Creating a User Group
Below is an example of creating an ‘OIDXAdmin_Group’ user group that will be assigned the OIDG OIDXAdmin application role. A group can be assigned more than role.
- Login to the FMWC console, select the domain if not already selected.
- Choose Security → ‘Users and Groups’ and go to Groups tab.
Figure 4.2.1 - Creating users and groups - Click ‘Create’ button and create the group as shown below.
Figure 4.2.2 - Creating a group - Click on each created group and in 'Membership' tab select the required Parent group and move to Chosen as shown below.
Figure 4.2.3 - Settings for group - Click 'Save'.
Creating a User
Below is an example of creating an ‘OIDXAdminUser1’ user that will be placed in the ‘OIDXAdmin_Group’ that we created in the previous section. Adding this user to the OIDXAdmin_Group will result in this user inheriting all the privileges that have been granted to the group.
- If not already in ‘Users and Groups’, Login to the FMWC console, select the domain if not already selected.
- Choose Security → 'Users and Groups’
- Now to go the Users tab and click ‘Create’.
Figure 4.2.4 - Creating users - Create the user as shown below.
Figure 4.2.5 - User properties - Click on created User and in 'Groups' tab choose the group that we created earlier from Parent Groups and move to Chosen as shown below.
Figure 4.2.6 - Settings for user - Similarly create required groups and users. Assign the users to appropriate group based on required privilege.