Oracle® Fusion Middleware Publishing Reports to the Web with Oracle Reports Services 11g Release 1 (11.1.1) Part Number B32121-02 |
|
|
View PDF |
This section describes how to configure external Oracle Internet Directory for in-process servers and standalone servers and to reassociate Reports with Oracle Internet Directory and another Portal.
It discusses the following topics:
Configuring External Oracle Internet Directory for In-Process Servers
Configuring External Oracle Internet Directory for Standalone Servers
You can migrate from the default embedded ID store of WebLogic Server to an external Oracle Internet Directory to configure the ID store and Policy store settings. Note that configuration of an external Oracle Internet Directory is a post-installation procedure.
If you are using JPS-based security, you can configure an external Oracle Internet Directory as ID store through the Oracle WebLogic Server Administration Console.
To configure an external Oracle Internet Directory as an ID store through Oracle WebLogic Server, complete the following steps:
Navigate to the WebLogic Server Administration Console.
From the Domain Structure window, select Security Realms.
The Summary of Security Realms page is displayed.
Select a Realm from the Realms table.
From the settings for the realm page, click the Providers tab.
Select New from the list of Authentication Providers.
Enter a name in the Name field. From the Type drop-down list, select OracleInternetDirectoryAuthenticator, and click OK.
Select the new authenticator, and set the Control Flag to Sufficient.
Select the Provider Specific tab, and enter valid values in the appropriate fields.
Select the default Authenticator and set the Control Flag to OPTIONAL.
Click Save.
Restart the Admin Server.
Select the Security Realm > Users and Groups. Ensure that all users of external Oracle Internet Directory are seen on this page.
Now, users trying to access the in-process servers are authenticated based on the users specified in the external Oracle Internet Directory.
If you are using JPS-based security, you can configure an external Oracle Internet Directory as policy store though Oracle Enterprise Manager.
To configure the policy store in Oracle Enterprise Manager, complete the following steps:
Log in to Oracle Enterprise Manager.
Navigate to the WebLogic domain.
From the WebLogic Domain menu, select Security > Security Provider Configuration.
Click Configure.
Provide the Oracle Internet Directory and JPS root node details and click OK.
Note:
If the JPS root node does not exist on Oracle Internet Directory, you must create it. For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.The policies configured in the system-jazn-data.xm
l file are migrated to the external Oracle Internet Directory.
If you have configured an external Oracle Internet Directory, you must reassociate Reports to map to the new Oracle Internet Directory.
To map Reports to associate with the new Oracle Internet Directory using Oracle Enterprise Manager, complete the following steps:
Log in to Oracle Enterprise Manager.
Navigate to your Reports Application home page.
From Reports menu select Administration > Reports OID Association.
The Reports OID Association Details Page is displayed.
Click the Associate tab.
Specify the Oracle Internet Directory Host, Oracle Internet Directory Port, Username and Password.
Click OK.
Note:
Associating or deassociating Oracle Internet Directory affects all the Reports components associated with that particular Oracle Instance home. If Reports components are associated with different Oracle Instance homes, you must associate or deassociate Oracle Internet Directory individually for each Oracle Instance home.Ensure that you have associated Reports with the Oracle Internet Directory. To reassociate Oracle Reports to new Oracle Portal, complete the following steps:
Log in to Oracle Enterprise Manager.
Navigate to the WebLogic Domain Home page.
From the WebLogic Domain menu, select Security > Credentials.
Add Portal Credentials in the Credential Store.
Add a new key value pair in the reports
map. For example, add a key as hrportalPasswdKey
and key value as the portal schema password.
For more information, see Section 7.8.7, "Managing Credentials".
Navigate to the Reports Server home page.
From the Reports menu, select Administration > Advanced Configuration.
The Reports Server Advanced Configuration page is displayed.
In the Portal Information section, enter valid values for Portal Connection, Portal Username, and Portal Password Key.
Click Apply.
Note:
Reassociating Oracle Reports to Oracle Portal affects only the particular server on which the changes are made. You must repeat the procedure to reassociate each Reports server in the Oracle Instance home to an Oracle Portal.You can migrate from the default ID store (JAZN-XML) to an external Oracle Internet Directory to configure the ID store and Policy store settings. Note that the configuration of an external Oracle Internet Directory is a post-installation step.
To configure an external Oracle Internet Directory as an ID store or policy store, you must modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml
file manually.
To configure an external Oracle Internet Directory as an ID store, modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml
file as described in the following procedure.
Note:
This is just an example. You must replace the example values provided in the entries with your install-specific values.Under <jpsContext name="default">
, add the following:
<serviceInstanceRef ref="idstore.oid"/>
Comment out the following:
<!--serviceInstanceRef ref="idstore.xml"/-->
Under <serviceInstances>
, add the following entries:
<serviceInstance name="idstore.oid" provider="idstore.ldap.provider"> <property name="subscriber.name" value="dc=us,dc=abc,dc=com"/> <property name="idstore.type" value="OID"/> <property name="cleartext.ldap.credentials" value="cn=password"/> <property name="ldap.url" value="ldap://abc.us.com:389"/> <extendedProperty> <name>user.search.bases</name> <values> <value>cn=users,dc=us,dc=abc,dc=com</value> </values> </extendedProperty> <extendedProperty> <name>group.search.bases</name> <values> <value>cn=groups,dc=us,dc=abc,dc=com</value> </values> </extendedProperty> <property name="username.attr" value="uid"/> <propperty name="groupname.attr" value="cn"/> </serviceInstance>
Under < serviceProviders>,
add the following:
<serviceProvider type="IDENTITY_STORE" name="idstore.ldap.provider" class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider"> </serviceProvider> <description>Prototype LDAP-based ID store</description>
To configure an external Oracle Internet Directory as a policy store, modify the $DOMAIN_HOME/config/fmwconfig/jps-config-jse.xml
file as described in the following procedure.
Note:
This is just an example. You must replace the example values provided in the entries with your install-specific values.Under <jpsContext name="default">
add the following:
<serviceInstanceRef ref="policystore.ldap"/>
Comment out the following:
<!--serviceInstanceRef ref="policystore.xml"/-->
Under <serviceInstances>,
add the following:
<serviceInstance provider="ldap.policystore.provider" name="policystore.ldap"> <property value="OID" name="policystore.type"/> <property name="security.principal" value="cn=orcladmin" /> <property name="security.credential" value="password" /> <property value="cn=PRDomain" name="oracle.security.jps.farm.name"/> <property value="cn=sta796_sa_root" name="oracle.security.jps.ldap.root.name"/> <property value="ldap://abc.us.com:389" name="ldap.url"/> </serviceInstance>
Under <serviceProviders>,
add the following:
<serviceProvider type="POLICY_STORE" name="ldap.policystore.provider" class="oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider"> <description>Prototype LDAP-based ID store</description> </serviceProvider>
Save and restart WLS_REPORTS.