Saturday, August 21, 2010

Configuring SOA Suite 11.1.1.3 with Oracle Internet Directory(OID) 11.1.1.3

For this post i believe you already have SOA Suite 11.1.1.3 and OID 11.1.1.3 set up

For installing OID You can follow document

Log in to weblogic admin console using http:host:port/console

and click on Security Realms on left hand side it will show the list of realms currently present in your weblogic server.

Now click on the default realm present there



Now switch to provider tab and create a new authentication provider



now give the provider name and choose OracleInternetDirectoryAuthenticator



Now you can see your provider created in the list of Authentication provider



Now as soon as you will open it go to provider specific page and then provide the details for the OID as shown




here default value for port is 3060 and principal is cn=orcladmin in OID 11.1.1.3

How we determine these value from configuration file i am not sure of and reader can update me on the same.

Another important setting here is user based dn and group base dn

Now for that log into your OID 11.1.1.3 and go to data browser now expand it for the user

Now here as you can see



Now i can have the dn as

cn=arpit,cn=users,dc=vm,dc=oracle,dc=com

or

cn=users,dc=vm,dc=oracle,dc=com

or even dc=vm,dc=oracle,dc=com will also work

So you got an idea how we are setting it.

Same applies for group also.

That is the only change that you have to make now save the changes and again go back to the list of authentication provider and click on default autheticator and set its control flag to optional





now again go to the list of authentication provider and say reorder




Now choose oid and make it first in your list as shown below



Now save the changes and restart your server

Now you can see the user arpit in the list of user in weblogic




Few important points to note down is that SOA does not support multiple authentication provider.

That is if you are having more than one authentication provide then the the one which is on the top of list in provider list users will be only able to log in to the worklist applications.

This behavior is also mentioned in Oracle documentation as well

No comments: