Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Previous PageGo to page 1 of 7Go to page 2 of 7Go to page 3 of 7Go to page 4 of 7Current page 5 of 7Go to page 6 of 7Go to page 7 of 7Next Page
 

 

 

SunOne/iPlanet Integration: Configuring External Authentication

Configuring the External Authentication Plug-in Policy

It is possible that you may want some or all of your Oracle 10g Application Server users to authenticate using their users credentials stored in SunOne or that you don't want your SunOne user passwords stored in OID at all. If this is your desired authentication model, OID has a feature called "External Authentication" which will enable you to accomplish this. OID External Authentication allows you to setup OID so that when a user authenticates against OID, OID will actually go check the users credentials against the SunOne server rather than OID.

In this section you will get hands on experience configuring Oracle Internet Directory to authenticate users using credentials stored in SunOne

PREREQUISITES

OID must be installed

The OID server must be running

OID must be configured to import SunOne users

The procedure for configuring External Authentication is quite simple. A single script needs to be run from the $ORACLE_HOME/ldap/admin directory. The script is called oidspipi.sh

After running this script you will be able to externally authenticate your 10g Application Server users against the SunOne server.

One value in particular worth pointing out is the "Exception Entry Property". This value acts as a filter and determines where users will authenticate. The value you enter here will determine which users will authenticate against OID and which users will authenticate against SunOne. In the example above we entered the following value for the "Exception entry property":

(&(objectclass=inetorgperson)(cn=orcladmin)

This value tells OID that every user except the user "cn=orcladmin" will authenticate using credentials stored in SunOne.

Let's assume you want to exclude the "orcladmin" and the "portal" user from external authentication. The "portal" user is "cn=portal, ....", then the value you specify would be:

(|(cn=orcladmin)(cn=portal))

The objectclass is not a required value.

Let's suppose you want all the SunOne users you migrated to OID which also contain the objectclass orclADUser to authenticate against the AD server, but everyone else you want to authenticate locally against OID. In this case, you would put:

(!(objectclass=orclADUser))

If you want to combine both conditions, then you would use the value of:

(|(|(cn=orcladmin)(cn=portal))(!(objectclass=orclADUser)))

 

 

Oracle Logo Next Page