Security for Oracle Real-Time Decisions 4-13

4.6.1 Task Map: Configuring Authentication for Oracle RTD

The following task map contains common authentication configuration tasks and provides links for obtaining more information.

4.6.2 Understanding Oracle Real-Time Decisions Authentication

During installation an Oracle WebLogic Server domain is created and Oracle Real-Time Decisions is installed into that domain. Security for an Oracle WebLogic Server domain is managed in context of the domain’s security realm. A security realm acts as a scoping mechanism. Each security realm consists of a set of configured security providers, users, groups, security roles, and security policies. Only one security realm can be active for the domain. Oracle Real-Time Decisions authentication is performed by the authentication provider configured for the default security realm for the WebLogic Server domain in which Oracle Real-Time Decisions is installed. Oracle WebLogic Server Administration Console is the administration tool for managing an Oracle WebLogic Server domain. The following sections include a brief introduction to key Oracle WebLogic Server security concepts. For more information about Oracle WebLogic Server security and how it is managed, see Understanding Security for Oracle WebLogic Server and Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.

4.6.2.1 Identity Stores and Authentication Providers

An identity store contains user name, password, and group membership information. It serves as the data store for user credentials. An authentication provider accesses the stored user information and is responsible authenticating a user. For example, when a user name and password combination is entered at log in, the authentication provider searches the identity store to verify the credentials provided. If SSO authentication is configured for Oracle RTD, the SSO provider also use the data contained in this identity store. Note: For configuring authentication using a Single Sign-On solution, see Configuring Single Sign-On in Oracle Fusion Middleware in Oracle Fusion Middleware Application Security Guide. Task Description For Information Decide on authentication method Decide whether to use the default embedded directory server LDAP-based or a different external authentication method Section 4.6.2, Understanding Oracle Real-Time Decisions Authentication Configure the default authentication provider Configure the default authentication provider for the default security realm. Section 4.6.3, Managing the Default Authentication Provider Add users and groups Add users and groups to the identity store Section 4.6.3.1, Managing Users and Groups Configure an alternate authentication provider to authenticate users Configure an alternate authentication provider. Section 4.6.4, Configuring a New Authentication Provider 4-14 Oracle Fusion Middleware Administrators Guide for Oracle Real-Time Decisions If using an identity store other than the embedded directory server included with Oracle WebLogic Server, the default users and groups shown in Section 4.2.2, Key Authentication Elements will not be automatically present. You can create users and groups with names of your own choosing or re-create the default user and group names if the authentication provider supports this. After this work is completed, you must map the default Oracle RTD application roles the equivalent groups. For example, if your corporate LDAP server is being used as the identity store and you are unable to re-create the Oracle RTD default users and groups in it, you will need to map the default application roles to different groups specific to the corporate LDAP server. For more information about the default application roles and group mappings, see Section 4.2.2, Key Authentication Elements and Section 4.2.3, Key Authorization Elements.

4.6.3 Managing the Default Authentication Provider