5-94 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation ■ Person Object Class - the LDAP object class representing a user in the LDAP server. Here are examples of the Person Object Class for different types of directory servers: – Oracle Internet Directory: inetOrgPerson – Sun Java System Directory Server: inetOrgPerson – Microsoft Active Directory: user ■ Base DN - the node under which LDAP user search will be performed. For example: dc=us,dc=oracle,dc=com ■ Connection Wait Timeout sec - the maximum number in seconds to wait until a connection is available, when the maximum number of connections opened by Oracle Identity Federation to the LDAP server has been reached. Updates you make on this tab are saved if you move to tabs for other authentication engines. When you are done, click Apply to save the changes, or Revert to reset the data to its previous state. For additional information relevant to configuring LDAP authentication engines, see: ■ Section 6.4.1, Configuring High Availability LDAP Servers ■ Section 5.13.1.4, Configuring a Redundancy User Data Store which explains how to configure a load balancer in front of LDAP servers.

5.15.4.1 Configuring Oracle Virtual Directory as the Authentication Engine

Oracle Identity Federation can be integrated with Oracle Virtual Directory; when using Oracle Virtual Directory as the LDAP authentication engine, ensure that the base DN, person object class, unique user id and user description attribute settings are valid for all directory structures connected to Oracle Virtual Directory.

5.15.5 Authentication Engines - Database Security

Notes: ■ For every user, the value of this attribute must equal the value of the attribute specified as Unique ID Attribute in the user data store. For example, if the attribute configured here is mail, and the attribute configured as Unique ID Attribute in the user data store is EmailAddress, then the value of mail in the authentication engine back-end must equal the value of EmailAddress in the user data store. ■ The attribute value configured here must be unique across all users. Configuring Oracle Identity Federation 5-95 The tab contains these fields: ■ Default Authentication Engine - This is the engine used for authentications. The list-box contains all the currently enabled engines; selecting an engine from the list makes it the default engine. ■ Enable Authentication Engine - Check this box to enable the engine, and uncheck the box to disable the engine. If enabled, this engine appears on the list of available engines in the list-box associated with Default Authentication Engine. ■ JDBC URL - the connection URL of the database. ■ JDBC Driver - Enter the JDBC driver string. Updates you make on this tab are saved if you move to tabs for other authentication engines. When you are done, click Apply to save the changes, or Revert to reset the data to its previous state.

5.15.6 Authentication Engines - Database Table

The tab contains these fields: ■ Default Authentication Engine - This is the engine used for authentications. The list-box contains all the currently enabled engines; selecting an engine from the list makes it the default engine. ■ Enable Authentication Engine - Check this box to enable the engine, and uncheck the box to disable the engine. If enabled, this engine appears on the list of available engines in the list-box associated with default authentication engine. ■ JNDI Name - The JNDI of the data source created in the Oracle WebLogic Server Administration Console. ■ Login Table - The name of the login table. ■ Login ID Column - The name of the Login ID column in the Login Table. ■ User Unique ID Column - The name of the User ID column in the Login Table. ■ Login Password Column - The name of the Login Password column in the Login Table. ■ Password Digests Algorithm - The digest algorithm applied to passwords in the Login Table. Select None if the password is stored in clear-text in the database, or select MD5 or SHA1 if the value in the database is an MD5 or SHA1 hash of the password. Updates you make on this tab are saved if you move to tabs for other authentication engines. When you are done, click Apply to save the changes, or Revert to reset the data to its previous state.