9-2 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Business Intelligence By default, Oracle WebLogic Server domains use an XML file for the policy store. The following sections describe the steps required to change the default store to Oracle Internet Directory LDAP for credentials or policies.

9.1.2 Configuring the Credential Store

This section explains how to configure the credential store and contains the following topics: ■ Section 9.1.2.1, Creating Users and Groups ■ Section 9.1.2.2, Backing Up Configuration Files ■ Section 9.1.2.3, Configuring the Identity Store to Use LDAP ■ Section 9.1.2.4, Setting the Order of Providers ■ Section 9.1.2.5, Moving the WebLogic Administrator to LDAP

9.1.2.1 Creating Users and Groups

Create the users and groups you need in Oracle Internet Directory, if you have not done so already. See Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory for more information.

9.1.2.2 Backing Up Configuration Files

To be safe, first back up the relevant configuration files: ■ ORACLE_BASEadmindomain_namemserverdomain_nameconfigconfig.xml ■ ORACLE_BASEadmindomain_namemserverdomain_nameconfigfmwconfig jps-config.xml ■ ORACLE_BASEadmindomain_namemserverdomain_nameconfigfmwconfig system-jazn-data.xml Also back up the boot.properties file for the Administration Server.

9.1.2.3 Configuring the Identity Store to Use LDAP

To configure the credential store to use LDAP, set the proper authenticator using the Oracle WebLogic Server Administration Console, as follows: 1. Log in to the Administration Console.

2. Click the Security Realms link on the left navigation bar.

3. Click the myrealm default realm entry to configure it.

4. Open the Providers tab within the realm. Notice that there is a

DefaultAuthenticator provider configured for the realm.

5. In the Change Center, click Lock Edit.

Note: The back-end repository for the policy store and the credential store must use the same kind of LDAP server. To preserve this coherence, note that reassociating one store implies reassociating the other one, that is, the reassociation of both credential and the policy stores is accomplished as a unit using Oracle Enterprise Manager Fusion Middleware Control or the WLST command reassociateSecurityStore. Integrating with Oracle Identity Management 9-3

6. Click New to add a new provider.

7. Enter a name for the provider, such as OIDAuthenticator.

8. Select the OracleInternetDirectoryAuthenticator type from the list of

authenticators.

9. Click OK.

10. In the Providers screen, click the newly created authenticator.

11. Set the control flag to SUFFICIENT. This indicates that if a user can be

authenticated successfully by this authenticator, then that authentication should be accepted and any additional authenticators should not be invoked. If the authentication fails, it will be passed to the next authenticator in the chain. Make sure that all subsequent authenticators also have their control flag set to SUFFICIENT. In particular, check the control flag for the DefaultAuthenticator and set it to SUFFICIENT if necessary.

12. Click Save.

13. Open the Provider Specific tab, then enter details specific to your LDAP server, as shown in Table 9–1 .

14. Click Save when done.