Security for Oracle Real-Time Decisions 4-19

5. Select Providers, then Authentication. Click the name of the authentication

provider to complete its configuration. For example, MyOIDDirectory. The Configuration page for the Oracle Internet Directory authentication provider is displayed and has multiple tabs.For more information about completing fields in the Configuration page, click the More Info... link located in each field. You next set the Control Flag for the Oracle Internet Directory authentication provider. When configuring multiple authenticator providers, the Control Flag controls how the authentication providers are used in the login sequence.

6. On the Common tab, set the Control Flag to SUFFICIENT by selecting it from the

list. Click More Info... for more information about the Control Flag settings.

7. Select the Provider Specific tab and complete these fields as follows. Click More

Info... for information about completing the additional fields in each section. 4-20 Oracle Fusion Middleware Administrators Guide for Oracle Real-Time Decisions

8. Click Save.

9. Click Activate Changes in the Change Center.

The Administration and Managed Servers must be restarted. 10. Restart Oracle WebLogic Server. To reorder authentication providers: The Authentication Providers page in Oracle WebLogic Server Administration Console lists all authentication providers configured for the default security realm. Oracle RTD uses only the authentication provider that is in the first position. If multiple authentication providers are configured, you must move to the first position the authentication provider that Oracle RTD is to use.

1. Click Lock Edit in the Change Center of the Oracle WebLogic Server

Administration Console.

2. Select Security Realms from the left pane and click the realm you are configuring.

For example, myrealm. Select Security Realms from Domain Structure in the left pane.

3. Select the Providers tab, then Authentication.

4. Click Reorder.

5. Select the name of the Oracle Internet Directory authentication provider and use

the arrow buttons to move it into the first position. Your results should resemble the following figure where MyOIDDirectory represents the Oracle Internet Directory. Section Name Field Name Description Connection Host The host name of the Oracle Internet Directory server. Port The port number on which the Oracle Internet Directory server is listening. Principal The distinguished name DN of the Oracle Internet Directory user to be used to connect to the Oracle Internet Directory server. For example: cn=OIDUser,cn=users,dc=us,dc=mycompany,dc=com Credential Password for the Oracle Internet Directory user entered as the Principal. Users User Base DN The base distinguished name DN of the Oracle Internet Directory server tree that contains users. Groups Group Base DN The base distinguished name DN of the Oracle Internet Directory server tree that contains groups. Security for Oracle Real-Time Decisions 4-21

4.7 Managing Authorization and Privileges for Oracle RTD

This section contains the following topics: ■ Section 4.7.1, Task Map: Configuring Authorization for Oracle RTD ■ Section 4.7.2, Understanding the Authorization Process ■ Section 4.7.3, Configuring the Policy Store ■ Section 4.7.4, Managing the Policy Store Using Fusion Middleware Control

4.7.1 Task Map: Configuring Authorization for Oracle RTD

This task map contains common authorization configuration tasks and provides links for more information.

4.7.2 Understanding the Authorization Process

After a user is authenticated, further access to Oracle RTD is controlled through the application grants in application policies in the policy store, which is managed by Fusion Middleware Control. Task Description Information Decide on authorization method Decide if the policy store will be the default file or LDAP-based Section 4.7.2, Understanding the Authorization Process Configure a policy store Configure and reassociate a policy store Section 4.7.3, Configuring the Policy Store Create, edit, and delete application roles and application policies Create, edit, and delete application roles and application policies using Fusion Middleware Control Section 4.7.4, Managing the Policy Store Using Fusion Middleware Control