Administering Security Features 5-35

3. Click Apply.

5.13.4 Set JAAS Realm for Users

Next you must set the JAAS Realm for users: 1. Navigate to dc=example,dc=com under Entry Management replace domain with your domain 2. Click the dc=example entry.

3. Click the Advanced radio button.

4. Select o from the Attribute drop down.

5. Click on the Apply button.

6. Enter example.com for the value of the o attribute replace with your realm.

7. Click Apply.

5.14 Configuring OWLCS Server Instance

Add an LDAPIdentityAssertionProvider with OID support:

1. In the WLS Admin Console go to your Security Realm and click the Providers tab.

2. Delete the DigestIdentityAsserter if you see it in the list of providers this is

created by default for out-of-the-box installation of OWLCS and restart OWLCS server.

3. After server restarts, in the WLS Admin Console, click on the Providers tab.

4. Add a new LDAP Digest Identity Assertion Provider by clicking the New button

and selecting LDAPDigestAssertionProvider from the Type drop-down. Enter LDAPDigestAssertionProvider for name. Click OK.

5. Click on the Provider Specific tab.

6. Set the UserBaseDN to cn=Users,dc=example,dc=com replace the domain part

with your domain. 7. Set the CredentialAttributeName to authpassword;wlcs. 8. Set the PaswordEncryptionType to PRECALCULATEDHASH. 9. Set the DigestRealmName to the example.com this should match the realm value in your ldif file used for installing static verifier. 10. Set Host and Port to those of the OID server. 11. Set the Principal to orclApplicationCommonName=WLCSInstance1,cn=WLCS,cn=Products,cn=Oracl eContext,dc=example,dc=com replace domain part with your domain 12. Set the Credential to what you configured the userPassword of the instance above. Confirm credential.

13. Check the OIDSupportEnabled checkbox and click Save.

14. Go back to the Providers tab described in step 1. If there is a DefaultAuthenticator

entry there, click it, and set the control flag to SUFFICIENT and click Save. 5-36 Oracle WebLogic Communications Server Administration Guide

5.14.1 Add an LDAP Authenticator Setting Up Roles

To add an LDAPAuthenticator:

1. In the WLS Admin Console go to your Security Realm and in the Providers tab,

add a new LDAPAuthenticator.

2. On Common tab, set the Control Flag to SUFFICIENT.

3. Click the Provider Specific tab.

4. Set the host and the port of the OID server.

5. Set Pricipal to

orclApplicationCommonName=WLCSInstance1,cn=WLCS,cn=Products,cn=Oracl eContext,dc=example,dc=com replace domain part with your domain.

6. Set the Credential to what you configured in an earlier step and Confirm

Credential.

7. Set User Base DN to cn=Users,dc=example,dc=com replace domain part with

your domain.

8. Enable Use Retrieved User Name as Principal.

9. Set Group Base DN to cn=Groups,example,dc=com replace domain part with

your domain.

10. Click Save.

5.14.2 Improving LDAP Authenticator Performance

You can improve LDAP Authenticator performance: ■ If users are in a flat structure which is usually the case, set User Search Scope to onelevel. ■ If the groups for roles are in a flat structure which is also usually the case, that is, there are no groups in groups, set Group Search Scope to onelevel, and Set Group Membership Searching to limited. Ensure that you save your changes.

5.14.3 Configuring Userservice to work with OID

You must configure Userservice to work with OID: 1. The ejb-jar.xml packaged in the subscriberdataservices ear file subscriberdataservices-11.1.1.1.0.ear at MW_ HOMEas11gr1wlcs1communicationsapplicationshas to be configured to use LDAP instead of jdbc. 2. Extract the files in the subscriberdataservices ear followed by the files in the userservice jar file. 3. In ejb-jar.xml under META-INF, comment out the UserServiceDSN, and UserDAOImpl groups. Uncomment the LDAP section, and configure with proper values. Set the java.naming.security.principal to orclApplicationCommonName=WLCSInstance1,cn=WLCS,cn=Products,cn=Oracl eContext,dc=example,dc=com replace domain part with your domain