2 Replies Latest reply: Dec 22, 2011 10:53 AM by 906277 RSS

    ODI External Authentication using LDAP

    871323
      Hello,
      I am new to ODI. We are installing ODI and would like to configure external authentication using our LDAP.
      I need to create jps-config.xml file and save it under ODI client location

      I am looking for sample JPS-CONFIG.XML file where I can use LDAP to authenticate the users.

      Thanks
      Bhupal
        • 1. Re: ODI External Authentication using LDAP
          780756
          Hi,

          The following sample shows a complete jps-config.xml file that illustrates the configuration of several services and properties; they apply to both JavaEE and JavaSE applications.

          <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
          <jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
          <property value="off" name="oracle.security.jps.jaas.mode"/>
          <propertySets>
          <propertySet name="saml.trusted.issuers.1">
          <property value="www.oracle.com" name="name"/>
          </propertySet>
          </propertySets>

          <serviceProviders>
          <serviceProvider class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider" name="credstoressp" type="CREDENTIAL_STORE">
          <description>SecretStore-based CSF Provider</description>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider" name="idstore.ldap.provider" type="IDENTITY_STORE">
          <description>LDAP-based IdentityStore Provider</description>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.idstore.xml.XmlIdentityStoreProvider" name="idstore.xml.provider" type="IDENTITY_STORE">
          <description>XML-based IdentityStore Provider</description>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider" name="policystore.xml.provider" type="POLICY_STORE">
          <description>XML-based PolicyStore Provider</description>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider" name="jaas.login.provider" type="LOGIN">
          <description>JaasLoginServiceProvider to conf loginMod servInsts</description>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.keystore.KeyStoreProvider" name="keystore.provider" type="KEY_STORE">
          <description>PKI Based Keystore Provider</description>
          <property value="owsm" name="provider.property.name"/>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.audit.AuditProvider" name="audit.provider" type="AUDIT">
          <description>Audit Service</description>
          </serviceProvider>
          <serviceProvider class="oracle.security.jps.internal.credstore.ldap.LdapCredentialStoreProvider" name="ldap.credentialstore.provider" type="CREDENTIAL_STORE"/>
          <serviceProvider class="oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProvider" name="ldap.policystore.provider" type="POLICY_STORE">
          <property value="OID" name="policystore.type"/>
          </serviceProvider>
          </serviceProviders>

          <serviceInstances>
          <serviceInstance location="./" provider="credstoressp" name="credstore">
          <description>File Based Credential Store Service Instance</description>
          </serviceInstance>
          <serviceInstance provider="idstore.ldap.provider" name="idstore.ldap">
          <property value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider" name="idstore.config.provider"/>
          </serviceInstance>
          <serviceInstance location="./system-jazn-data.xml" provider="idstore.xml.provider" name="idstore.xml">
          <description>File Based Identity Store Service Instance</description>
          <property value="jazn.com" name="subscriber.name"/>
          </serviceInstance>
          <serviceInstance location="./system-jazn-data.xml" provider="policystore.xml.provider" name="policystore.xml">
          <description>File Based Policy Store Service Instance</description>
          </serviceInstance>
          <serviceInstance location="./default-keystore.jks" provider="keystore.provider" name="keystore">
          <description>Default JPS Keystore Service</description>
          <property value="JKS" name="keystore.type"/>
          <property value="oracle.wsm.security" name="keystore.csf.map"/>
          <property value="keystore-csf-key" name="keystore.pass.csf.key"/>
          <property value="enc-csf-key" name="keystore.sig.csf.key"/>
          <property value="enc-csf-key" name="keystore.enc.csf.key"/>
          </serviceInstance>
          <serviceInstance provider="audit.provider" name="audit">
          <property value="None" name="audit.filterPreset"/>
          <property value="0" name="audit.maxDirSize"/>
          <property value="104857600" name="audit.maxFileSize"/>
          <property value="jdbc/AuditDB" name="audit.loader.jndi"/>
          <property value="15" name="audit.loader.interval"/>
          <property value="File" name="audit.loader.repositoryType"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="saml.loginmodule">
          <description>SAML Login Module</description>
          <property value="oracle.security.jps.internal.jaas.module.saml.JpsSAMLLoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          <propertySetRef ref="saml.trusted.issuers.1"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="krb5.loginmodule">
          <description>Kerberos Login Module</description>
          <property value="com.sun.security.auth.module.Krb5LoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          <property value="true" name="storeKey"/>
          <property value="true" name="useKeyTab"/>
          <property value="true" name="doNotPrompt"/>
          <property value="./krb5.keytab" name="keyTab"/>
          <property value="HOST/localhost@EXAMPLE.COM" name="principal"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="digest.authenticator.loginmodule">
          <description>Digest Authenticator Login Module</description>
          <property value="oracle.security.jps.internal.jaas.module.digest.DigestLoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="certificate.authenticator.loginmodule">
          <description>X509 Certificate Login Module</description>
          <property value="oracle.security.jps.internal.jaas.module.x509.X509LoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="wss.digest.loginmodule">
          <description>WSS Digest Login Module</description>
          <property value="oracle.security.jps.internal.jaas.module.digest.WSSDigestLoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="user.authentication.loginmodule">
          <description>User Authentication Login Module</description>
          <property value="oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          </serviceInstance>
          <serviceInstance provider="jaas.login.provider" name="user.assertion.loginmodule">
          <description>User Assertion Login Module</description>
          <property value="oracle.security.jps.internal.jaas.module.assertion.JpsUserAssertionLoginModule" name="loginModuleClassName"/>
          <property value="REQUIRED" name="jaas.login.controlFlag"/>
          </serviceInstance>
          <serviceInstance provider="ldap.credentialstore.provider" name="credstore.ldap">
          <property value="bootstrap" name="bootstrap.security.principal.key"/>
          <property value="cn=wls-jrfServer" name="oracle.security.jps.farm.name"/>
          <property value="cn=jpsTestNode" name="oracle.security.jps.ldap.root.name"/>
          <property value="ldap://stadw12.us.oracle.com:3060" name="ldap.url"/>
          </serviceInstance>
          <serviceInstance location="./bootstrap" provider="credstoressp" name="bootstrap.cred">
          <property value="./bootstrap" name="location"/>
          </serviceInstance>
          <serviceInstance provider="ldap.policystore.provider" name="policystore.ldap">
          <property value="OID" name="policystore.type"/>
          <property value="bootstrap" name="bootstrap.security.principal.key"/>
          <property value="cn=wls-jrfServer" name="oracle.security.jps.farm.name"/>
          <property value="cn=jpsTestNode" name="oracle.security.jps.ldap.root.name"/>
          <property value="ldap://stadw12.us.oracle.com:3060" name="ldap.url"/>
          </serviceInstance>
          </serviceInstances>

          <jpsContexts default="default">
          <jpsContext name="default">
          <serviceInstanceRef ref="keystore"/>
          <serviceInstanceRef ref="audit"/>
          <serviceInstanceRef ref="credstore.ldap"/>
          <serviceInstanceRef ref="policystore.ldap"/>
          </jpsContext>
          <jpsContext name="oracle.security.jps.fmw.authenticator.DigestAuthenticator">
          <serviceInstanceRef ref="digest.authenticator.loginmodule"/>
          </jpsContext>
          <jpsContext name="X509CertificateAuthentication">
          <serviceInstanceRef ref="certificate.authenticator.loginmodule"/>
          </jpsContext>
          <jpsContext name="SAML">
          <serviceInstanceRef ref="saml.loginmodule"/>
          </jpsContext>
          <jpsContext name="bootstrap_credstore_context">
          <serviceInstanceRef ref="bootstrap.cred"/>
          </jpsContext>
          </jpsContexts>
          </jpsConfig>

          For further information check the FMW Security Guide.

          Regards,
          Rahul
          • 2. Re: ODI External Authentication using LDAP
            906277
            You can find this on Metalink site.

            Edited by: 903274 on Dec 22, 2011 8:53 AM