This content has been marked as final. Show 2 replies
A man named CARLOS SILVA in Portugal give me a solution. It works. I post his email message here for your reference. Welcome to contact me for further discussion.
+*<Email Message from him>*+
I'm assuming the Auth Provider is well configured as you can see users, groups and group membership on the Weblogic Console.
If that is the case, please make sure Auth Provider is configured to provide a valid GUID attribute, as configured on the Authentication Provider:
Assuming the Auth Provider is returning the attribute please make sure the mapping is configured on the jps-config.xml as follows:
<!-- JPS WLS LDAP Identity Store Service Instance -->
<serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">
<property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>
<property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/>
*<property name="PROPERTY_ATTRIBUTE_MAPPING" value="GUID=orclguid"/>*
You can set any attribute to be the GUID, like cn or whatever, you must however ensure that OVD is providing that attribute, for instance with a VirtualAttributePlugin.
I've been involved in a Service Request where BPM/SOA Identity Service could not match user membership due to performing a case sensitive search on the username as far as group membership goes, the Service Request number is 3-3577436911, and the configuration is well explained there, feel free to take a look.