Setup Security

About this task

Copy the CuramMBean.jar from the <SDEJ>/lib directory to the <WebLogic Server Install directory>/weblogic/server/lib/mbeantypes directory (<WebLogic Server Install directory>/wlsserver_10.3/server/lib/mbeantypes for 10.3.3).

Restart the AdminServer and start the Administration Console as described in the previous section.

Procedure

  1. Navigate to <DomainName> > Security Realms;
  2. Click on myrealm in the Realms list;
  3. Click on Providers tab;
  4. Click on Authentication tab;
  5. Click the New button;
  6. Enter the following fields:

    Name : "myrealmCuramAuthenticator"

    Type : "CuramAuthenticator"

  7. Click the OK button;
  8. In the list of Authentication Providers, click the DefaultAuthenticator checkbox;
  9. Click the Delete button;
  10. Click on myrealmCuramAuthenticator in the Authentication Providers list;
  11. Ensure the Control Flag value is set to "REQUIRED".

    If not change the value to "REQUIRED";

  12. Click the Save button;
  13. Select the Provider Specific tab. This tab contains settings for configuring Cúram security in WebLogic Server. The defaults should not be changed unless you wish to modify the security configuration. Table 1 explains the details of the various options.

    You must enter the digested password for the Admin Password value. Generate this password by running the supplied Ant digest target; e.g., ant digest -Dpassword=weblogic1.

    If any changes are made click the Save button;

  14. Click the Save button; ensure that there are no errors.
    Table 1. Provider Specific Options

    Field

    Description

    Check Identity Only

    Optional. If this box is checked the authentication provider will not perform the usual authentication verifications. Instead it will simply ensure that the user exists on the database table. This option is intended where LDAP support is required or an alternative authentication mechanism is to be used.

    Admin Username

    Required. This is the username of the WebLogic Server administration user. This user is excluded from Cúram authentication.

    Admin Password

    Required. This is the encrypted password of the WebLogic Server administration user. Generate the encrypted password by running the supplied Ant digest target; e.g., ant digest -Dpassword=weblogic1

    Port

    Required. This is the port of the machine on which the Cúram application will run. The default is 7003. In a clustered environment this should be set to a ',' separated list of ports to support multiple servers.

    Login Trace

    Optional. This box should be checked to debug the authentication process. If selected the invocation of the Cúram authentication provider will result in tracing information being added to the WebLogic Server log file.

    Run As User

    Required. See section Change SYSTEM Username for a description of this property. The default is SYSTEM.

    Hostname

    Required. This is the hostname of the machine on which the Cúram application will run. The default is localhost. In a clustered environment this should be set to a ',' separated list of host names to support multiple servers.
    Note: While configuring the Cúram Authenticator Provider in a clustered environment, the ordering of hostname and port attributes is important. There is a one to one mapping between the servers and ports specified. For example:
    Port=7001,7003,7005
Hostname=host1,host2,host3

    Here host1 is running the WebLogic Server on port 7001 and host3 7005 is running the WebLogic Server on port

    You must enable SSL support. To do this:

    1. Navigate to <DomainName> > Environment > Servers;
    2. Select the AdminServer from the list of servers.
    3. From the General tab click the SSL Listen Port Enabled checkbox;
    4. Click the Save button;
    5. Restart your server to take changes.
Parent topic: Manual WebLogic Server Configuration