Issue Summary— Out of the box, WebLogic only utilizes the top security provider across the WebCenter domain. In some complex environments, we have seen customers request that multiple LDAP authenticators be utilized in their production environments.
Solution— Accomplishing this task utilizing only the Fusion Middleware product stack is not possible. Oracle Identity Management (OIM) offers the ability to combine multiple LDAP providers into a single unified directory. OIM also offers the functionality to integrate multiple LDAP-aware applications into a single directory. This is accomplished through an OIM feature called Oracle Virtual Directory (OVD).
Note: Pulling from multiple authentication providers can cause decreased performance across the WebCenter environment.
Instead of authenticating directly from the LDAP source, authentication will now pass through several providers causing an increased login time and decreased performance across the domain.
Configuring your Environment—
- Configuring the WebCenter domain for OIM – https://docs.oracle.com/middleware/11119/core/INOIM/part1.htm#BABCEEAH
- Configuring OVD in OIM – https://docs.oracle.com/middleware/11119/core/INOIM/ovd.htm#CIHDHHAA
- Enabling OVD for WebLogic (11g start at step 1, 12c start at step 3)
- Log into Enterprise Manager (hostname:7001/em)
- Expand WebLogic Domain and click on the <base_domain>.
- On the WebLogic domain dropdown menu, choose Security – Security Provider Configuration.
- Under the identity store provider section, click the Configure button.
- In the custom properties table, check Property Name = virtualize and Value =. Set value = true if configuring WebLogic to utilize multiple security providers. Note: This value should not be set to true if only utilizing a single security provider.
- Restart the entire domain.
Does your company have complex security requirements for WebCenter, AEM, or other products? Contact Inspired ECM today to learn how we can fulfill your complex security requests.
