Using a Credential Map in UCM 11g

Credential Maps are still alive and well in 11g. I end up using them in almost all of my UCM deployments that use some kind of external directory server. Credential maps solve the problem of creating groups in your external directory server that match the names used in UCM for roles and accounts.

In 11g there is one slight wrinkle. The UI for editing the JpsUserProvider does not allow you to specify a credential map. Instead you must manually edit the provider.hda file for the JpsUserProvider on the file system.

The file to edit is

/ucm/cs/data/providers/jpsuserprovider/provider.hda

You add the following entry in the local properties section, substituting the name of your credential map.

ProviderCredentialsMap=name_of_map

After doing this you need to restart UCM to pick up the changes.

An important point is that before adding the entry to the provider.hda file and restarting UCM make sure you create the Credential Map in UCM. If the Credential Map you use in your provider.hda file does not exist in UCM no users will be able to log in, not even admin users.

Comments:

Thanks for the tip, I can confirm it works. BTW after adding this entry to provider.hda and restarting, from then on I could edit my credential map on the fly without need for restarts (as it behaved in previous versions).

Posted by guest on October 21, 2011 at 08:11 AM CDT #

Hi,

Sorry for the dumb question but how do I create Credential Maps?

Thanks,
Vitaly

Posted by guest on January 04, 2012 at 03:39 AM CST #

Administration -> Credential Maps

http://.../cs/idcplg?IdcService=GET_CREDENTIALS_MAP

Posted by Kevin on January 04, 2012 at 03:47 AM CST #

hello i did it , but users still coulden't see their account
is this issue related to provider too or not ??

Posted by guest on April 23, 2013 at 01:19 AM CDT #

It could be related to the provider configuration. I would suggest turning on the userstorage and jps trace sections and testing with your users. Look in the trace output to see if it is getting the proper groups from your provider before applying the credential map. The jps trace section is not listed in the drop-down list for trace sections so you will have to type it into the trace text box or you can add TraceSectionsList=userstorage,jps to config.cfg and restart the UCM managed server.

Posted by Kevin Smith on April 23, 2013 at 06:47 AM CDT #

We are planning to have one credential map and will be mapping lots of users and there permissions. I could not find documentation about limitation on maximum number entries each credential map can have. Is there any limitation on maximum number of entries credential map can have??

Posted by Suresh on July 08, 2013 at 03:03 AM CDT #

I am trying to map group of weblogic with security group of ucm 11g through credential maps. I had also updated provider.hda file. But it is not getting reflected in ucm? can you please suggest me the proper way of doing it or any url for that?

Posted by guest on November 27, 2013 at 06:54 AM CST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Kevin Smith is a Technical Director in Oracle Consulting's WebCenter practice. He has been working with content management products since 2004 when he joined Stellent.

Search

Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
12
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today