Configuring RMS ADF v16 to authenticate with Weblogic LDAP

Hi All,

It has been quite a while since the last post in the blog. Time flies and we have all been busy with work, but I hope we can catch up again and share more of our experience with you.

Today's post is a very simple post but useful one (at least it was for me).

With RMS v16 running on top of ADF FMW 12c, one of the questions I had was whether to get a basic RMS installation up and running, being able to log into and navigate in the application, is regarding user authentication. 

Since always (and until RMS v16 was released), RMS forms had always been provided basically 2 options for user authentication:

• SSO-based authentication (with OAM and OID in the backend)
• Direct forms/sqlplus connection (with a database user/schema itself)

Now with RMS v16, security is all managed by the Fusion Middleware/ADF framework itself, so it is a very different approach from the older releases forms-based method. Security in RMS v16 is a very different topic which is not going to be discussed in this post, if you want to find out more about Security in ADF or RMS v16, there is a plenty of GA documentation out there at Oracle OTN.

Taking in mind that the supported component for RMS user repository for the Retail products is well documented in the product installation guide itself, this post does not replace or add any support to the product itself regarding this subject (Security, Authentication, LDAP directory, etc.)

So, moving ahead with the subject of this post, one of the things I wanted to do in my Lab install was to not have an entire OIM/OID infrastructure just to do basic navigation and testing in the app itself, so what I did was to get RMS configured and working with Weblogic LDAP itself.

Pre-requisites for this exercise:

• Have RMS v16 infrastructure installed and configured according with the release version itself (OS,DB, App)
• Have the RMS v16 application installed successfully (for this exercise only DB and App is required, but as you are doing it, go with them all, including batch)

1. No need to configure OIDAuthenticator

As mentioned earlier, the idea of this post is to configure RMS to authenticate against Weblogic Embedded LDAP, so we are not going to configure OIDAuthenticator as part of RMS installation guide. So keep the Default Authenticator just like below settings:

2. Create Weblogic Groups according with RMS groups

Here is where we will need to configure RMS groups used by the application itself. For the purpose of this exercise, I am going to create just one group that has administration access in the application. But if you do require the other groups to be created to test authorization/navigation/duties, just create them as you want, Oracle ships several groups in the LDIF files in the installer files. In this exercise we will be using RMS_APPLICATION_ADMINISTRATOR_JOB, whose duty's description is as follows:

The RMS Application Administrator is a part of a retailer's IT department responsible for maintaining and configuring the Oracle Retail Merchandising System. Primary responsibilities include;

- Maintain daily operations, such as daily batch processes of the application

- Supporting end-users and providing the first level of support for the application

- Applying patches and upgrades to the application on a regular basis

- Troubleshooting and resolving product issues- Setting up users and security privileges for the application

You can upload the entire LDIF using any LDAP tool, but here we are going to do step-by-step.

From your Weblogic domain, navigate to myrealm-> User and Groups -> Select Group Tab, and hit "New" to create a new group, enter group name as below, any description you like, and hit OK:

Name: RMS_APPLICATION_ADMINISTRATOR_JOB

Description: Anything

Make sure after you hit OK, you get a successful message that group was created and check that it is visible in Weblogic Console itself.

After this step we are done with the group creation part.

3. Create Weblogic User and associate to the previous created group

As mentioned earlier, groups will have duties and application users will be associated with those groups, consequently they will have those grants/accesses/responsibilities within the duties.

In this exercise, we will use  a dummy user called RMS_ORCLAD_USER and will associate it to the previous created group:

From your Weblogic domain, navigate to myrealm-> User and Groups -> Select User Tab, and hit "New" to create a new group, enter group name as below, any description you like, and hit OK:

Name: RMS_ORCLAD_USER

Description: Anything

Password: orcbrazil1 (Dont forget the default Weblogic password policy will require you to enter a 8-digit alphanumeric password, remember that or WLS will fool you :-) )

Provider: DefaultAuthenticator

Next we will say that RMS_ORCLAD_USER has job is RMS_APPLICATION_ADMINISTRATOR_JOB. 

For that click go to myrealm-> User and Groups -> Select User Tab, hit your newly created user. Switch to Group Tab, and move the RMS_APPLICATION_ADMINISTRATOR_JOB from Available -> Chosen. Hit Save.

4. Login into RMS App and test the newly created user and group

Next step is to just log in and test the app. (No need to restart managed servers)

I hope you liked this simple post (but it was useful to me, and I hope it will be to you too). As always, your comments and feedback via e-mail will be certainly very helpful to improve the content of this blog :-) 

Cheers and see you in the next post!

 - Hermann