Friday Aug 09, 2013

Batch Best Practices Updated

The Batch Best Practices whitepaper has been updated with advice about memory management and custom log file naming features.

It is available in Batch Best Practices for Oracle Utilities Application Framework based products (Doc Id: 836362.1) available from My Oracle Support.

Active Directory Support

Over the last few days I have had a few questions on our Active Directory support and the use of the cisusers group in the product.

As a J2EE product our products rely on the container to provide integration between security repositories and the application. This is the case with Active Directory. To configure our product to use the Active Directory as a security repository for authentication purposes the following process should be used:

  • Configure the WebLogic Security Provider for Active Directory with the relevant interface. This is performed within Oracle WebLogic exclusively. Refer to the http://docs.oracle.com/cd/E28280_01/web.1111/e13707/atn.htm#i1216261
    • One thing you need to consider is whether you want your AD repository to be your exclusive repository. Oracle WebLogic allows you to specify multiple security repositories with rules to govern the order and relevance of the individual repositories. More details about this are discussed in http://docs.oracle.com/cd/E28280_01/web.1111/e13707/atn.htm#i1204259. This is important as if you want AD to be your exclusive repository then you must define the user (default is system) you use for starting/stopping and administration for your WebLogic instance. If you do not want to define administrators in AD then you can chain the internal repository with your AD repository. I have seen customers doing this where they define different security repositories for internal users, for adminstrators and for CSS users.
  • By default, the group cisusers, is provided to denote the users that are authorized to use the product. This is the default not the only value that you can use.
    • Any group you want to use must not have any embedded blanks.
    • To change the group in OUAF V4.x use configureEnv[.sh] -a utility and alter the Web Security Role and Web Principal Name to the group you want to use. Use initialSetup[.sh] to reflect the change.
    • To change the group in OUAF V2.x create custom templates for web.xml.* and weblogic.xml.* to change the group. Edit the custom templates you created and replace cisusers with the group name you want to use. Use initialSetup[.sh] to reflect the change in your configuration.
  • You need to specify the group in your LDAP query for the AD security provider to denote the subset of users to check against.
  • Optionally, for the LDAP import interface you also need to supply the new group in the LDAP query to denote the subset of users to import. Refer to LDAP Integration for Oracle Utilities Application Framework based product (Doc Id: 774783.1).
About

Anthony Shorten
Hi, I am Anthony Shorten, I am the Principal Product Manager for the Oracle Utilities Application Framework. I have been working for over 20+ years in the IT Business and am the author of many a technical whitepaper, manual and training material. I am one of the product managers working on strategy and designs for the next generation of the technology used for the Utilities and Tax markets. This blog is provided to announce new features, document tips and techniques and also outline features of the Oracle Utilities Application Framework based products. These products include Oracle Utilities Customer Care and Billing, Oracle Utilities Meter Data Management, Oracle Utilities Mobile Workforce Management and Oracle Enterprise Taxation and Policy Management. I am the product manager for the Management Pack for these products.

Search

Archives
« August 2013 »
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
7
8
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
       
Today