Web Security Role: cisusers

During the installation process for Oracle Utilities Application Framework products, a Web Security role is specified for use in the J2EE Web Application Server (i.e. Oracle WebLogic or IBM WebSphere). This role is used by the J2EE Web Application Server to give permission to the authenticated users to the J2EE resources used by the product.

By default, the value is set to cisusers. Whilst this is sufficient for most implementations to use (in particular non-production) as it quickly sets up a default for the site to use. In production, most customers take the default as well but if the default value is not desired or does not meet your site standards you can change the value a number of ways:

  • If you are using Oracle Utilities Application Framework V2.x or V4.0, you can manually make the change to the web.xml file for the online (a copy of it it is located in etc/conf/WEB-INF directory). You will need to replace all occurances of cisusers to the desired value (remember it cannot include embedded blanks). You will need to change web.xml AND web.xml.XAIApp to complete the change for the online and XAI respectively. If you want to retain the change across upgrades or service packs you should create a custom template as outlined in the Operations and Configuration Guide or Server Administration Guide for your product. 
  • If you are using Oracle Utilities Application Framework V4.1, you can set the value using the configureEnv[.sh] utility. You use the -a option (for advanced configuration) and press 52 (for Advanced Web Application Configuration). Change the value of Web Security Role and Web Principal Name (the latter is used for Identity Management Suite integration but should be used regardless) and that will set the values in the appropriate places.

After doing this, connecting users to this group in your J2EE Web Application Server or in the configured security repository will connect users to the online and Web Service components of your products. As a matter of interest, most sites use cisusers as their default but the process above can be used if the default value is inappropriate.

Comments:

Hi Anthony,

Is there a way by which I can complete bypass the authentication( at the app server level) of an OUAF based application.

Can a user ever log into an OUAF application ( in my case CC&B 2.x) without passing any password?

All my best regards,

Karishma

Posted by Karishma on December 25, 2011 at 04:41 PM EST #

No, you cannot bypass security.

Posted by Anthony Shorten on January 04, 2012 at 10:49 AM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Anthony Shorten
Hi, I am Anthony Shorten, I am the Principal Product Manager for the Oracle Utilities Application Framework. I have been working for over 20+ years in the IT Business and am the author of many a technical whitepaper, manual and training material. I am one of the product managers working on strategy and designs for the next generation of the technology used for the Utilities and Tax markets. This blog is provided to announce new features, document tips and techniques and also outline features of the Oracle Utilities Application Framework based products. These products include Oracle Utilities Customer Care and Billing, Oracle Utilities Meter Data Management, Oracle Utilities Mobile Workforce Management and Oracle Public Service Revenue Management. I am the product manager for the Management Pack for these products.

Search

Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
5
6
7
8
9
10
11
12
14
15
16
17
18
19
20
21
22
23
24
25
26
28
29
30
31
      
Today