Authentication sources allow you to import and/or authenticate users and groups from external user repositories. Users and groups can exist anywhere in your enterprise:
If they reside in an Active Directory server, create an Active Directory remote authentication source.
If they reside in an LDAP server, create an LDAP remote authentication source.
If they reside in other systems, you can easily write your own authentication provider, and then create a remote authentication source.
The WebCenter Interaction Authentication Source is automatically created upon installation for the portal database of users and groups. This authentication source cannot be modified or deleted.
This topic discusses:
To learn how to create or edit administrative objects (including authentication sources and authentication Web services), see Creating and Editing Administrative Objects.
To learn how to customize a new user's initial portal experience, see Customizing the Initial Portal Experience.
You can use authentication sources to synchronize portal users and groups with external repositories. You must run a job associated with the authentication source to periodically synchronize the users and groups in the portal with those in the external repository. For information about jobs, see About Jobs.
Note: The authentication source also creates a group that includes all users imported through the authentication source. This group is named after the authentication source; for example, if your authentication source is called mySource, the group would be called Everyone in mySource.
You can also use authentication sources to authenticate portal users with the credentials stored in those external repositories. However, user credentials are left in the user repository; they are not stored in the portal database. When someone attempts to log in to your portal through an imported user account, the portal confirms the password with the source user repository. This means that the user's portal password always matches the password in the source repository. For example, if a user with a portal account imported from Active Directory changes the Active Directory password, the user can immediately log in to the portal with that password. If the user is logged in to the portal when the password is changed, the user will remain logged in until the user's active session ends. When the session ends, the user must log in again with the new password because the portal will no longer recognize the old password.
Users imported through an authentication source can automatically be granted access to the content imported by some remote content crawlers. The Global ACL Sync Map shows these content crawlers how to import source document security.
For an example of how importing security works for users imported through an authentication source, see Importing Security Example.
Create a single sign-on authentication source for each single sign-on source through which you want to authenticate users. Then associate the SSO authentication source with an LDAP authentication source or a remote authentication source from which you will import the users you want to authenticate.
The Active Directory and LDAP authentication providers are available from Oracle; these providers can be used to import and authenticate users and groups from the associated servers. If your users and groups reside in a custom system, such as a custom database, you can import and authenticate them by easily writing your own authentication provider using the IDK. To learn about developing your own authentication provider, refer to the Oracle WebCenter Interaction Web Service Development Guide, which is located on the Oracle Technology Network at http://www.oracle.com/technology/documentation/bea.html.
Note: For information on obtaining authentication providers, refer to the Oracle Support site at http://www.oracle.com/support/index.html. For information on installing authentication providers, refer to the Installation Guide for Oracle WebCenter Interaction (available on the Oracle Technology Network at http://www.oracle.com/technology/documentation/bea.html) or the documentation that comes with your authentication provider, or contact your portal administrator.
Create a remote authentication source for each security provider (accessed through an authentication Web service) from which you want to import and/or authenticate users and groups.
To make a remote authentication source available to portal users:
Each additionally installed authentication provider adds at least one extra page to the Remote Authentication Source Editor. If you have installed an additional authentication provider, click the help button on the extra pages for information about these pages.
Authentication Web services allow you to specify general settings for your remote user repository, leaving the more detailed settings (like domain specification) to be set in the associated remote authentication sources. This allows you to create different authentication sources to import each domain without having to repeatedly specify all the settings.
To learn about the Authentication Web Service Editor, see one of the following: