Accessing identity information from multiple authentication providers

Accessing identity information from multiple authentication providers (Part 1)

In one of our ADF projects we needed a way to determine which Enterprise Roles (a.k.a Groups) a particular user had. After consulting the documentation for OPSS (Oracle Platform Security Services) we found that the solution was to use the “User and Role API”. As the name indicates this API provides services to manage users and roles of a given domain and is able to support several types of authentication providers such as Oracle Internet Directory, Active Directory, etc. However, while testing we found that only the first provider on the list of authentication providers could be accessed using this API. This limitation made the ”User and Role API” unsuitable to our needs because we had several providers in place.

Later on another solution was found. Accessing the weblogic server MBeans using JMX allowed us to query any of the authentication providers for identity information (users and roles).

Soon we will provide more details including a code sample that will make it easier to understand how to use JMX to access the services of an authentication provider.

Best regards.