PROCESSIT 7.4 R1
For Oracle Fusion Middleware 11g

Authentication

©2025 Copyright ReadSoft AG (publ). All rights reserved. The contents of this document are subject to change without notice. ReadSoft is a registered trademark of ReadSoft AB. Other product and company names herein may be the trademarks or registered trademarks of their respective owners.
Questions or comments about this document may be emailed to documentation@readsoft.com.

ReadSoft AB (Head office) | Södra Kyrkogatan 4 | SE-252 23 Helsingborg | Sweden | Phone: +46 42 490 21 00 | Fax: +46 42 490 21 20
ReadSoft AG | Falkstrasse 5 | 60487 Frankfurt | Germany | Phone: +49 69 1539402-0 | Fax: +49 69 1539402-13
info@readsoft.com | www.readsoft.com

AuthenticationAuthentication OptionsDefault identity serviceCustom PL/SQL authenticatorWebLogic Active Directory or LDAP Authentication ProviderAuthentication Provider OverviewDetails on Custom AuthenticationAuthentication Function DetailsDetails on WebLogic ProviderExternal Documentation

Authentication

Authentication Options

PROCESSIT offers three supported methods for user authentication:

  • Default identity service
  • Custom PL/SQL authenticator
  • WebLogic Active Directory or LDAP Authentication Provider

Default identity service

The default user authentication service used by PROCESSIT is IdentityServiceAuthenticationProvider, which is a custom provider that authenticates via the Identity Service and database connections for user implementations using the FND_EMPL and EMPL methods.

Custom PL/SQL authenticator

A custom PL/SQL authenticator lets you implement your own authentication provider using PL/SQL, provided the interface design matches the criteria set forth in PROCESSIT.

PROCESSIT contains custom configuration parameters related to custom PL/SQL authentication. You can add these to your custom PL/SQL package, to avoid hardcoding some of the key setup information into your procedure.

WebLogic Active Directory or LDAP Authentication Provider

WebLogic comes with a lot of predefined authentication providers. PROCESSIT is tested with the Active Directory / LDAP authentication. Please refer to http://docs.oracle.com/cd/E11035_01/wls100/secmanage/atn.html#wp1198953 for supported LDAP providers.

Authentication Provider Overview

Once you have configured a new authentication provider, restart the WebLogic server to make the changes take effect.

Authentication Schemes/caption>
Configuration ParametersIdentityServiceCustom PL/SQLWebLogic Authentication Provider (LDAP/AP)
D4_USER_IMPLEMENTATIONEmployees / FND user joined with EmployeeEmployees / FND user joined with EmployeeEmployees, authenticating via Weblogic Security Realm / FND user joined with employee, authenticating via Weblogic Security Realm
D4_USER_CUSTOM_AUTH_DBN/ADatabase hosting custom PL/SQL FunctionN/A
D4_USER_CUSTOM_AUTH_FUNCTIONN/ACustom PLSQL Function NameN/A
D4_USER_CUSTOM_AUTH_LDAP_HOSTN/ACustomer Requested*N/A
D4_USER_CUSTOM_AUTH_LDAP_PORTN/ACustomer Requested*N/A
D4_USER_CUSTOM_AUTH_LDAP_SEARCH_BASEN/ACustomer Requested*N/A

*Customer Requested configuration parameters are not used by PROCESSIT, but available for customers to put their own configuration settings into.

Details on Custom Authentication

The System Administrator must configure an Authentication Provider in Weblogic following the guidelines set forth in Oracle's documentation. The provider must be set to SUFFICIENT and be the first provider in the list of Authentication Providers. Additional providers should also be set as SUFFICIENT as listed in our Weblogic authentication provider installation documentation.

The following parameters in PROCESSIT can be configured to contain server settings:

  • Custom PL/SQL User Authentication LDAP Host: Ldap host name
  • Custom PL/SQL User Authentication LDAP Port: Ldap port number (generally 389 or 3268)
  • Custom PL/SQL User Authentication LDAP Search Base: Ldap search base DN
  • Custom PL/SQL User Authentication Database: Select either the EBS or PROCESSIT database as the custom authentication host.
  • Custom PL/SQL User Authentication Function specify the schema name and function name in the format schema_name.function_name, for example: D4.VALIDATE_LOGIN.

Authentication Function Details

The function must accept two input VARCHAR2 parameters: USER_NAME and PASSWORD.

It must return a single VARCHAR2 result of either Y, if the user exists and can be authenticated with the supplied user name and password, or N, if any error or authentication failure occurs. An example function signature:

FUNCTION VALIDATE_LOGIN(PI_USER_NAME VARCHAR2, PI_PASSWORD VARCHAR2 ) return VARCHAR2

If the parameters are not configured, the implementation defaults to authenticating via the standard Oracle EBS APPS.FND_WEB_SEC.VALIDATE_LOGIN function.

Details on WebLogic Provider

You must select from one of two additional user Implementations, FND user joined with employee, authenticating via Weblogic Security Realm or Employees, authenticating via Weblogic Security Realm.

Each of these user implementations corresponds with the previous user implementations, with the difference is that authentication happens via the provider you have configured. Users must exist in FND User / Employee with the same userid as in the configured provider.

Authenticating using one of these providers will not give you password expiration warnings or notices of account lockouts. You will only get an Authentication failed result under those conditions. Resolving those sorts of issues will need to be handled through the providers facilities, i.e. if you are authenticating via Active Directory, you will need to change your password in Active Directory.

External Documentation

The configuration is specific to each environment. There is a lot of documentation from Oracle and online as to configuring it.

See for instance: http://docs.oracle.com/cd/E11035_01/wls100/secmanage/atn.html