Document user password credential mapping (#714)

rakillen · web-flow · commit 1f1f871c8456 · 2020-08-27T11:34:31.000-05:00
diff --git a/site/use_cases.md b/site/use_cases.md
@@ -6,6 +6,7 @@
  - [Modeling a Work Manager](#work-manager-sample)
  - [Modeling Security Providers](#modeling-security-providers)
  - [Modeling WebLogic Users, Groups, and Roles](#modeling-weblogic-users-groups-and-roles)
+ - [Modeling WebLogic User Password Credential Mapping](#modeling-weblogic-user-password-credential-mapping)
  - [Modeling ODL](#odl-configuration)
  - [Modeling Oracle HTTP Server (OHS)](#configuring-oracle-http-server)
  - [Targeting Server Groups](#targeting-server-groups)
@@ -409,7 +410,43 @@
  - WebLogic global roles are only updated for the WebLogic security XACML role mapping provider (i.e. `XACMLRoleMapper`)
  - The user and group processing is not complete, currently, users cannot be assigned to groups. Users created using the `Security` section are automatically added to the `Administrators` group and are not added to the groups specified. As soon as a patch to correct the user and group processing is available, we will post it here.
 
-
+ ### Modeling WebLogic User Password Credential Mapping
+ 
+ The Create Domain Tool can be used to create user password credential mappings for use with the `DefaultCredentialMapper` security provider. Information in the model will be used to create a credential mapping file that will be imported the first time the Administration Server is started. This example shows how mappings are represented in the model:
+ ```yaml
+domainInfo:
+    WLSUserPasswordCredentialMappings:
+        CrossDomain:
+            map1:
+                RemoteDomain: otherDomain
+                RemoteUser: otherUser
+                RemotePassword: '@@PROP:other.pwd@@'
+        RemoteResource:
+            map2:
+                Protocol: http
+                RemoteHost: remote.host
+                RemotePort: 7020
+                Path: /app/buy
+                Method: POST
+                User: user1
+                RemoteUser: remoteUser
+                RemotePassword: '@@PROP:remote.pwd@@'
+            map3:
+                Protocol: https
+                RemoteHost: remote2.host
+                RemotePort: 7030
+                Path: /app/sell
+                Method: GET
+                User: 'user1,user2'
+                RemoteUser: remoteUser2
+                RemotePassword: '@@PROP:remote2.pwd@@'
+```
+ In this example, the mapping `map1` creates a cross-domain credential mapping that provides access from this domain to the remote domain `otherDomain` as the user `otherUser` with the configured password.
+ 
+ The mapping `map2` creates a remote resource credential mapping that will give the local user `user1` access to a single remote resource on `remote.host` as the user `remoteUser` with the configured password. The mapping `map3` is similar, but provides access to a different remote resource for two local users, `user1` and `user2`.
+ 
+ The names of the mapping sections in the model, such as `map1` and `map2`, are used to group the attributes for each mapping in the model and are not part of the resulting credential mappings. These names should be unique for each mapping of a particular type.
+ 
  ### ODL Configuration
 
  Oracle Diagnostic Logging (ODL) can be configured and updated with Create Domain, Update Domain, and Deploy Applications Tools, starting with WDT release 1.5.2. ODL configuration is only supported for offline mode in WDT. ODL configuration is not added when a model is created using the Discover Domain Tool. This example shows how some common configuration elements can be represented in the model.
