How to integrate Active Directory with Oracle Weblogic

hi
is there any Oracle Document that descripes how to integrate the LDAP Active directory with Oracle Weblogic 10.3
Regards
Edited by: qasas on 28-Nov-2009 13:56

weblogic docs (and there identity asserters) - http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html

Similar Messages

How to integrate Java SSO with Oracle Weblogic

Hi,
I am new to Oracle weblogic, but i want to do something like below.
I want to use Oracle weblogic as application server and want to integrate Java SSO into it. I think we can do it using Oracle access manager but since OAM itself is massive drop this plan.
I think we can use OC4j Java SSO into Oracle weblogic, but don't knw whether it is feasible.
Can somebody please guide me solve this problem.
Any suggestion or comment is most appreciated.

weblogic docs (and there identity asserters) - http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html

How to integrate Active Directory with Primavera P6 8.2

Dear All,
I want to install LDAP for Integration with Active Directory for Primavera P6 8.2.
Some advice please should i install Oracle Internet Directory and or Oracle Directory Service Manager for AD Integration.
And should i install Fusion Middleware and or Service-Oriented Architectures (SOA) for integration for AD Integration.
And what is the step by step procedure for the above installation with separate database if required.
I want to install any above application or service on my weblogic environment.
you can find the status of my web applications and enterprise applications services on the Weblogic Server Administration Console.
p6 (Active)
p6help (Active)
p6tm (Active)
P6Tutorials (Active)
p6ws (Active)
pr (Active)
pr-help (Active)
PrimaveraAPI (Active)
Thanks in advance for your response.

To provision LDAP user information for P6 EPPM for the first time:
Caution: Ensure that all users are logged out of P6 EPPM to avoid a reset of the P6 Administrator application settings.
Note: Verify which global profile is set as the default since this will be assigned to all provisioned users.
1) Log into the P6 Administrator application.
2) From the Authentication tab:
a. Fill in the appropriate settings under the Authentication folder, and make sure that Login Mode is set to NATIVE.
b. Fill in the appropriate settings under Database instance, and make sure that Authentication Mode is set to NATIVE.
c. Click Save Changes.
3) Restart the application server instance.
Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
4) Log into P6 as a user with privileges to create a new user.
5) Creating User Accounts for P6 EPPM to add a new user (in Native mode) that exactly matches an LDAP server user with rights to read the LDAP directory. Make sure to assign a global profile that contains privileges to add new users and search the LDAP directory and assign the appropriate project profiles and module access.
6) Log back into the P6 Administrator application.
7) From the Authentication tab:
a. Change Login Mode to LDAP.
b. Change Authentication Mode to LDAP.
c. Right-click the LDAP Connection Settings folder and select Test Connection.
d. Click Save Changes.
8) Restart the application server instance
Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
9) Log into P6 as the LDAP user created in step 5.
a. On the Users page, click the Add icon. The Add Users from LDAP dialog box appears for you to provision users from the LDAP repository:
Note: You must have the Add/Edit/Delete Users privilege and the Provision Users from LDAP privilege to search the LDAP directory. You do not need the Provision Users from LDAP privilege to import users from an LDIF file.
1. Either click the Load LDIF button, or enter an LDAP query (for example, uid=*) under Search users. If a search was previously performed by a user with the privilege to search the LDAP directory, the last query entered by that user will appear.
2. If you clicked the Load LDIF button, browse to the location of the LDIF file, and click Open. If you entered an LDAP query, click Search.
Note: Depending on your P6 administrative configuration settings, you might be prompted to log into the LDAP server.
3. A list of users will appear, grouped by status. For example, LDAP repository users that do not exactly match P6 EPPM users will be grouped together. If users exist in the LDAP repository, the User Name, Actual Name, E-mail, and Phone fields are populated (if you previously mapped those fields through the P6 Administrator application settings).
Note: The User Name field is equivalent to the Login Name field in P6. The Actual Name field is equivalent to the Personal Name field.
4. Select the option next to each user account that you wish to import, or select the option in the fields bar to select all users. New and modified users are automatically selected.
5. Click Import.
Note: The new users will be assigned the default global profile.
follow the above mentioned procedure and let me know if its working.
Ajishlal

How to integrate Crystal Report with oracle JDeveloper 11g

Hi,
How to integrate Crystal Report with oracle JDeveloper 11g
Regards ,
Amol

I dont think that you can integrate Crystal Reports with JDevelpoer but you can use runtime libraries to your project to get crystal report functionality
To know more please go through supported platforms
[Supported Platforms|https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/504d0204-681e-2b10-2381-853d88974cfc]
Regards,
Tej

How to integrate android application with oracle database using oracle mobile database server.

Hi,
I developed one web application using oracle database. I want to implement same web application in android. My problem is how to integrate android application with existing oracle database using oracle database mobile server. Can u please guide me how to install oracle database mobile server and how to integrate android app with existing oracle database..
Thank you.

In the Database Mobile Doc set there is an entire book that covers the Installation of Oracle Database Mobile Server. Chap 4 of that book contains screen shots and all kinds of information that will help guide you through the installation. We also have a doc on the different mobile clients. Chap 2 of that guide covers installs and integration of an android app.
thanks
mike

How to display active directory users through weblogic portal Application?

Hi,
Does anyone has faced this situation?
I configured the activedirectory and able to see the users and group in the weblogic console at Security->Realms->Myrealm->users. when I run my portal application,I am able to see only the users that are configured in embedded weblogic LDAP ie, I can see only the users weblogic,portaladmin and yahooadmin that are of defaultauthenticator provider.I need to display the active directory users also in our portal.
I have two doubts on this?
1)Is it I need to write custom code to view the active directory users in our portal?
2)Does I need to use any jars that supports active directory authenticator?
I would appreciate if any one can reply on this with helpfull docs/information.
We are using BEA 8.1 SP4.
Windows 2000.
Surendra

Hi,
I too have a similar kind of requirement, i use a jsp to do this activity, but i get an exception, i have shown the entire jsp code below,
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<%@ page import="java.util.Set" %>
<%@ page import="javax.naming.Context" %>
<%@ page import="weblogic.jndi.Environment" %>
<%@ page import="weblogic.management.MBeanHome" %>
<%@ page import="weblogic.management.configuration.DomainMBean" %>
<%@ page import="weblogic.management.configuration.SecurityConfigurationMBean" %>
<%@ page import="weblogic.management.security.RealmMBean" %>
<%@ page import="weblogic.management.security.authentication.AuthenticationProviderMBean" %>
<%@ page import="weblogic.management.security.authentication.UserPasswordEditorMBean" %>
<%@ page import="weblogic.security.providers.authentication.LDAPAuthenticatorMBean" %>
<%@ page import="weblogic.management.configuration.EmbeddedLDAPMBean" %>
<%@ page import="weblogic.management.security.authentication.UserEditorMBean" %>
<%@ page import="weblogic.management.security.authentication.UserReaderMBean" %>
<%@ page import="weblogic.management.security.authentication.GroupReaderMBean" %>
<%@ page import="weblogic.management.utils.ListerMBean" %>
<%@ page import="javax.management.MBeanException" %>
<%@ page import="javax.management.modelmbean.RequiredModelMBean" %>
<%@ page import="examples.security.providers.authentication.manageable.*" %>
<%@ page import="weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean" %>
<%@ page import="weblogic.management.utils.InvalidParameterException" %>
<%@ page import="weblogic.management.utils.NotFoundException" %>
<%@ page import="weblogic.security.SimpleCallbackHandler" %>
<%@ page import="weblogic.servlet.security.ServletAuthentication"%>
<%!
private String makeErrorURL(HttpServletResponse response,
String message)
return response.encodeRedirectURL("welcome.jsp?errormsg=" + message);
%>
<html>
<head>
<title>Password Changed</title>
</head>
<body>
<h1>Password Changed</h1>
<%
// Note that even though we are running as a privileged user,
// response.getRemoteUser() still returns the user who authenticated.
// weblogic.security.Security.getCurrentUser() will return the
// run-as user.
System.out.println("------------------------------------------------------------------");
String username = request.getRemoteUser();
System.out.println("User name -->"+username);
// Get the arguments
String currentpassword = request.getParameter("currentpassword");
System.out.println("Current password -->"+currentpassword);
String newpassword = request.getParameter("newpassword");
System.out.println("New password -->"+newpassword);
String confirmpassword = request.getParameter("confirmpassword");
System.out.println("Confirm password -->"+confirmpassword);
// Validate the arguments
if (currentpassword == null || currentpassword.length() == 0 ||
newpassword == null || newpassword.length() == 0 ||
confirmpassword == null || confirmpassword.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Password must not be null."));
return;
if (!newpassword.equals(confirmpassword)) {
response.sendRedirect(makeErrorURL(response, "New passwords did not match."));
return;
if (username == null || username.length() == 0) {
response.sendRedirect(makeErrorURL(response, "Username must not be null."));
return;
// First get the MBeanHome
String url = request.getScheme() + "://" +
request.getServerName() + ":" +
request.getServerPort();
System.out.println("URL -->"+url);
Environment env = new Environment();
env.setProviderUrl(url);
Context ctx = env.getInitialContext();
MBeanHome mbeanHome = (MBeanHome) ctx.lookup(MBeanHome.LOCAL_JNDI_NAME);
System.out.println("MBean home obtained....");
DomainMBean domain = mbeanHome.getActiveDomain();
SecurityConfigurationMBean secConf = domain.getSecurityConfiguration();
// Sar
EmbeddedLDAPMBean eldapBean = domain.getEmbeddedLDAP();
System.out.println("Embedded LDAP Bean obtained...."+eldapBean );
RealmMBean realm = secConf.findDefaultRealm();
System.out.println("RealmMBean obtained....");
AuthenticationProviderMBean authenticators[] = realm.getAuthenticationProviders();
System.out.println("AuthProvMBean obtained....");
// Now get the UserPasswordEditorMBean
// This code will work with any configuration that has a
// UserPasswordEditorMBean.
// The default authenticator implements these interfaces
// but other providers could work as well.
// We try each one looking for the provider that knows about
// this user.
boolean changed=false;
UserPasswordEditorMBean passwordEditorMBean = null;
System.out.println("UserPwdEdtMBean obtained....");
//System.out.println("Creating MSAI....");
//ManageableSampleAuthenticatorImpl msai =
// new ManageableSampleAuthenticatorImpl(new RequiredModelMBean());
//System.out.println("Done....");
for (int i=0; i<authenticators.length; i++) {
System.out.println("### Authenticator --->"+authenticators);
if (authenticators[i] instanceof ActiveDirectoryAuthenticatorMBean)
ActiveDirectoryAuthenticatorMBean adamb =
(ActiveDirectoryAuthenticatorMBean)authenticators[i];
System.out.println("### ActiveDirectoryAuthenticatorMBean .....");
String listers = adamb.listUsers("*",0);
while(adamb.haveCurrent(listers))
System.out.println("### ActiveDirectoryAuthenticatorMBean user advancement.....");
adamb.advance(listers);
if (authenticators[i] instanceof UserPasswordEditorMBean) {
passwordEditorMBean = (UserPasswordEditorMBean) authenticators[i];
System.out.println("Auth match ...."+passwordEditorMBean);
try {
// Now we change the password
// Sar comment
System.out.println("Password changed....");
//passwordEditorMBean.changeUserPassword(username,
// currentpassword, newpassword);
changed=true;
// Sar Comment
catch (InvalidParameterException e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
catch (NotFoundException e) {
catch (Exception e) {
response.sendRedirect(makeErrorURL(response, "Caught exception " + e));
return;
// Sar code
LDAPAuthenticatorMBean ldapBean = null;
UserReaderMBean urMBean = null;
UserEditorMBean ueMBean = null;
GroupReaderMBean gMBean = null;
//ListerMBean lBean = null;
try
if (authenticators[i] instanceof LDAPAuthenticatorMBean)
ldapBean = (LDAPAuthenticatorMBean) authenticators[i];
String userFilter = ldapBean.getAllUsersFilter();
System.out.println("userFilter ="+userFilter);
if (authenticators[i] instanceof UserEditorMBean)
try
System.out.println("UserEditorMBean...");
ueMBean = (UserEditorMBean) authenticators[i];
System.out.println("List users..."+ueMBean);
boolean b = ueMBean.userExists("webuser");
System.out.println("User Exists->>>"+b);
String cursor = ueMBean.listUsers("webuser", 2);
System.out.println("List User ----->"+cursor);
catch(InvalidParameterException e)
response.sendRedirect(makeErrorURL(response, "ERROR InvalidParameterException:" + e));
catch(java.lang.reflect.UndeclaredThrowableException e)
response.sendRedirect(makeErrorURL(response, "ERROR UndeclaredThrowableException :" + e));
e.printStackTrace();
catch(Exception e)
response.sendRedirect(makeErrorURL(response, "ERROR LBean:" + e));
catch(Exception ex)
ex.printStackTrace();
response.sendRedirect(makeErrorURL(response, "ERROR:" + ex));
return;
if (passwordEditorMBean == null) {
response.sendRedirect(makeErrorURL(response, "Internal error: Can't get UserPasswordEditorMBean."));
return;
System.out.println("pwd changed ->"+changed);
if (!changed) {
// This happens when the current user is not known to any providers
// that implement UserPasswordEditorMBean
response.sendRedirect(makeErrorURL(response,
"No password editors know about user " + username + "."));
return;
%>
User <%= username %>'s password has been changed!
<br>
<br>
</body>
</html>
Here is the console log
User name -->webuser
Current password -->i
New password -->u
Confirm password -->u
URL -->http://localhost:7011
MBean home obtained....
Embedded LDAP Bean obtained....[Caching Stub]Proxy for mydomain:Name=mydomain,Type=EmbeddedLDAP
RealmMBean obtained....
AuthProvMBean obtained....
UserPwdEdtMBean obtained....
### Authenticator --->Security:Name=myrealmDefaultAuthenticator
Auth match ....Security:Name=myrealmDefaultAuthenticator
Password changed....
UserEditorMBean...
List users...Security:Name=myrealmDefaultAuthenticator
User Exists->>>true
java.lang.reflect.UndeclaredThrowableException
at $Proxy1.listUsers(Unknown Source)
at jsp_servlet.__updatepassword._jspService(__updatepassword.java:411)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.jav
a:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletC
ontext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:37
64)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.management.MBeanException
at weblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:551)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(RemoteMBeanServerImpl.j
ava:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:946)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:365)
... 14 more
### Authenticator --->Security:Name=myrealmDefaultIdentityAsserter
pwd changed ->true
Can u pls let me know how to get all the entries from LDAP.
Thanx
Sar

How To Integrate BPEL Process Into Oracle Weblogic Portal 10.3

Hi All,
I have bpel process which which has db adapters and Human Work Flow. I need to integrate this bpel process [ created using Oracle SOA Suite 10131] with Oralce weblogic portal 10.3
Please let me know how to achieve this.
Thanks,
Irfan Khan

Hi All,
I tried to call my BPEL Process thru JSP.
This is how my JSP looks like:
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import = "com.oracle.bpel.client.Locator" %>
<%@ page import = "com.oracle.bpel.client.NormalizedMessage" %>
<%@ page import = "com.oracle.bpel.client.dispatch.IDeliveryService" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>InvokeHelloBPELProcess</title>
</head>
<body>
<%
String name = request.getParameter("name");
if(name == null) name = "HelloBPEL";
String xml = "<name xmlns=\"http://xmlns.oracle.com\">"+name+"</name>";
// Connect to the default BPEL domain using Locator
// Please set the password (bpel is initial password)
Locator locator = new Locator( "default", "welcome1" );
IDeliveryService deliveryService =
(IDeliveryService)locator.lookupService
(IDeliveryService.SERVICE_NAME);
//Construct the normalized messaged and send it to the oracle BPEL PM
NormalizedMessage nm = new NormalizedMessage();
System.out.println(" -=-=-=-=-=-=-= XML: "+ xml);
//attach the payload to the NormalizedMessage
nm.addPart("payload", xml);
//Post the message to the HelloBPEL process
deliveryService.post("HelloBPEL", "initiate", nm);
out.println("The BPEL process HelloBPEL initiated!!!");
%>
</body>
</html>
Now once i invoke this JSP page I am getting the 500 internal server error.
The error message is :
java.lang.Exception: Failed to create "ejb/collaxa/system/DeliveryBean" bean; exception reported is: "javax.naming.NameNotFoundException: While trying to lookup 'ejb.collaxa.system/DeliveryBean' didn't find subcontext 'collaxa'. Resolved 'ejb'; remaining name 'collaxa/system/DeliveryBean'
Here I have some doubts:
1) If xml payload that I am passing is correct?
2) In Locator, do I need to pass 'domain' along with 'password' as my password or it will always be "bpel". i.e.,
a) Locator locator = new Locator( "default", <password> );
OR
b) Locator locator = new Locator( "default", "bpel" );
Please let me know how to solve this error. I doubt that my xml payload constructed is wrong. could you tell me what is the correct xml payload for below BPEL process WSDL file:
<?xml version="1.0" encoding="UTF-8"?>
<definitions name="useWebServiceBpelProcess"
targetNamespace="http://xmlns.oracle.com/useWebServiceBpelProcess"
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:client="http://xmlns.oracle.com/useWebServiceBpelProcess"
xmlns:plnk="http://schemas.xmlsoap.org/ws/2003/05/partner-link/">
     
     <types>
          <schema xmlns="http://www.w3.org/2001/XMLSchema">
               <import namespace="http://xmlns.oracle.com/useWebServiceBpelProcess" schemaLocation="useWebServiceBpelProcess.xsd" />
          </schema>
     </types>
     
     <message name="useWebServiceBpelProcessRequestMessage">
          <part name="payload" element="client:useWebServiceBpelProcessProcessRequest"/>
     </message>
     <message name="useWebServiceBpelProcessResponseMessage">
          <part name="payload" element="client:useWebServiceBpelProcessProcessResponse"/>
     </message>
     
     
     <portType name="useWebServiceBpelProcess">
          <operation name="initiate">
               <input message="client:useWebServiceBpelProcessRequestMessage"/>
          </operation>
     </portType>
     
     <portType name="useWebServiceBpelProcessCallback">
          <operation name="onResult">
               <input message="client:useWebServiceBpelProcessResponseMessage"/>
          </operation>
     </portType>
     
     <plnk:partnerLinkType name="useWebServiceBpelProcess">
          <plnk:role name="useWebServiceBpelProcessProvider">
               <plnk:portType name="client:useWebServiceBpelProcess"/>
          </plnk:role>
          <plnk:role name="useWebServiceBpelProcessRequester">
               <plnk:portType name="client:useWebServiceBpelProcessCallback"/>
          </plnk:role>
     </plnk:partnerLinkType>
</definitions>

Integrating Active directory with oracle EBS 12.1.3 with 11g R2 database

Hi,
can any one let me know Integrating Active directory windows 2009 R2 with oracle EBS 12.1.3 with 11g R2 database software requirements and document ids for integrating.
Is windows 2008 active directory is cerfied with 10g OID??
regards,
chandrasekhar.

Hi
I found exact note
Is OID 10g/11g DIP Compatible / Certified With Microsoft Active Directory 2008 / Windows 2008 R1/R2? [ID 944298.1]
From note:
DIP 10g latest version (10.1.4.3) and DIP 11g up to PS4 / 11.1.1.5 Patchset releases integrations are certified with MS AD 2008 R1 only.
DIP 11g certification with AD 2008 R2 is supported only with DIP 11g PS5 / 11.1.1.6 Patchset or higher.
Note: Although DIP below 11.1.1.6 integration (synchronization, external authentication, etc.) with MS Windows / AD 2008 R2 may work, it is not officially compatible / certified. See also Note 1076018.1.
Regard
Helios

How To Integrate ADF Application with Oracle Fusion Middleware Audit Fmwk ?

Hi All,
I'm having ADF/ADF Face Application (using Jdev 11.1.1.5) and want to integrate it with Oracle Fusion Middleware Audit Framework.
I want to generate audit records by using oracle.security.jps.service.audit API and also want that Audit Policy
for my Application will be visible and manageable through FusionMiddlewareControl (as well as othe admin tools)
on the same way how it is for the OPSS services for example.
Unfortunately i didn't find any detailed docs for the topics above. In the Oracle Fusion Middleware Security Guide,
it is steated only that:
"Stand-alone applications can be integrate d with the Oracle Fusion Middleware Audit Framework through configuration with the jps-config.xml file."
, but nothing in details.
Can somebody help with this, giving some more detailed info or links to the appropriate detailed documentation(if any) ?
Thanks in advance,
Krasimir

deepak - why not link to the real documentation instead of that site that illegally publishes stuff?
Krasimir - I had a look at this a long way back, and didn't explore it much further because I reached a dead end in trying to figure out how it worked. It seems to me that the function is there and may be used internally within Oracle, but that it's not documented well enough for we mere mortals of the public to use it.
Have you tried opening an SR with Support? They won't know, but they will be able to raise it up and perhaps find someone who does know - be sure to reference this thread in your SR if you go that route.
John

Integrate active directory with Planning/ Essbase shared services security

Hi All,
we try to set up MSAD integration for Planning and Essbase 9.3.1.
Everyting works fine but the accounts that pop up are first and last name in the user field instead of the userid used in windows to login. so in windows i login with mroest but now in Hyperion i have to use Marc Roest.
DC=NL, DC=xxxx, DC=Corp
ID Attribute = ObjectGUID
User DN: CN=Adm Hyperion, OU=xxxx, OU=Utr
Can anyone please help how to use the samID as defined in MSAD instead of the full name as is now?
Thanks very much in advance,
Marc

Hi John.
Do you know why OpenLDAP database would not migrate to the unique identity attribute say if I use sAMAccountName for the ID Attribute field on the MSAD User Configuration screen in Shared Service? It will not update the identity in OpenLDAP when I browse it, even after all the services have been restarted, including OpenLDAP and Shared Services...
Any help would be appreciated.
Thanks
.-a furstrated programmer...

How to integrate active directory users(credentials) to Open Directory LDAPv3?

-I don't want to have a separate directory anymore.

Hi RM,
It would require that you setup your Portal in such a way being able to handle Windows Integrated Authentication via Kerberos. This is already very well explained in the following blogs:
/people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
http://wiki.sdn.sap.com/wiki/display/EP/SingleSignOntotheJ2EEEnginefromWindows
After setting up your datasource, in your case the ADS, you will need to run SPNego Wizard in NWA to have it integrated with SSO.
Best regards,
Andre

How to configure Active Directory LADP with WLS 8.1

Hi
somebody help me configure LDAP Active Directory with BEA WebLogic 8.1
I can't understand what i should do.
ThanX

WLS 8.1 sp1 has couple of issues with Active Directory. You need to get fixes from
BEA. sp2 is supposed to have these fixes included.
Anant
"Neil" <Neil-reply-in-newsgroup> wrote:
This seems strange. I would make sure your installation is correct
(particularly the lib/mbeantypes directory). If that is correct, I would
test it with a new domain created with the domain configuration wizard
to
rule out any strange configuration possibilities. If both of those fail,
I'd
file a support case.
- Neil
"Max" <[email protected]> wrote in message
news:[email protected]...
Jay Zimmett <[email protected]> wrote:
Read this:
http://edocs.bea.com/wls/docs81/secmanage/providers.html#1172008
Max KUlinich wrote:
Hi
somebody help me configure LDAP Active Directory with BEA WebLogic8.1
I can't understand what i should do.
ThanX
I try do this but no god results. I get this exeption :
java.lang.reflect.InvocationTargetException
atweblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newIn
stance(LDAPAtnDelegate.java:3129)
at weblogic.security.utils.Pool.getInstance(Pool.java:57)
atweblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDA
PAtnDelegate.java:2646)
atweblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtn
Delegate.java:1814)
atweblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(L
DAPAuthenticatorImpl.java:167)
at sun.reflect.GeneratedMethodAccessor184.invoke(Unknown Source)
atsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
atjavax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.jav
a:1304)
atweblogic.management.commo.CommoModelMBean.invoke(CommoModelMBean.java:464)
atcom.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
atcom.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
atweblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerI
mpl.java:765)
atweblogic.management.console.utils.Security.getUserList(Security.java:1436)
atweblogic.management.console.actions.security.ListUsersAction.updateContents(
ListUsersAction.java:56)
atweblogic.management.console.actions.security.ListLWSecurityAction.getContent
s(ListLWSecurityAction.java:85)
atweblogic.management.console.tags.security.LWTableTag.getRowData(LWTableTag.j
ava:462)
atweblogic.management.console.tags.security.LWTableTag.printTable(LWTableTag.j
ava:141)
atweblogic.management.console.tags.security.LWTableTag.doEndTag(LWTableTag.jav
a:133)
atweblogic.management.console.webapp._security.__usertable._jspService(__usert
able.java:327)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:33)
atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1053)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:387)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:305)
atweblogic.servlet.internal.RequestDispatcherImpl$ForwardAction.run(RequestDis
patcherImpl.java:382)
atweblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
t.java:317)
atweblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
atweblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImp
l.java:286)
at weblogic.servlet.jsp.PageContextImpl.forward(PageContextImpl.java:151)
atweblogic.management.console.actions.ForwardAction.perform(ForwardAction.java
:35)
atweblogic.management.console.actions.internal.ActionServlet.doAction(ActionSe
rvlet.java:173)
atweblogic.management.console.actions.internal.ActionServlet.doGet(ActionServl
et.java:91)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
atweblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1053)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:387)
atweblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:305)
atweblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:6310)
atweblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubjec
t.java:317)
atweblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
atweblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3622)
atweblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2569)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Caused by: netscape.ldap.LDAPException: error result (49); 80090308:LdapErr:
DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece;Invalid credentials
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
atweblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newIn
stance(LDAPAtnDelegate.java:3108)
... 43 more

Coherence integration with oracle weblogic portal for Session management

Could you please let me know how to configure coherence integration with oracle weblogic portal for Session management. Its very urgent. please help.

Please take a look at the following web page -
http://coherence.oracle.com/display/COH35UG/Coherence*Web+Session+Management+Module
-Luk

[OBPM 10gR3]How to configer a hybrid directory with Oracle LDAP Server

Hey, guys,
Does anyone have experience on configering a hybrid directory with Oracle LDAP Server? How to config the mapping conf file for Oracle LDAP in the directory of \OraBPMwlHome\conf?
Here is my conf file. But I got some LDAP mapping errors. It's really weird OBPM doesn't support Oracle's self LDAP, at least it does not provide the conf file.
-----------errors------------
Exception [javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '']. Reason: [LDAP: error code 53 - Function Not Implemented] fuego.directory.DirectoryRuntimeException: Exception [javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '']. at fuego.directory.DirectoryRuntimeException.wrapException(DirectoryRuntimeException.java:85) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.select(JNDIQueryExecutor.java:203) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectAllFromView(JNDIQueryExecutor.java:84) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.selectAllFromView(JNDIQueryExecutor.java:64) at fuego.directory.hybrid.ldap.Repository.selectAllFromView(Repository.java:54) at fuego.directory.hybrid.ldap.LDAPPollingEventGenerator.buildCurrentProxies(LDAPPollingEventGenerator.java:98) at fuego.directory.provider.notifiers.BasePollingEventGenerator.generateEvents(BasePollingEventGenerator.java:41) at fuego.directory.hybrid.HybridMultipleEventGenerator.generateEvents(HybridMultipleEventGenerator.java:43) at fuego.directory.provider.notifiers.DirectoryNotifier.notifyChanges(DirectoryNotifier.java:403) at fuego.server.service.DirectoryListener.updateEngineFromDirectoryImpl(DirectoryListener.java:309) at fuego.server.service.DirectoryListener$DirectoryPollingItem.execute(DirectoryListener.java:351) at fuego.server.execution.DefaultEngineExecution$AtomicExecutionTA.runTransaction(DefaultEngineExecution.java:304) at fuego.transaction.TransactionAction.startBaseTransaction(TransactionAction.java:470) at fuego.transaction.TransactionAction.startTransaction(TransactionAction.java:551) at fuego.transaction.TransactionAction.start(TransactionAction.java:212) at fuego.server.execution.DefaultEngineExecution.executeImmediate(DefaultEngineExecution.java:123) at fuego.server.execution.DefaultEngineExecution.executeAutomaticWork(DefaultEngineExecution.java:62) at fuego.server.execution.EngineExecution.executeAutomaticWork(EngineExecution.java:42) at fuego.ejbengine.ejb.EngineStartupBean.executeItem(EngineStartupBean.java:192) at fuego.ejbengine.ejb.EngineStartupBean.updateFromDirectory(EngineStartupBean.java:172) at fuego.ejbengine.ejb.engine_startup_bpmengine_wodkyx_ELOImpl.updateFromDirectory(engine_startup_bpmengine_wodkyx_ELOImpl.java:365) at fuego.ejbengine.servlet.SchedulerServlet$DirectoryPollingTask.runImpl(SchedulerServlet.java:269) at fuego.ejbengine.servlet.SchedulerServlet$ScheduledTask.run(SchedulerServlet.java:208) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name '' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3078) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1735) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at fuego.jndi.FaultTolerantDirContext.search(FaultTolerantDirContext.java:867) at fuego.directory.hybrid.ldap.JNDIQueryExecutor.select(JNDIQueryExecutor.java:190) ... 23 more
-----------mapping conf file for Oracle LDAP---------
<?xml version="1.0" encoding="UTF-8"?>
<?fuego version="6.1 ALPHA" application="albpmenterprise"?>

<config>
     <object id="person">
          <object-filter>
               <![CDATA[
                    (objectclass=inetOrgPerson)
               ]]>
          </object-filter>
          <relative-dn>
               
          </relative-dn>
          <attribute id="id" value="uid"/>
          <attribute id="lastName" value="sn"/>
          <attribute id="firstName" value="givenname"/>
          <attribute id="accountLock" value="orclIsEnabled">
               <attribute-comparator operation="EQUALS" compareTo="ENABLED"/>
               <filter>
                    <![CDATA[
                         ($accountLock=ENABLED)
                    ]]>
               </filter>
          </attribute>
          <attribute id="facsimileTelephoneNumber" value="facsimileTelephoneNumber"/>
          <attribute id="displayName" value="displayName"/>
          <attribute id="mail" value="mail"/>
          <attribute id="telephoneNumber" value="telephoneNumber"/>
          <attribute id="employeeId" value="employeeNumber"/>
          <attribute id="thumbnailPhoto" value="jpegPhoto"/>
          <attribute id="manager" value="manager"/>
          <attribute id="modifyTimeStamp" value="modifytimestamp"/>
     </object>
     <object id="group">
          <object-filter>
               <![CDATA[
                    (objectclass=orclGroup)
               ]]>
          </object-filter>
          <relative-dn>
               
</relative-dn>
          <attribute id="id" value="dn"/>
          <attribute id="modifyTimeStamp" value="modifytimestamp"/>
          <attribute id="displayName" value="displayName"/>
          <attribute id="name" value="cn"/>
          <attribute id="description" value="description"/>
          <attribute id="assignedParticipants" value="uniquemember"/>
          
          <attribute id="ou" value="uniquemember"/>
     </object>
     <object id="ou">
          <object-filter>
               <![CDATA[
                    (objectclass=domain)
               ]]>
          </object-filter>
          <relative-dn>
               
</relative-dn>
          <attribute id="name" value="orclsubscriberfullname"/>
          <attribute id="description" value="description"/>
     </object>
</config>
Edited by: Lemonice on 2009-3-30 上午2:08
Edited by: Lemonice on 2009-3-30 下午7:01
Edited by: Lemonice on 2009-3-30 下午8:43

Hi,
in my case, I am trying to configure the OBPM directory using ALUI and its native LDAP service.
Now, I found that the first name and the last name in BPM are retrieved from the ALUI display name : provided we enter the display name in the format %first name% + %last name% we get them into BPM. But the display name is not always in this format...
In addition, it's the portal telephone number information which is retrieved into BPM Telephone and Fax numbers.
And, the email adress remains blank
I have installed the latest patch for OBPM (Version: 10.3.1.0.0 Build: #97172)
Would you have any documentation about creating a Profile Web Service in ALUI and specifying which LDAP attributes to map to which ALUI properties in the Profile Source ?
Thanks !
Edited by: vVince on May 6, 2009 3:46 PM

Active Directory Authentication in Weblogic 8.1

Hi,
We want to do authentication from Microsoft Active Directory using weblogic 8.1.
I have created a Active directory and
configured weblogic from console to use it. But it is still not working. Your
help with these question would be highly
appreciated.
1. Is there anyone in group who have tried this before. Please let me know how
to proceed.
2. Is there any tool by which I can get to know the different attribute asked
for configuration in Weblogic?
3. I am not able to login to my application after configuration. Is there any
other way to come to know whether it is working
or not?
There could be plethora of reason but nothing which can come to my mind. Everything
seems to be configured correctly. Here is
portion of my config.xml related with authentication:
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Security GuestDisabled="false" Name="vendavo-dev"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
=myrealmADAuthenticator"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.pk.DefaultKeyStore
Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
DisplayName="ADAuthenticator" FollowReferrals="false"
GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
Name="Security:Name=myrealmADAuthenticator"
Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
</Security>
First, of all is it possible to use Active Directory authentication in Weblogic
without writing any custom code. If yes, how?
Thanks in advance,
Amit Tyagi

Amit,
We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
and downs though.
|
|
1) First, make sure you are sending right LDAP queries to AD. To verify this,
we used free 3rd party LDAP browser from Softerra. There is also java based free
browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
Play with your LDAP settings using this and make sure AD is returning the right
data.
|
2) AD has some default settings that makes it return only the top 1000 users.
Use ntdsutil.exe to modify these default settings
|
3) AD needs to have the right set of users and groups. To configure this, refer
to WLS docs. This is very well documented in WLS docs. Also refer to this article
http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
reference
|
4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
another product AD/AM (AD in Application Mode) in combination with MIIS server.
But if you are using sp2, you shouldn't be worry about this.
|
5) In your providers, you might want to get rid of the DefaultAuthentication provider,
once you are able to establish a connection with your ActiveDirectoryAuthentication
provider. The DefaultAuthentication provider causes some problems and does not
let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
investgated the root of this prob. When we deleted DefaultAuthentication provider,
everything worked normally - so we didn't really care that much :-)
|
6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
your are able to authenticate talk to your AD.
|
These are the ones I could think of. Hope this helps..
Regards,
Anant
"Amit" <[email protected]> wrote:
>
Hi,
We want to do authentication from Microsoft Active Directory using weblogic
8.1.
I have created a Active directory and
configured weblogic from console to use it. But it is still not working.
Your
help with these question would be highly
appreciated.
1. Is there anyone in group who have tried this before. Please let me
know how
to proceed.
2. Is there any tool by which I can get to know the different attribute
asked
for configuration in Weblogic?
3. I am not able to login to my application after configuration. Is there
any
other way to come to know whether it is working
or not?
There could be plethora of reason but nothing which can come to my mind.
Everything
seems to be configured correctly. Here is
portion of my config.xml related with authentication:
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Security GuestDisabled="false" Name="vendavo-dev"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
=myrealmADAuthenticator"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.pk.DefaultKeyStore
Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
DisplayName="ADAuthenticator" FollowReferrals="false"
GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
Name="Security:Name=myrealmADAuthenticator"
Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
</Security>
First, of all is it possible to use Active Directory authentication in
Weblogic
without writing any custom code. If yes, how?
Thanks in advance,
Amit Tyagi

How to integrate Active Directory with Oracle Weblogic

Similar Messages

Maybe you are looking for