Authentication handling in WebLogic 8.1 SP 4

I have a servlet, MyServlet, running in WebLogic 8.1 SP 4 that creates another server in the init() method that listens for incoming connections on a different port than WebLogic's 7001; let's say it listens to port 5000. This server is similar to the O'Reilly's DaemonHttpServlet (http://www.stanford.edu/group/coursework/docsTech/oreilly/com.oreilly.servlet.DaemonHttpServlet.html); I'll refer to this server as HttpServer.
I created a security realm for MyServlet for Basic authentication. So if a client wants to go to MyServlet it has to authenticate itself using Basic authentication. This all works fine! However, at this point HttpServer that listens port 5000 is not part of the mentioned realm according to WebLogic. For MyServlet WebLogic takes care of the whole authentication process, that is, the initial request to MyServlet and the following response containing the Basic challenge are not going through MyServlet but are handled by WebLogic.
As the client (user agent) does not know that HttpServer is part of the same realm (as I would like it to be), it will not send its credentials that it used to logon to MyServlet to authenticate itself to HttpServer, because the URL is different at the port part of the URL.
I would like to mimic that HttpServer IS part of the same realm MyServlet is in, but I don't want to hardcode the response saying it needs to be a certain specific realm. How can I query User, Group, Realm information stored in WebLogic? Are there MBeans I should look at? Can I use JAAS to hook into WebLogic somehow? Can I use JAAS to handle the Base64-encoded username-password to the Basic challenge send in the HTTP request?

b b schrieb:
Hi:
I am confused about something, I am running weblogic 8.1 SP4 on the [sun4u sparc SUNW,Sun-Fire-480R] box and trying to deploy a normal webapp. It took like 2 minutes to finish deployment (nothing else was running on the box). however if I deploy the same webapp onto my laptop, it is really quick (<30secs).
I thought it might be the problem with that particular un box. So I tried to deploy the same webapp onto another sun box - [sun4u sparc SUNW,Sun-Fire-V240]. The results were the same (over 2minutes).
Can anybody shed some lights on why this is happening?
Thank you very much!Have You checked the XML-switches ?
(web.xml/weblogic.xml/keepgenerate/precompile)
How ist the "Staging Mode" (nostage) of Your application ?
Regards Ruedi :-)

Similar Messages

How to remove custom authentication provider in weblogic server 11g

Hi ,
I am trying to remove the custom authentication provider in weblogic server 11g, It disappears when i delete it from list of authentication providers. But upon server restart it appears again.
Documentation for 10g says delete it from service administration but i couldn't find one in 11g. Please help me in removing the custom authentication provider
Thanks
Sandeep

You can try editing the config.xml file and removing it there. (Re: After provider reorder I cannot login admin server console
If you are referring to a jar file - custom authenticators are usually placed in the <middleware-home>wlserver_10.3/server/lib/mbeantypes/ directory.

Authentication for user weblogic denied

I am unable to start node managerd server from command prompt.
I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
I started Administration Server succesfully.
C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
I created ihale Managed server but I couldn't start Managed Server.
C:\Weblogic\Oracle\config\domains\wl_server\bin
startManagedWebLogic.cmd ihale http://192.168.1.29:7431
I'm getting following error.
####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
I am able to login administration console same username and password. Username: weblogic Password:xxxxx
I changed the weblogic user password and I tried again. It was unseccesfull.
I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
I put username and password.
After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
I found something on https://community.oracle.com/message/10653470
Ganesh says:
Did you restart AdminServer after deleting the LDAP Authentication provider?
I think your managed server is still trying to authenticate user through ldap authentication provider.
Torrado answers:
I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
I deleted it and server started.
Thanks.
How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
Could you please help to solve this problem?
Best Regards.

Hi,
You can rename the ldap folder in following directory structure.
%Domain_Name% / servers / <servername> / data/
You will find ldap folder try to rename that folder and then please restart the server again.
If you are try to start through nodemanager then rename the nodemanager under following directory.
%Domain_Name% / servers / <servername> / data/.
Try to rename these two folder and restart the nodemanager and start the server again.
It will work for you.
Regards,
Kal

Wls91 Authentication for user weblogic denied when starting

Hi,
I just installed wls91 and created a new domain using configuration wizard. I typed in username "admin" and password when it asked. Then I run startweblogic.cmd from \mydomain. But after it started it's keeping showing the Critical log on console. I didn't do any configuration yet. Of course there is no user "weblogic".
where the error coming from? Thanks
<Jan 27, 2006 4:42:20 PM PST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Jan 27, 2006 4:42:20 PM PST> <Notice> <Security> <BEA-090078> <User weblogic in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.>
<Jan 27, 2006 4:42:20 PM PST> <Critical> <Security> <BEA-090403> <Authentication for user weblogic denied>

Hi,
My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
If not please correct me.
I have a few query, please give me comment on this.
1) Admin and managed instances are running on the same box or different
2) Did you try to reset the password from console or using weblogic.security command
3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
Solution-1 (If Domain running on different box)
=============================
1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
2) Remote machine- rename or take a backup of ldap directory and boot.properties file
/servers/soa_server1/ldap
/servers/soa_server1/security/boot.properties.
3) Now try to brought up the soa_server1.It will prompt you the username and password.
Please let me know.
Thanks,
Rajkumar

Authentication for user weblogic denied seen in Weblogic 8.1 bea logs

I am observing the below error in bea logs of one of my managed servers. The managed server is in running state but the most of the Bridges are inactive with description "WARN: failed to connect to the source". Below is the error seen.
####<Mar 29, 2013 2:17:47 PM GMT> <Notice> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for queu
e: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090078> <User weblogic in security realm myrealm has had 5 invalid login
attempts, locking account for 30 minutes.>
####<Mar 29, 2013 2:18:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:19:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:20:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '35' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:21:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:22:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '37' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:23:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '35' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:24:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '35' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:25:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '37' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:26:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '37' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:27:18 PM GMT> <Error> <WebLogicServer> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <weblogic.health.CoreHea
lthMonitor> <<WLS Kernel>> <> <BEA-000337> <ExecuteThread: '32' for queue: 'MessagingBridge' has been busy for "1,614" second
s working on the request "weblogic.jms.bridge.internal.MessagingBridge: gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2b
iA.bridge.MB.BPS_TO_SH_4_CBGW_ADAPTOR,ServerRuntime=managed1_gsb2biA,Type=MessagingBridgeRuntime
Set fields: [Name]
Name -> <null>
Parent -> gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2biA,Type=ServerRuntime
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
####<Mar 29, 2013 2:27:18 PM GMT> <Error> <WebLogicServer> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <weblogic.health.CoreHea
lthMonitor> <<WLS Kernel>> <> <BEA-000337> <ExecuteThread: '33' for queue: 'MessagingBridge' has been busy for "1,614" second
s working on the request "weblogic.jms.bridge.internal.MessagingBridge: gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2b
iA.bridge.com.bt.jms.bridge.GSB2B.GSB2B_To_RoBTESB.MDO.FTP.response,ServerRuntime=managed1_gsb2biA,Type=MessagingBridgeRuntim
e
Set fields: [Name]
Name -> <null>
Parent -> gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2biA,Type=ServerRuntime
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
####<Mar 29, 2013 2:27:18 PM GMT> <Error> <WebLogicServer> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <weblogic.health.CoreHea
lthMonitor> <<WLS Kernel>> <> <BEA-000337> <ExecuteThread: '34' for queue: 'MessagingBridge' has been busy for "1,618" second
s working on the request "weblogic.jms.bridge.internal.MessagingBridge: gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2b
iA.bridge.MB_BTGS_B2B_TO_RoBTESB_MPF_PI,ServerRuntime=managed1_gsb2biA,Type=MessagingBridgeRuntime
Set fields: [Name]
Name -> <null>
Parent -> gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2biA,Type=ServerRuntime
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>

Have a look at this... Look for "credential" to see how to fix the username/password of your message bridge...
http://docs.oracle.com/cd/E13222_01/wls/docs81/ConsoleHelp/messaging_bridge.html#1122172
Cheers,
Vlad

Authentication for user weblogic denied problem when starting managed serve

Hi All,
I have a strange situation here. I installed WLS and SOA and BAM servers. Initially I could start both WLS and SOA.
Later I changed some files (possibly startManagedWebLogic.sh or deleted soa_server1/data/ldap/ or AdminServer/security/boot.properties), but later I remember I changed them back. I am now seeing that my WLS is starting up fine, but SOA is not. I am always getting the error:
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
I tried to go to admin console to change/verify the password for weblogic user, and then put plaintext password in AdminServer/security/boot.properties, then restart Adminserver. But I still cannot start SOA server.
Could you please let me know how to resolve this issue? I do want to save my environment at this point. Many thanks.

Hi,
My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
If not please correct me.
I have a few query, please give me comment on this.
1) Admin and managed instances are running on the same box or different
2) Did you try to reset the password from console or using weblogic.security command
3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
Solution-1 (If Domain running on different box)
=============================
1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
2) Remote machine- rename or take a backup of ldap directory and boot.properties file
/servers/soa_server1/ldap
/servers/soa_server1/security/boot.properties.
3) Now try to brought up the soa_server1.It will prompt you the username and password.
Please let me know.
Thanks,
Rajkumar

Is there inbuild Handler in weblogic using which i can get the MessageContext object

HI,
I need MessageContext object in my application but i dont want to use the Handler,As
there is AxisEngine in axis soap engine,is there any similar implementation in
weblogic.
AxisEngine.getCurrentMessageContext() we can get the MessageContext what about
in weblogic..any body any idea???
Regards,
Akhil Nagpal

HI,
yeah i had to make use of Handler to get the MessageContext object and play with
that.
Thanks & Regards
Akhil Nagpal
"manoj cheenath" <[email protected]> wrote:
You can get to MessageContext from a handler. Check out an example of
handler
to see how you can get Message out of MessageContext.
-manoj
"Akhil Nagpal" <[email protected]> wrote in message
news:[email protected]..
HI manoj,
Thanks for your reply.otherwise i thought that i wont get any morehelp
on this
forum :-) ...
anyway its good that we will have such thing in next version,duringthe
development
i feel that more functioanlity should be in build in appserver. Likeone
more
thing i could not find out is how we can get the "message" object inweblogic
like we can in axis using its MessageContext class's static method.if it
is there
can you please let me knwo about that.
The other problem i had to make use of handler and my appl is workingas of
now :-)
Regards
Akhil Nagpal
"manoj cheenath" <[email protected]> wrote:
You can not do this in WLS 7.0. The next major release (WLS 8.1) will
fix
this problem.
-manoj
"Akhil Nagpal" <[email protected]> wrote in message
news:[email protected]..
HI,
I need MessageContext object in my application but i dont want
to
use
the Handler,As
there is AxisEngine in axis soap engine,is there any similarimplementation in
weblogic.
AxisEngine.getCurrentMessageContext() we can get the MessageContextwhat
about
in weblogic..any body any idea???
Regards,
Akhil Nagpal

Soap handler configuration weblogic v9.2

All the doc. on soap handlers for weblogic version 9x i could find describes using annotations. This works fine when you have the source but not in the case where i only have a "black box" web service in a WAR file.
I want to configure a soap handler in xml config. files but i can only find this kind of configuration doc. for version 8.x. Can anyone point me to doc on how th do this in version 9.x?
Ideally i think it should be possible to configure a handler in webservices.xml. Soap handlers should be configurable for any deployed web service i think? I also tried to use the admin. console but as far as i can see this only gives administration control over already configured handlers - not the functionality to add handlers.
Regards,
Ole Bech Mogensen, 7N

Manish,
Thanks for the reply. Yes I did. I keep getting the following error:
XML Parsing Error: no element found
Location: http://192.168.198.129:7001/Sample_App/Sample_Config.xml
Line Number 1, Column 1:
I even copied one of the actual WebLogic OOTB (out of the box) config files (i.e. WebLogic Platform9.2.3.0_chmods.xml) and I still get the same error from WebLogic when directly trying to invoke the Sample_Config.xml file. The actual contents of the Sample_Config.xml are as follows:
<?xml version="1.0" encoding="UTF-8" ?>
<Boot_test>
<URLContextPath>Sample_App</URLContextPath>
<ConfigFilePath>C:\Temp\Another_Config_File.xml</ConfigFilePath>
<ConfigPassword>admin</ConfigPassword>
</Boot_test>
So, I am still unresolved in getting the three(3) parms loaded via a config file in BEA WebLogic v9.2. Any other suggestions/thoughts on getting this loaded via a config file?
Thanks.
/workingtohard

BPM Integration with SQL Authenticator Provider in WebLogic

Hi Gurus,
Related to the explanation from this blog : http://orasoa.blogspot.com/2010/06/sqlauthenticator-and-human-worklist.html
I have followed this review, I can see all user and groups from sql authenticator provider.
And also I can assign bpm application roles to users from sql authenticator provider.
But when I try to assign bpm application roles to groups from sql authenticator provider, the bpm application is not show from bpm workspace.
Is there any clue to solve this problem?
Cheers,
Agus W

Hi All,
Found the reason for the exception. I was implementing the generated the CustomAuthenticatorImpl class (generated through WebLogic MBeanMaker utility) as the provider class by implementing the AuthenticationProvider interface. Keeping them separate solved the issue.
Able to create the jar without any issues and also no error or exception after restart.
Thanks.

Authentication rerror on weblogic

hi,
I had created a user in weblogic with provider as OpenLdapAuthenticator and made it default.
Now i am not able to start the weblogic server..

Can you get the sample security provider to work? Did you reinstall to the same
weblogic version? Try rebuilding your provider in the new environment and see
if that helps.
You also might want to crosspost this question to weblogic.developer.interest.management
or
weblogic.developer.interest.management.console newgroups, since this looks like
a configuration issue.
Pavel.
"Balaji Chandrasekaran" <[email protected]> wrote:
>
Hi Pavel,
Thanks for your response.
The /0/ is a typo, I have the jar file under this directory C:\bea7.0\weblogic700\server\lib\mbeantypes.
It used to work before, after i re-installing the server it is not working.
Thanks
"Pavel" <[email protected]> wrote:
The provider jar file must be in the WL_HOME\lib\mbeantypes folder.
Have you changed you folder structure when you reinstalled the server.
Is the
\0\ in your path a typo?
Pavel.
Balaji <[email protected]> wrote:
Hi,
I have written custom authenticator provider for my application in
weblogic
7.0 , I was able to deploy successfully and able to test my applications
using custom authenticator provider.
Recently I re-installed my weblogic instance,after that the new instance
is not recognizing the cutom authenticator provider deployed in <BEA_HOME>weblogic700\0\server\lib\mbeantypes
directory.
After I deployed, I restarted my weblogic server, usually the server
will pick-up customer security provider automatically when you re-start
the server, then I can go to admin console and create new custom security
provider instance under myrealm.
But for some reason it is not picking now,
Same version worked fine in unix environment and different weblogicinstances
in windows environment.
Can someone help me to fix this problem?
Thanks

LDAP authenticator setting in Weblogic 10

Hi there,
I am a newbie to weblogic. I am migrating an application from OAS to Weblogic 10. The application is using LDAP for login. I am havng a trouble to set up those users in weblogic console.
Here is what I did:
in web.xml:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>UserRole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>RegularUser</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<role-name>UserRole</role-name>
</security-role>
In Weblogic.xml
<?xml version="1.0" encoding="windows-1252"?>
<weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
<security-role-assignment>
<role-name>UserRole</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>
In Weblogic console, I created a new realm called RegularUser and setup LDAP authenticator. User Base DN is ou=axxx,dc=bxxx,dc=cxx. I can see those users already in the user list.
Did I miss any step?
Thanks

Thanks, Faisal.
Here is my config.xml. Do I need to select Custom Roles at the time of deployment? I manually deployed the application in console.
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>myTestDomain</name>
<domain-version>10.3.3.0</domain-version>
<security-configuration>
<name>myTestDomain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
<sec:name>RegularUsers</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:host>holdap1.abc.org</wls:host>
<wls:user-object-class>user</wls:user-object-class>
<wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
<wls:principal>ldapviewsd</wls:principal>
<wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
<wls:credential-encrypted>{AES}5dVfr76v1nSUvb8iMBO5e1WxZG5BA/M3MWZvNxDVMO4=</wls:credential-encrypted>
<wls:user-from-name-filter>(&(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:group-base-dn>ou=a,dc=b,dc=c</wls:group-base-dn>
<wls:group-from-name-filter>(&(cn=%g)(objectclass=group))</wls:group-from-name-filter>
<wls:static-group-object-class>group</wls:static-group-object-class>
<wls:static-member-dn-attribute>member</wls:static-member-dn-attribute>
<wls:static-group-dns-from-member-dn-filter>(&(member=%M)(objectclass=group))</wls:static-group-dns-from-member-dn-filter>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<realm>
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>RewardsUser</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:host>holdap1.abc.org</wls:host>
<wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
<wls:principal>ldapviewsd</wls:principal>
<wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
<wls:credential-encrypted>{AES}6mfAIvAqFASMkZ4yHygBe3AODqNyzYyLLePzCI2HTE0=</wls:credential-encrypted>
<wls:user-from-name-filter>(&(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:group-base-dn>ou=a,dc=bdc=c</wls:group-base-dn>
<wls:max-sid-to-group-lookups-in-cache>1500</wls:max-sid-to-group-lookups-in-cache>
</sec:authentication-provider>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:deploy-credential-mapping-ignored>false</sec:deploy-credential-mapping-ignored>
<sec:security-dd-model>CustomRoles</sec:security-dd-model>
<sec:combined-role-mapping-enabled>true</sec:combined-role-mapping-enabled>
<sec:name>RewardsUser</sec:name>
<sec:delegate-m-bean-authorization>false</sec:delegate-m-bean-authorization>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}AOnncmyo+t9U78VAJHcbv8uiDUVggDlU55WY5xh6NukBIg3m2MK0In76UwCRuKdlVzHp9uWx/4uYZpkVQmq9Hqk3fTRZRx4dIuyU07siwupmYdq1UHttcgTIwqqKoaWn</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}Yx0pabvYpXxQr7K7YRVB5B0f3Kyy8Lpn0cu1WQCXve8=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<server-debug>
<debug-scope>
<name>weblogic.security.atn</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic.security.atz</name>
<enabled>true</enabled>
</debug-scope>
<debug-security-atn>true</debug-security-atn>
<debug-security-atz>true</debug-security-atz>
<debug-security-saml-atn>true</debug-security-saml-atn>
<debug-security-saml2-atn>true</debug-security-saml2-atn>
</server-debug>
<listen-address></listen-address>
</server>
<embedded-ldap>
<name>myTestDomain</name>
<credential-encrypted>{AES}Iidvc9S3UqScbvwktaeOZMYr4V9BQ4aU/T5z+npeFwiYEzUZi6iLF59pfpCNI0DQ</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.3.0</configuration-version>
<app-deployment>
<name>rewards</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>servers\AdminServer\upload\rewards.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
</domain>

Sharing Authentication between different weblogic istances

Hi,
I'm using WebLogic 10.3.5.
Is there a way to share only the authentication (getRemoreUser() info) between 2 distinct ear, each deployed on different weblogic istances (same WL domain) and with only one of them under my control?
I done it successfully when the 2 ears were deployed in the same weblogic istance.
What about If I were using OHS (virtual hosts) as an "access point" to the 2 ears?
P.S. I can't use SSO,
Thank you very much.
Best regards,
S.

Turns out it does matter what domain you are accessing each app with--I was using our Apex development domain to test, and it was bombing out. When I used the same domain as the Designer forms and cookie domain, it worked like a charm.

NT domain authentication impelmented in weblogic server

hello Sir,
I would like to find out if there is any package with weblogic server that will allow me to authenticate the users of weblogic using an NT domain authentication.
Any user of weblogic should be an authenticated user of an NT domain and i am in need of a package that will do this for me. I heard that BEA has some package that implements this functionality.
Your help is very much appreciated.
Thank You
Raji Arumugam

Hi Raji,
I think that what you want is "NTRealm" for WebLogic.
Look at http://e-docs.bea.com/wls/docs61/////ConsoleHelp/ntrealm.html which should help you.
Cheers,
Joe Jerry
Raji Arumugam wrote:
hello Sir,
I would like to find out if there is any package with weblogic server that will allow me to authenticate the users of weblogic using an NT domain authentication.
Any user of weblogic should be an authenticated user of an NT domain and i am in need of a package that will do this for me. I heard that BEA has some package that implements this functionality.
Your help is very much appreciated.
Thank You
Raji Arumugam

Authentication denied on Weblogic admin console

I was playing with security policy for web applications and now I can't login from
console any more. It gives following error : Authentication Denied
The username or password has been refused by WebLogic Server. Please try again.
I can start the server from command line. How can I find out what is the problem
and how can I fix it ?
Thanks,
MK

Hi AB.
You can write your own pages and add them to WebLogic admin console by writing a console extension, here is a link to bea doc http://e-docs.bea.com/wls/docs100/console_ext/understandext.html
Regards,
Felix

Authentication error in weblogic portal 10.2 (Response: '401: Unauthorized'

I have written following code in my page flow controller in order to access file from a shared location:
Authenticator.setDefault(new MyAuthenticator(username, password));
URLConnection conn = new URL(urlString).openConnection();
InputStream instr = conn.getInputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(instr));
String str;
while ((str = in.readLine()) != null) {
     System.out.println(str);
It always gives me folloing error:
java.io.FileNotFoundException: Response: '401: Unauthorized' for url: 'http://coldev01.col.us.bic/testspec/library/Approved/Packaging%20Components/5647495.pdf'
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:476)
     at weblogic.net.http.SOAPHttpURLConnection.getInputStream(SOAPHttpURLConnection.java:36)
If I directly past this url in browser then this pdf opens properly but when i try to do through code then it does not work. Any quick help would be highly appreciated.
MyAuthenticator class
private static class MyAuthenticator extends Authenticator {
     private String username, password;
     public MyAuthenticator(String user, String pass) {
     username = user;
     password = pass;
     protected PasswordAuthentication getPasswordAuthentication() {
     System.out.println("Requesting Host : " + getRequestingHost());
     System.out.println("Requesting Port : " + getRequestingPort());
     System.out.println("Requesting Prompt : " + getRequestingPrompt());
     System.out.println("Requesting Protocol: "
     + getRequestingProtocol());
     System.out.println("Requesting Scheme : " + getRequestingScheme());
     System.out.println("Requesting Site : " + getRequestingSite());
     return new PasswordAuthentication(username, password.toCharArray());
Thanks,
Alka

Use something like HTTPClient (instead of URLConnection) which will let you specify Username/password for basic auth
e.g. http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/examples/BasicAuthenticationExample.java?view=markup
Edited by: deepshet on May 4, 2010 9:46 AM

Authentication handling in WebLogic 8.1 SP 4

Similar Messages

Maybe you are looking for