Authentication  in Weblogic 7

          Hi all,
          any help? I'm using:
          java.util.Properties props = new java.util.Properties();
          props.put(Context.SECURITY_PRINCIPAL, adminUser);
          props.put(Context.SECURITY_CREDENTIALS, adminPassword);
          props.put(Context.PROVIDER_URL, url);
          Context ctx = new InitialContext(props);
          UserPasswordCallbackHandler up = new UserPasswordCallbackHandler(username, password);
          Subject subject = new Subject();
          HashMap options = new HashMap();
          options.put("debug", "true");
          options.put("URL", url);
          weblogic.security.auth.login.UsernamePasswordLoginModule userpassword= new weblogic.security.auth.login.UsernamePasswordLoginModule();
          userpassword.initialize(subject, up, null, options);
          userpassword.login();
          with a very simple UserPasswordCallbackHandler made by me but no luck. I get a
          java.lang.reflect.InvocationTargetException: java.lang.IllegalAccessError: java.
          security.acl.NotOwnerException
          in the authenticate method even when i try to authenticate the system user. I've
          also tried:
          weblogic.security.acl.Realm.authenticate(new weblogic.security.acl.DefaultUserInfoImpl
          (username, password));
          but this gives me the same. Any help?
          Thx in advance.
          COFM
          ====
          

does anybody know where a production ready copy of rdbmls realm is on the
net? I did a search and didnt find much?
thanks
Joel
"PaulF" <[email protected]> wrote in message
news:[email protected]..
Virender Sandhu <[email protected]> wrote in
news:3cdab13c$[email protected]:
Hi
I am trying to understand the Security Frame-work in WLS 7.0.
I found out that WLS 7.0 uses embedded LDAP server to store users
information. It also supports external LDAP. But for our application,
I want to keep users info in a database. Is there any suggestion to
solve this problem. Do I need to create my own Authentication
Provider? or is there any other way to do this?
I will appreciate any help
Thanks
Virender Sandhu
I think that you have two choices: 1) you can configure a Compatibility
Realm, take the RDBMS example, tweak it so that it is production ready (or
grab a production ready copy from someplace out on the net...I think
they're out there), or 2) create your own provider that talks directly to
your database.
Paul F.

Similar Messages

  • LDAP security authentication in weblogic sp4 (URGENT)

    We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
    1. Created a Realm
    2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
    3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
    a. filter attributes = cn=$subj.cn
    b. username attribute = cn
    c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
    d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
    4. created a new Weblogic Default Authorizer...
    5. created a new Weblogic Default Role Mapper...
    6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
    7. I made this realm as the DEFAULT realm and started the server
    I get the following exception.
    Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
    The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
    Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
    The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
    Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
    Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
    Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
    Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
    Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
    Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
    [java.lang.reflect.InvocationTargetException - with target exception:
    [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
    [java.lang.reflect.InvocationTargetException - with target exception:
    [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
    at weblogic.Server.main(Server.java:32)
    >
    ####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
    [java.lang.reflect.InvocationTargetException - with target exception:
    [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
    ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
    I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
    Waiting for response.
    thanks in advance
    kiran

    Hi Christoper,
    Based on your description, this seems to be more of a security related question than a workshop one.
    Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
    with information on service pack installed
    Thanks
    Raj

  • Active Directory Authentication in Weblogic 8.1

    Hi,
    We want to do authentication from Microsoft Active Directory using weblogic 8.1.
    I have created a Active directory and
    configured weblogic from console to use it. But it is still not working. Your
    help with these question would be highly
    appreciated.
    1. Is there anyone in group who have tried this before. Please let me know how
    to proceed.
    2. Is there any tool by which I can get to know the different attribute asked
    for configuration in Weblogic?
    3. I am not able to login to my application after configuration. Is there any
    other way to come to know whether it is working
    or not?
    There could be plethora of reason but nothing which can come to my mind. Everything
    seems to be configured correctly. Here is
    portion of my config.xml related with authentication:
    <FileRealm Name="wl_default_file_realm"/>
    <PasswordPolicy Name="wl_default_password_policy"/>
    <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
    <Security GuestDisabled="false" Name="vendavo-dev"
    PasswordPolicy="wl_default_password_policy"
    Realm="wl_default_realm" RealmSetup="true">
    <weblogic.security.providers.authentication.DefaultAuthenticator
    ControlFlag="SUFFICIENT"
    Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authentication.DefaultIdentityAsserter
    ActiveTypes="AuthenticatedUser"
    Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authorization.DefaultRoleMapper
    Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authorization.DefaultAuthorizer
    Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authorization.DefaultAdjudicator
    Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.credentials.DefaultCredentialMapper
    Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
    <weblogic.management.security.authentication.UserLockoutManager
    Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
    <weblogic.management.security.Realm
    Adjudicator="Security:Name=myrealmDefaultAdjudicator"
    AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
    =myrealmADAuthenticator"
    Authorizers="Security:Name=myrealmDefaultAuthorizer"
    CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
    DefaultRealm="true" DisplayName="myrealm"
    Name="Security:Name=myrealm"
    RoleMappers="Security:Name=myrealmDefaultRoleMapper"
    UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
    <weblogic.security.providers.pk.DefaultKeyStore
    Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
    ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
    DisplayName="ADAuthenticator" FollowReferrals="false"
    GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
    Name="Security:Name=myrealmADAuthenticator"
    Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
    </Security>
    First, of all is it possible to use Active Directory authentication in Weblogic
    without writing any custom code. If yes, how?
    Thanks in advance,
    Amit Tyagi

    Amit,
    We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
    and downs though.
    |
    |
    1) First, make sure you are sending right LDAP queries to AD. To verify this,
    we used free 3rd party LDAP browser from Softerra. There is also java based free
    browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
    Play with your LDAP settings using this and make sure AD is returning the right
    data.
    |
    2) AD has some default settings that makes it return only the top 1000 users.
    Use ntdsutil.exe to modify these default settings
    |
    3) AD needs to have the right set of users and groups. To configure this, refer
    to WLS docs. This is very well documented in WLS docs. Also refer to this article
    http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
    reference
    |
    4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
    one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
    another product AD/AM (AD in Application Mode) in combination with MIIS server.
    But if you are using sp2, you shouldn't be worry about this.
    |
    5) In your providers, you might want to get rid of the DefaultAuthentication provider,
    once you are able to establish a connection with your ActiveDirectoryAuthentication
    provider. The DefaultAuthentication provider causes some problems and does not
    let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
    investgated the root of this prob. When we deleted DefaultAuthentication provider,
    everything worked normally - so we didn't really care that much :-)
    |
    6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
    your are able to authenticate talk to your AD.
    |
    These are the ones I could think of. Hope this helps..
    Regards,
    Anant
    "Amit" <[email protected]> wrote:
    >
    Hi,
    We want to do authentication from Microsoft Active Directory using weblogic
    8.1.
    I have created a Active directory and
    configured weblogic from console to use it. But it is still not working.
    Your
    help with these question would be highly
    appreciated.
    1. Is there anyone in group who have tried this before. Please let me
    know how
    to proceed.
    2. Is there any tool by which I can get to know the different attribute
    asked
    for configuration in Weblogic?
    3. I am not able to login to my application after configuration. Is there
    any
    other way to come to know whether it is working
    or not?
    There could be plethora of reason but nothing which can come to my mind.
    Everything
    seems to be configured correctly. Here is
    portion of my config.xml related with authentication:
    <FileRealm Name="wl_default_file_realm"/>
    <PasswordPolicy Name="wl_default_password_policy"/>
    <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
    <Security GuestDisabled="false" Name="vendavo-dev"
    PasswordPolicy="wl_default_password_policy"
    Realm="wl_default_realm" RealmSetup="true">
    <weblogic.security.providers.authentication.DefaultAuthenticator
    ControlFlag="SUFFICIENT"
    Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authentication.DefaultIdentityAsserter
    ActiveTypes="AuthenticatedUser"
    Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authorization.DefaultRoleMapper
    Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authorization.DefaultAuthorizer
    Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authorization.DefaultAdjudicator
    Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.credentials.DefaultCredentialMapper
    Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
    <weblogic.management.security.authentication.UserLockoutManager
    Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
    <weblogic.management.security.Realm
    Adjudicator="Security:Name=myrealmDefaultAdjudicator"
    AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
    =myrealmADAuthenticator"
    Authorizers="Security:Name=myrealmDefaultAuthorizer"
    CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
    DefaultRealm="true" DisplayName="myrealm"
    Name="Security:Name=myrealm"
    RoleMappers="Security:Name=myrealmDefaultRoleMapper"
    UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
    <weblogic.security.providers.pk.DefaultKeyStore
    Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
    <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
    ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
    DisplayName="ADAuthenticator" FollowReferrals="false"
    GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
    Name="Security:Name=myrealmADAuthenticator"
    Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
    </Security>
    First, of all is it possible to use Active Directory authentication in
    Weblogic
    without writing any custom code. If yes, how?
    Thanks in advance,
    Amit Tyagi

  • How to disable authentication for weblogic server

    Hi expert,
    I have a web application deployed on weblogic server 12c. And I have a client which connects to the web application.  The client will authenticate with server with digest authentication (challenge\response). We use the default authentication in weblogic server and the authentication is done by weblogic server. And it works fine.
    However, I want to run a performance testing to replay all client requests including the requests for authentication. Since it's challenge/response authentication mechanism, the original requests can not pass authentication and weblogic server replies 401. I want to know is there any way to disable weblogic authentication so that the authentication passes when I replay my original request?
    Thanks very much!
    Regards,
    Yan

    You can disable the security of the application in the web.xml. Here there is a security-constraint configured that tells WebLogic what to do, for example,
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>All</web-resource-name>
    <url-pattern>/faces/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>MANAGER</role-name>
    <role-name>EMPLOYEE</role-name>
    </auth-constraint>
    <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    If you put the security-constraint in comments, you can access the application, without authentication (note that the application itself probably uses the authentication in order to set certain things, so I do not if this is going to work).

  • RDBMS Authentication in Weblogic Portal console 8.1 (SP5)

    HI,
    I have configured RDBMSBased authentication for oracle in Weblogic portal console 8.1.For Authenticating thru code,do i need to write any custom authentication for RDBMS or Is there any default authenticator?
    Regards,
    Senthil

    Hi subha,
    Thanks for ur reply.
    U meant to say that i need to create RDBMSBeased Authentication provider for oracle in the existing myRealm. This RDBMS authenticator is one of the authenticator in the Authenticator list.Am i correct?
    I have certain issues regarding this type of config:
    1)If i create a user thru program,where does it go? either embaddedLDAP or oracle database
    2)Since point base not used in production,we have to use oracle for Authentication as well as Autherization server.
    In the default configuration, user preferences are stored in point base database but it should go to oracle.
    Is it possible to redirect to oracle?
    What i had done that I have created new Realm where i configured RDBMSBased authenticator. Using this config, can i do Authentication as well as Authorization?
    Pls suggest.
    Regards,
    Senthil

  • SSL Authentication in weblogic 5.1

    Hi
    I am using SSL in my weblogic application. So that it asks for the username and
    password while startup. But now i want to mention the username and password in
    weblogic.properties file itself. So that the client need not have to provide the
    username and password. I am using weblogic server 5.1 version.
    How do i do this?
    Hope my question is clear. Please help.
    with regds
    siva

    Hi Michael
    I am using SSL in my application. So that it asks for the certificate username
    and password while startup. But now i want to mention the username and password
    in weblogic.properties file itself. So that the client need not have to provide
    the username and password everytime. I am using weblogic server 5.1 version.
    How do i do this?
    Hope my question is clear. Please help.
    with regds
    siva
    Michael Young <[email protected]> wrote:
    Hi.
    It's not 100% clear to me what you are asking for. Do you want authentication
    turned off for
    your application? That will certainly turn off prompting for authentication
    information. You
    can set your ACL for your application (in your properties file) to allow
    everyone to execute
    it. Something like:
    weblogic.allow.execute.<myApplication>=everyone
    But maybe you want some kind of silent authentication so that not everyone
    can execute your
    app? I suppose you could pass authentication info in a cookie. I really
    don't know enough
    about your application, though.
    I suggest you post this question in weblogic.developer.interest.security
    - you have a better
    chance of getting an answer there for security related questions.
    Hope this helps.
    Michael
    siva wrote:
    Hi all,
    I have the following requirements. I have an application which asksfor the authentication
    information like username and password at first. The application isrunning in
    weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
    the username and password so that the application will not ask forin the browser.
    please help. It's urgent.
    with regds
    siva--
    Developer Relations Engineer
    BEA Support

  • Authentication in weblogic 5.1

    Hi all,
    I have the following requirements. I have an application which asks for the authentication
    information like username and password at first. The application is running in
    weblogic5.1 server. Is there a way where in weblogic.properties file, i mention
    the username and password so that the application will not ask for in the browser.
    please help. It's urgent.
    with regds
    siva

    Hi Michael
    I am using SSL in my application. So that it asks for the certificate username
    and password while startup. But now i want to mention the username and password
    in weblogic.properties file itself. So that the client need not have to provide
    the username and password everytime. I am using weblogic server 5.1 version.
    How do i do this?
    Hope my question is clear. Please help.
    with regds
    siva
    Michael Young <[email protected]> wrote:
    Hi.
    It's not 100% clear to me what you are asking for. Do you want authentication
    turned off for
    your application? That will certainly turn off prompting for authentication
    information. You
    can set your ACL for your application (in your properties file) to allow
    everyone to execute
    it. Something like:
    weblogic.allow.execute.<myApplication>=everyone
    But maybe you want some kind of silent authentication so that not everyone
    can execute your
    app? I suppose you could pass authentication info in a cookie. I really
    don't know enough
    about your application, though.
    I suggest you post this question in weblogic.developer.interest.security
    - you have a better
    chance of getting an answer there for security related questions.
    Hope this helps.
    Michael
    siva wrote:
    Hi all,
    I have the following requirements. I have an application which asksfor the authentication
    information like username and password at first. The application isrunning in
    weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
    the username and password so that the application will not ask forin the browser.
    please help. It's urgent.
    with regds
    siva--
    Developer Relations Engineer
    BEA Support

  • Authentication via weblogic security realm

              My servlet needs to access a session bean. The action in the session bean requires
              that a user has been authorized, i.e. at some point the session been calls
              String name = d_ctx.getCallerPrincipal().getName()
              This name may not be null at this time.
              What I would like to have is that the user executing the URL gets authenticated
              by my server realm 'myrealm' and that the associated prinicpal gets passed to
              the session bean. Is this possible. If so, how can the user pass along the username
              and password as this query is executed programmatically?
              markus
              

    http://www.weblogic.com/docs51/classdocs/API_acl.html
    Michael Girdley
    BEA Systems Inc
    "gennot" <[email protected]> wrote in message
    news:[email protected]..
    Could you send me the complete URL of these example, please?
    Thanks
    Enrico
    Michael Girdley <[email protected]> wrote in message
    39b87078$[email protected]..
    The passing of the client's certificate should be automatic to WebLogic.We
    have an example of getting the client side certificate from inside of
    WebLogic in our documentation.
    This does not require for SSL to be used from the Web server to
    WebLogic.
    >>
    Thanks,
    Michael
    Michael Girdley
    BEA Systems Inc
    "Bob Simonoff" <[email protected]> wrote in message
    news:[email protected]..
    I have read through the docs and haven't found anything that would
    address
    the following confusion:
    Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
    the back end application server (obviously). I have the need to use 2way
    SSL authentication. As I understand it the following applies:
    Client (browser) has a certificate as does the web server. Theyauthenticate
    each other.
    Now, the web server and weblogic need to communicate. WebLogic, in our
    environment does authentication via the security realm.
    What do I have to do to get the the web server (Apache or IPlanet) to
    communicate the client's certificate to WebLogic so the WebLogic canperform
    the authentication?
    Does the communication between the web server and WebLogic also need
    to
    be
    SSL?
    Thanks
    Bob Simonoff

  • Providing datasource for authentication in weblogic

    Hi, I am facing a problem of authentication of user from weblogic when weblogic have mulitple datasources
    My weblogic server have two data sources one is pmr and second is hr I have created two authentication providers one is using hr as data source and second is using pmr as datasource.
    Now i have two applications one is pmrApp and second is hrApp.
    Now I want to apply security on both application in such a way that hrApp user should be authenticated from hr datasource and pmrApp user from pmr datasource
    because there will be a chance that both datasources contains two users with same user names. In this conditions weblogic should know that which user should be authenticated from which database
    Please help me
    Edited by: Rao on May 8, 2012 12:25 PM

    apply security on both application in such a way that hrApp user should be authenticated from hr datasource and pmrApp user from pmr datasourceIt is not possible in WebLogic. The whole WLS security realm is common for all the deployed applications, so you cannot configure some application to use only some of the authentication providers. Even if you configure 2 different security realms, only one of them will be active. The only option you have is to create 2 separate WebLogic domains :(
    Dimitar

  • Authentication in weblogic portal server 8.1 sp2 using external LDAP

    Hi,
    I am trying to use external LDAP for authentication.
    I have configured the ActiveDirectoryAuthenticator giving the necessary
    values
    ( and added
    "-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
    ator" in startWeblgoic.cmd )
    and can see the users and the groups from my LDAP provider in the admin
    console and in the admin portal's "users and groups".
    A set of users are given permission to access the restricted site and those
    users are visible in the global role with the permission.
    The web.xml is configured for BASIC auth-method, and the role is
    <externally-defined/> in weblogic.xml.
    Now when I access a restricted page, I am shown a dialog prompt to key in
    the username and password.
    Even when I key in the valid credentials, the restricted page is not shown
    and an "Unauthorized xxx" 401 access error is thrown.
    Any clue, on what i am missing.?
    Please let me know if any suggestion / idea.
    Regards,
    Arun.

    Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
    In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
    Brad

  • Authentication error weblogic workshop

    Hi ,
    I am trying to debugg my application with weblogic workshop but its
    giving authentication error. My application is deployed and i can access it
    . I am using ant . Actually when i click the debug button it statrts the
    build and after successful termination of the build process it opens the
    debug view but gives the following error :-
    Authentication Failure when connecting to server
    Check your weblogic server username and password are correct and that the
    user has full admin rights.
    I have given the same username and password in workshop that i gave while
    configuring my domain. I guess workshop is not able to communicate with the
    server . Please help me out. I have spent enough time resolving this.
    Thanks

    The text of the error message may be incorrect, but the intent of the
    message is correct. You cannot use <max-beans-in-free-pool> with a Stateful
    session bean. See:
    http://e-docs.bea.com/wls/docs81/ejb/DDreference-ejb-jar.html#1114854
    Bill
    "Rick Jackson" <[email protected]> wrote in message
    news:26851318.1105651919423.JavaMail.root@jserv5...
    Hello,
    I have created a session EJB in Weblogic workshop. In the propertyeditor, I have set the "type" to "Stateful". I have then set the
    max-beans-in-free-pool to 1. I build my ejb project, and I get the below
    error:
    "A Stateless Session Bean cannot have a tag max-beans-in-free-pool". Thisdoesn't make any sense to me since I have specified that it is a "Stateful"
    session bean. I am using Weblogic workshop 8.1 sp2

  • Is it possible to make the fnd_user table as an authenticator to weblogic

    Hi,
    I am looking for a way to make fnd_user table as an authenticator for a weblogic users.
    Is it possible in first place without OVD and SSO ? My goal is to have fnd_users involve in human task approvals.
    Thanks
    Sai

    I think your question is: how do you compare the encrypted password in FND_USER to the password that the end user entered in your custom application front end?
    If that is indeed your question, you can decrypt the password in FND_USER as follows:
    1) Take the standard fnd_web_sec package and make a copy called cust_fnd_web_sec. Delete all procedures in the package body except for decrypt. Then add decrypt to the package spec.
    create or replace PACKAGE apps.cust_fnd_web_sec AUTHID CURRENT_USER AS
    function decrypt(key in varchar2, value in varchar2)
    return varchar2;
    END cust_FND_WEB_SEC;
    create or replace PACKAGE BODY apps.cust_fnd_web_sec AS
    -- Exception
    dml_inside_query exception;
    pragma exception_init(dml_inside_query,-14551);
    -- Function to encrypt a string using a specified key.
    function decrypt(key in varchar2, value in varchar2)
    return varchar2
    as language java name 'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String) return java.lang.String';
    END cust_FND_WEB_SEC;
    2) Run the following query to decrypt the password.
    WITH guest AS
    SELECT 'GUEST/ORACLE' user_pwd,
    UPPER (SUBSTR ('GUEST/ORACLE',
    1,
    INSTR ('GUEST/ORACLE',
    - 1
    ) user_name
    FROM DUAL)
    SELECT distinct u.user_name,
    apps.cust_fnd_web_sec.decrypt
    ((SELECT apps.cust_fnd_web_sec.decrypt
    (g.user_pwd,
    u.encrypted_foundation_password
    ) apps_password
    FROM apps.fnd_user u,
    apps.guest g
    WHERE u.user_name = g.user_name),
    u.encrypted_user_password
    ) decrypted_user_password
    FROM apps.fnd_user u,
    apps.fnd_user_resp_groups_direct r
    where u.user_id = r.user_id
    and u.user_name = <user name>
    Good luck!
    Scot

  • HTTP Digest Authentication in Weblogic Server ?

    I understand that Weblogic Server 10.3.0.0 does not have declarative support for HTTP Digest Authentication. In that case, what are the alternatives to do HTTP Digest Authentication on the server ?
    Edited by: user566628 on Sep 19, 2008 1:47 PM

    I would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
    http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
    If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon.

  • JAAS authentication with WebLogic 6 - "Invalid Configuration Class Name"

    For starters, I took the sample file examples.security.jaas.SampleConfig, changed the name and
    package, compiled, and copied it to the right place in the classes directory of the webapp project.
    The class is specified as a parameter in startWebLogic.cmd:
    -Dweblogic.security.jaas.Configuration="com.ww.opd.auth.JAASConfiguration"
    When a servlet attempts to get LoginContext, I get this error:
    "Invalid Configuration Class Name: com.ww.opd.auth.JAASConfiguration"
    The class file is definitely in the right place. What's the deal?
    Thanks,
    Rob

    Seems to be a ClassLoader problem. The sample is a client app, so no problem. But if you create
    a Configuration class to run on the server (to set up a LoginModule for authenticating clients)...
    I think what's happening is that the System class loader, using the CLASSPATH in the environment
    of the WebLogic server when it starts, attempts to load the Configuration class and can't (because it
    is in the CLASSPATH of the web app, not of the System class loader). If you add the Configuration
    class to the CLASSPATH of the WebLogic server, then it gets loaded but the LoginModule can't be
    found. If you add the LoginModule to the WebLogic server CLASSPATH, then any classes that it calls
    must also be in the WebLogic server CLASSPATH.
    Could someone from BEA please comment: is that the intention, that any classes used for JAAS
    authentication be part of the server's CLASSPATH, not part of the web application?
    Thanks,
    Rob
    "Rob Weltman" <[email protected]> wrote:
    >
    For starters, I took the sample file examples.security.jaas.SampleConfig, changed the name and
    package, compiled, and copied it to the right place in the classes directory of the webapp project.
    The class is specified as a parameter in startWebLogic.cmd:
    -Dweblogic.security.jaas.Configuration="com.ww.opd.auth.JAASConfiguration"
    When a servlet attempts to get LoginContext, I get this error:
    "Invalid Configuration Class Name: com.ww.opd.auth.JAASConfiguration"
    The class file is definitely in the right place. What's the deal?
    Thanks,
    Rob

  • Siteminder authentication provider ,weblogic 8.1 startup error

    I am trying to configure weblogic 8.1 with netegrity siteminder Application server agent.After configuring siteminder idertity asserter and Authentication provider on weblogic ,when i restarted my weblogic server it failed to start with java.lang.noSuchField :m_failOverThreshold at netegrity.SiteMinder.javaAgent.AgentAPI.javaagent_API_getconfig
    I will be really thankful if any one can help me out?

    I am trying to configure weblogic 8.1 with netegrity siteminder Application server agent.After configuring siteminder idertity asserter and Authentication provider on weblogic ,when i restarted my weblogic server it failed to start with java.lang.noSuchField :m_failOverThreshold at netegrity.SiteMinder.javaAgent.AgentAPI.javaagent_API_getconfig
    I will be really thankful if any one can help me out?

Maybe you are looking for

  • Playing .mov files from iMovie with Quitime for Windows

    Hi, Been searching but cannot seem to find a straight answer on this in these forums. My wife has a mac, we import all movies on to that using iMovie 08. I want to simply play the same movies on my PC. I copy the .mov files over, run them in quicktim

  • Corruption of statement cache

    I'm working on an application that uses stored procedures, and our statement cache size is set to 10. We are running the application on WLS 9.1 and using Microsoft's SQL Server 2005 XA driver. Most of the time, our application functions correctly. Ho

  • My new Intel iMac froze!

    Two days ago I went to wake my computer up form its sleep and it refused. Today I did the same and it didn't just freeze, the screen went mostly blue and toolbar at the top was scrambled. I had to force the computer to shut off with the power key. I

  • Setting own security handler with JavaScript

    Hi, I build the security handler plugin example (SecurityHandler.api) and installed it. Then I wanted to set this handler via JavaScript to a document but I have no access to it. If I list all handlers (security.handlers) in a trusted function only t

  • Classical Music podcasts anyone

    Anyone recommend well-produced, up-to-date, informative and frequent podcasts for Classical music, both 'early' (1000 - 1750) and contemporary (1945 and after), please?