Authentication in Weblogic 7
Hi all,
any help? I'm using:
java.util.Properties props = new java.util.Properties();
props.put(Context.SECURITY_PRINCIPAL, adminUser);
props.put(Context.SECURITY_CREDENTIALS, adminPassword);
props.put(Context.PROVIDER_URL, url);
Context ctx = new InitialContext(props);
UserPasswordCallbackHandler up = new UserPasswordCallbackHandler(username, password);
Subject subject = new Subject();
HashMap options = new HashMap();
options.put("debug", "true");
options.put("URL", url);
weblogic.security.auth.login.UsernamePasswordLoginModule userpassword= new weblogic.security.auth.login.UsernamePasswordLoginModule();
userpassword.initialize(subject, up, null, options);
userpassword.login();
with a very simple UserPasswordCallbackHandler made by me but no luck. I get a
java.lang.reflect.InvocationTargetException: java.lang.IllegalAccessError: java.
security.acl.NotOwnerException
in the authenticate method even when i try to authenticate the system user. I've
also tried:
weblogic.security.acl.Realm.authenticate(new weblogic.security.acl.DefaultUserInfoImpl
(username, password));
but this gives me the same. Any help?
Thx in advance.
COFM
====
does anybody know where a production ready copy of rdbmls realm is on the
net? I did a search and didnt find much?
thanks
Joel
"PaulF" <[email protected]> wrote in message
news:[email protected]..
Virender Sandhu <[email protected]> wrote in
news:3cdab13c$[email protected]:
Hi
I am trying to understand the Security Frame-work in WLS 7.0.
I found out that WLS 7.0 uses embedded LDAP server to store users
information. It also supports external LDAP. But for our application,
I want to keep users info in a database. Is there any suggestion to
solve this problem. Do I need to create my own Authentication
Provider? or is there any other way to do this?
I will appreciate any help
Thanks
Virender Sandhu
I think that you have two choices: 1) you can configure a Compatibility
Realm, take the RDBMS example, tweak it so that it is production ready (or
grab a production ready copy from someplace out on the net...I think
they're out there), or 2) create your own provider that talks directly to
your database.
Paul F.
Similar Messages
-
LDAP security authentication in weblogic sp4 (URGENT)
We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
1. Created a Realm
2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
a. filter attributes = cn=$subj.cn
b. username attribute = cn
c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
4. created a new Weblogic Default Authorizer...
5. created a new Weblogic Default Role Mapper...
6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
7. I made this realm as the DEFAULT realm and started the server
I get the following exception.
Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
>
####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
Waiting for response.
thanks in advance
kiranHi Christoper,
Based on your description, this seems to be more of a security related question than a workshop one.
Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
with information on service pack installed
Thanks
Raj -
Active Directory Authentication in Weblogic 8.1
Hi,
We want to do authentication from Microsoft Active Directory using weblogic 8.1.
I have created a Active directory and
configured weblogic from console to use it. But it is still not working. Your
help with these question would be highly
appreciated.
1. Is there anyone in group who have tried this before. Please let me know how
to proceed.
2. Is there any tool by which I can get to know the different attribute asked
for configuration in Weblogic?
3. I am not able to login to my application after configuration. Is there any
other way to come to know whether it is working
or not?
There could be plethora of reason but nothing which can come to my mind. Everything
seems to be configured correctly. Here is
portion of my config.xml related with authentication:
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Security GuestDisabled="false" Name="vendavo-dev"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
=myrealmADAuthenticator"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.pk.DefaultKeyStore
Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
DisplayName="ADAuthenticator" FollowReferrals="false"
GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
Name="Security:Name=myrealmADAuthenticator"
Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
</Security>
First, of all is it possible to use Active Directory authentication in Weblogic
without writing any custom code. If yes, how?
Thanks in advance,
Amit TyagiAmit,
We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
and downs though.
|
|
1) First, make sure you are sending right LDAP queries to AD. To verify this,
we used free 3rd party LDAP browser from Softerra. There is also java based free
browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
Play with your LDAP settings using this and make sure AD is returning the right
data.
|
2) AD has some default settings that makes it return only the top 1000 users.
Use ntdsutil.exe to modify these default settings
|
3) AD needs to have the right set of users and groups. To configure this, refer
to WLS docs. This is very well documented in WLS docs. Also refer to this article
http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
reference
|
4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
another product AD/AM (AD in Application Mode) in combination with MIIS server.
But if you are using sp2, you shouldn't be worry about this.
|
5) In your providers, you might want to get rid of the DefaultAuthentication provider,
once you are able to establish a connection with your ActiveDirectoryAuthentication
provider. The DefaultAuthentication provider causes some problems and does not
let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
investgated the root of this prob. When we deleted DefaultAuthentication provider,
everything worked normally - so we didn't really care that much :-)
|
6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
your are able to authenticate talk to your AD.
|
These are the ones I could think of. Hope this helps..
Regards,
Anant
"Amit" <[email protected]> wrote:
>
Hi,
We want to do authentication from Microsoft Active Directory using weblogic
8.1.
I have created a Active directory and
configured weblogic from console to use it. But it is still not working.
Your
help with these question would be highly
appreciated.
1. Is there anyone in group who have tried this before. Please let me
know how
to proceed.
2. Is there any tool by which I can get to know the different attribute
asked
for configuration in Weblogic?
3. I am not able to login to my application after configuration. Is there
any
other way to come to know whether it is working
or not?
There could be plethora of reason but nothing which can come to my mind.
Everything
seems to be configured correctly. Here is
portion of my config.xml related with authentication:
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Security GuestDisabled="false" Name="vendavo-dev"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
=myrealmADAuthenticator"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.pk.DefaultKeyStore
Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
DisplayName="ADAuthenticator" FollowReferrals="false"
GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
Name="Security:Name=myrealmADAuthenticator"
Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
</Security>
First, of all is it possible to use Active Directory authentication in
Weblogic
without writing any custom code. If yes, how?
Thanks in advance,
Amit Tyagi -
How to disable authentication for weblogic server
Hi expert,
I have a web application deployed on weblogic server 12c. And I have a client which connects to the web application. The client will authenticate with server with digest authentication (challenge\response). We use the default authentication in weblogic server and the authentication is done by weblogic server. And it works fine.
However, I want to run a performance testing to replay all client requests including the requests for authentication. Since it's challenge/response authentication mechanism, the original requests can not pass authentication and weblogic server replies 401. I want to know is there any way to disable weblogic authentication so that the authentication passes when I replay my original request?
Thanks very much!
Regards,
YanYou can disable the security of the application in the web.xml. Here there is a security-constraint configured that tells WebLogic what to do, for example,
<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/faces/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MANAGER</role-name>
<role-name>EMPLOYEE</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
If you put the security-constraint in comments, you can access the application, without authentication (note that the application itself probably uses the authentication in order to set certain things, so I do not if this is going to work). -
RDBMS Authentication in Weblogic Portal console 8.1 (SP5)
HI,
I have configured RDBMSBased authentication for oracle in Weblogic portal console 8.1.For Authenticating thru code,do i need to write any custom authentication for RDBMS or Is there any default authenticator?
Regards,
SenthilHi subha,
Thanks for ur reply.
U meant to say that i need to create RDBMSBeased Authentication provider for oracle in the existing myRealm. This RDBMS authenticator is one of the authenticator in the Authenticator list.Am i correct?
I have certain issues regarding this type of config:
1)If i create a user thru program,where does it go? either embaddedLDAP or oracle database
2)Since point base not used in production,we have to use oracle for Authentication as well as Autherization server.
In the default configuration, user preferences are stored in point base database but it should go to oracle.
Is it possible to redirect to oracle?
What i had done that I have created new Realm where i configured RDBMSBased authenticator. Using this config, can i do Authentication as well as Authorization?
Pls suggest.
Regards,
Senthil -
SSL Authentication in weblogic 5.1
Hi
I am using SSL in my weblogic application. So that it asks for the username and
password while startup. But now i want to mention the username and password in
weblogic.properties file itself. So that the client need not have to provide the
username and password. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
sivaHi Michael
I am using SSL in my application. So that it asks for the certificate username
and password while startup. But now i want to mention the username and password
in weblogic.properties file itself. So that the client need not have to provide
the username and password everytime. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva
Michael Young <[email protected]> wrote:
Hi.
It's not 100% clear to me what you are asking for. Do you want authentication
turned off for
your application? That will certainly turn off prompting for authentication
information. You
can set your ACL for your application (in your properties file) to allow
everyone to execute
it. Something like:
weblogic.allow.execute.<myApplication>=everyone
But maybe you want some kind of silent authentication so that not everyone
can execute your
app? I suppose you could pass authentication info in a cookie. I really
don't know enough
about your application, though.
I suggest you post this question in weblogic.developer.interest.security
- you have a better
chance of getting an answer there for security related questions.
Hope this helps.
Michael
siva wrote:
Hi all,
I have the following requirements. I have an application which asksfor the authentication
information like username and password at first. The application isrunning in
weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
the username and password so that the application will not ask forin the browser.
please help. It's urgent.
with regds
siva--
Developer Relations Engineer
BEA Support -
Authentication in weblogic 5.1
Hi all,
I have the following requirements. I have an application which asks for the authentication
information like username and password at first. The application is running in
weblogic5.1 server. Is there a way where in weblogic.properties file, i mention
the username and password so that the application will not ask for in the browser.
please help. It's urgent.
with regds
sivaHi Michael
I am using SSL in my application. So that it asks for the certificate username
and password while startup. But now i want to mention the username and password
in weblogic.properties file itself. So that the client need not have to provide
the username and password everytime. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva
Michael Young <[email protected]> wrote:
Hi.
It's not 100% clear to me what you are asking for. Do you want authentication
turned off for
your application? That will certainly turn off prompting for authentication
information. You
can set your ACL for your application (in your properties file) to allow
everyone to execute
it. Something like:
weblogic.allow.execute.<myApplication>=everyone
But maybe you want some kind of silent authentication so that not everyone
can execute your
app? I suppose you could pass authentication info in a cookie. I really
don't know enough
about your application, though.
I suggest you post this question in weblogic.developer.interest.security
- you have a better
chance of getting an answer there for security related questions.
Hope this helps.
Michael
siva wrote:
Hi all,
I have the following requirements. I have an application which asksfor the authentication
information like username and password at first. The application isrunning in
weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
the username and password so that the application will not ask forin the browser.
please help. It's urgent.
with regds
siva--
Developer Relations Engineer
BEA Support -
Authentication via weblogic security realm
My servlet needs to access a session bean. The action in the session bean requires
that a user has been authorized, i.e. at some point the session been calls
String name = d_ctx.getCallerPrincipal().getName()
This name may not be null at this time.
What I would like to have is that the user executing the URL gets authenticated
by my server realm 'myrealm' and that the associated prinicpal gets passed to
the session bean. Is this possible. If so, how can the user pass along the username
and password as this query is executed programmatically?
markus
http://www.weblogic.com/docs51/classdocs/API_acl.html
Michael Girdley
BEA Systems Inc
"gennot" <[email protected]> wrote in message
news:[email protected]..
Could you send me the complete URL of these example, please?
Thanks
Enrico
Michael Girdley <[email protected]> wrote in message
39b87078$[email protected]..
The passing of the client's certificate should be automatic to WebLogic.We
have an example of getting the client side certificate from inside of
WebLogic in our documentation.
This does not require for SSL to be used from the Web server to
WebLogic.
>>
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Bob Simonoff" <[email protected]> wrote in message
news:[email protected]..
I have read through the docs and haven't found anything that would
address
the following confusion:
Suppose I want to use Apache or IPlanet as the webserver with WebLogicas
the back end application server (obviously). I have the need to use 2way
SSL authentication. As I understand it the following applies:
Client (browser) has a certificate as does the web server. Theyauthenticate
each other.
Now, the web server and weblogic need to communicate. WebLogic, in our
environment does authentication via the security realm.
What do I have to do to get the the web server (Apache or IPlanet) to
communicate the client's certificate to WebLogic so the WebLogic canperform
the authentication?
Does the communication between the web server and WebLogic also need
to
be
SSL?
Thanks
Bob Simonoff -
Providing datasource for authentication in weblogic
Hi, I am facing a problem of authentication of user from weblogic when weblogic have mulitple datasources
My weblogic server have two data sources one is pmr and second is hr I have created two authentication providers one is using hr as data source and second is using pmr as datasource.
Now i have two applications one is pmrApp and second is hrApp.
Now I want to apply security on both application in such a way that hrApp user should be authenticated from hr datasource and pmrApp user from pmr datasource
because there will be a chance that both datasources contains two users with same user names. In this conditions weblogic should know that which user should be authenticated from which database
Please help me
Edited by: Rao on May 8, 2012 12:25 PMapply security on both application in such a way that hrApp user should be authenticated from hr datasource and pmrApp user from pmr datasourceIt is not possible in WebLogic. The whole WLS security realm is common for all the deployed applications, so you cannot configure some application to use only some of the authentication providers. Even if you configure 2 different security realms, only one of them will be active. The only option you have is to create 2 separate WebLogic domains :(
Dimitar -
Authentication in weblogic portal server 8.1 sp2 using external LDAP
Hi,
I am trying to use external LDAP for authentication.
I have configured the ActiveDirectoryAuthenticator giving the necessary
values
( and added
"-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
ator" in startWeblgoic.cmd )
and can see the users and the groups from my LDAP provider in the admin
console and in the admin portal's "users and groups".
A set of users are given permission to access the restricted site and those
users are visible in the global role with the permission.
The web.xml is configured for BASIC auth-method, and the role is
<externally-defined/> in weblogic.xml.
Now when I access a restricted page, I am shown a dialog prompt to key in
the username and password.
Even when I key in the valid credentials, the restricted page is not shown
and an "Unauthorized xxx" 401 access error is thrown.
Any clue, on what i am missing.?
Please let me know if any suggestion / idea.
Regards,
Arun.Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
Brad -
Authentication error weblogic workshop
Hi ,
I am trying to debugg my application with weblogic workshop but its
giving authentication error. My application is deployed and i can access it
. I am using ant . Actually when i click the debug button it statrts the
build and after successful termination of the build process it opens the
debug view but gives the following error :-
Authentication Failure when connecting to server
Check your weblogic server username and password are correct and that the
user has full admin rights.
I have given the same username and password in workshop that i gave while
configuring my domain. I guess workshop is not able to communicate with the
server . Please help me out. I have spent enough time resolving this.
ThanksThe text of the error message may be incorrect, but the intent of the
message is correct. You cannot use <max-beans-in-free-pool> with a Stateful
session bean. See:
http://e-docs.bea.com/wls/docs81/ejb/DDreference-ejb-jar.html#1114854
Bill
"Rick Jackson" <[email protected]> wrote in message
news:26851318.1105651919423.JavaMail.root@jserv5...
Hello,
I have created a session EJB in Weblogic workshop. In the propertyeditor, I have set the "type" to "Stateful". I have then set the
max-beans-in-free-pool to 1. I build my ejb project, and I get the below
error:
"A Stateless Session Bean cannot have a tag max-beans-in-free-pool". Thisdoesn't make any sense to me since I have specified that it is a "Stateful"
session bean. I am using Weblogic workshop 8.1 sp2 -
Is it possible to make the fnd_user table as an authenticator to weblogic
Hi,
I am looking for a way to make fnd_user table as an authenticator for a weblogic users.
Is it possible in first place without OVD and SSO ? My goal is to have fnd_users involve in human task approvals.
Thanks
SaiI think your question is: how do you compare the encrypted password in FND_USER to the password that the end user entered in your custom application front end?
If that is indeed your question, you can decrypt the password in FND_USER as follows:
1) Take the standard fnd_web_sec package and make a copy called cust_fnd_web_sec. Delete all procedures in the package body except for decrypt. Then add decrypt to the package spec.
create or replace PACKAGE apps.cust_fnd_web_sec AUTHID CURRENT_USER AS
function decrypt(key in varchar2, value in varchar2)
return varchar2;
END cust_FND_WEB_SEC;
create or replace PACKAGE BODY apps.cust_fnd_web_sec AS
-- Exception
dml_inside_query exception;
pragma exception_init(dml_inside_query,-14551);
-- Function to encrypt a string using a specified key.
function decrypt(key in varchar2, value in varchar2)
return varchar2
as language java name 'oracle.apps.fnd.security.WebSessionManagerProc.decrypt(java.lang.String,java.lang.String) return java.lang.String';
END cust_FND_WEB_SEC;
2) Run the following query to decrypt the password.
WITH guest AS
SELECT 'GUEST/ORACLE' user_pwd,
UPPER (SUBSTR ('GUEST/ORACLE',
1,
INSTR ('GUEST/ORACLE',
- 1
) user_name
FROM DUAL)
SELECT distinct u.user_name,
apps.cust_fnd_web_sec.decrypt
((SELECT apps.cust_fnd_web_sec.decrypt
(g.user_pwd,
u.encrypted_foundation_password
) apps_password
FROM apps.fnd_user u,
apps.guest g
WHERE u.user_name = g.user_name),
u.encrypted_user_password
) decrypted_user_password
FROM apps.fnd_user u,
apps.fnd_user_resp_groups_direct r
where u.user_id = r.user_id
and u.user_name = <user name>
Good luck!
Scot -
HTTP Digest Authentication in Weblogic Server ?
I understand that Weblogic Server 10.3.0.0 does not have declarative support for HTTP Digest Authentication. In that case, what are the alternatives to do HTTP Digest Authentication on the server ?
Edited by: user566628 on Sep 19, 2008 1:47 PMI would open a support case to get clarification on whether DIGEST is supported. According to the WLS 8.1 book I found on google, it looks like it may have been supported in 8.1:
http://books.google.com/books?id=TiAKHpPHpHIC&pg=PA836&lpg=PA836&dq=WebLogic+Digest+Authentication&source=web&ots=ciJMQOXm2q&sig=oJGOs-J5snfFGt_hWSPi-FXyERQ&hl=en&sa=X&oi=book_result&resnum=10&ct=result
If that is the case, it is unlikely that they removed it, it just may not be documented well as it is very uncommon. -
JAAS authentication with WebLogic 6 - "Invalid Configuration Class Name"
For starters, I took the sample file examples.security.jaas.SampleConfig, changed the name and
package, compiled, and copied it to the right place in the classes directory of the webapp project.
The class is specified as a parameter in startWebLogic.cmd:
-Dweblogic.security.jaas.Configuration="com.ww.opd.auth.JAASConfiguration"
When a servlet attempts to get LoginContext, I get this error:
"Invalid Configuration Class Name: com.ww.opd.auth.JAASConfiguration"
The class file is definitely in the right place. What's the deal?
Thanks,
RobSeems to be a ClassLoader problem. The sample is a client app, so no problem. But if you create
a Configuration class to run on the server (to set up a LoginModule for authenticating clients)...
I think what's happening is that the System class loader, using the CLASSPATH in the environment
of the WebLogic server when it starts, attempts to load the Configuration class and can't (because it
is in the CLASSPATH of the web app, not of the System class loader). If you add the Configuration
class to the CLASSPATH of the WebLogic server, then it gets loaded but the LoginModule can't be
found. If you add the LoginModule to the WebLogic server CLASSPATH, then any classes that it calls
must also be in the WebLogic server CLASSPATH.
Could someone from BEA please comment: is that the intention, that any classes used for JAAS
authentication be part of the server's CLASSPATH, not part of the web application?
Thanks,
Rob
"Rob Weltman" <[email protected]> wrote:
>
For starters, I took the sample file examples.security.jaas.SampleConfig, changed the name and
package, compiled, and copied it to the right place in the classes directory of the webapp project.
The class is specified as a parameter in startWebLogic.cmd:
-Dweblogic.security.jaas.Configuration="com.ww.opd.auth.JAASConfiguration"
When a servlet attempts to get LoginContext, I get this error:
"Invalid Configuration Class Name: com.ww.opd.auth.JAASConfiguration"
The class file is definitely in the right place. What's the deal?
Thanks,
Rob -
Siteminder authentication provider ,weblogic 8.1 startup error
I am trying to configure weblogic 8.1 with netegrity siteminder Application server agent.After configuring siteminder idertity asserter and Authentication provider on weblogic ,when i restarted my weblogic server it failed to start with java.lang.noSuchField :m_failOverThreshold at netegrity.SiteMinder.javaAgent.AgentAPI.javaagent_API_getconfig
I will be really thankful if any one can help me out?I am trying to configure weblogic 8.1 with netegrity siteminder Application server agent.After configuring siteminder idertity asserter and Authentication provider on weblogic ,when i restarted my weblogic server it failed to start with java.lang.noSuchField :m_failOverThreshold at netegrity.SiteMinder.javaAgent.AgentAPI.javaagent_API_getconfig
I will be really thankful if any one can help me out?
Maybe you are looking for
-
Playing .mov files from iMovie with Quitime for Windows
Hi, Been searching but cannot seem to find a straight answer on this in these forums. My wife has a mac, we import all movies on to that using iMovie 08. I want to simply play the same movies on my PC. I copy the .mov files over, run them in quicktim
-
I'm working on an application that uses stored procedures, and our statement cache size is set to 10. We are running the application on WLS 9.1 and using Microsoft's SQL Server 2005 XA driver. Most of the time, our application functions correctly. Ho
-
Two days ago I went to wake my computer up form its sleep and it refused. Today I did the same and it didn't just freeze, the screen went mostly blue and toolbar at the top was scrambled. I had to force the computer to shut off with the power key. I
-
Setting own security handler with JavaScript
Hi, I build the security handler plugin example (SecurityHandler.api) and installed it. Then I wanted to set this handler via JavaScript to a document but I have no access to it. If I list all handlers (security.handlers) in a trusted function only t
-
Classical Music podcasts anyone
Anyone recommend well-produced, up-to-date, informative and frequent podcasts for Classical music, both 'early' (1000 - 1750) and contemporary (1945 and after), please?