Authentication rerror on weblogic

hi,
I had created a user in weblogic with provider as OpenLdapAuthenticator and made it default.
Now i am not able to start the weblogic server..

Can you get the sample security provider to work? Did you reinstall to the same
weblogic version? Try rebuilding your provider in the new environment and see
if that helps.
You also might want to crosspost this question to weblogic.developer.interest.management
or
weblogic.developer.interest.management.console newgroups, since this looks like
a configuration issue.
Pavel.
"Balaji Chandrasekaran" <[email protected]> wrote:
>
Hi Pavel,
Thanks for your response.
The /0/ is a typo, I have the jar file under this directory C:\bea7.0\weblogic700\server\lib\mbeantypes.
It used to work before, after i re-installing the server it is not working.
Thanks
"Pavel" <[email protected]> wrote:
The provider jar file must be in the WL_HOME\lib\mbeantypes folder.
Have you changed you folder structure when you reinstalled the server.
Is the
\0\ in your path a typo?
Pavel.
Balaji <[email protected]> wrote:
Hi,
I have written custom authenticator provider for my application in
weblogic
7.0 , I was able to deploy successfully and able to test my applications
using custom authenticator provider.
Recently I re-installed my weblogic instance,after that the new instance
is not recognizing the cutom authenticator provider deployed in <BEA_HOME>weblogic700\0\server\lib\mbeantypes
directory.
After I deployed, I restarted my weblogic server, usually the server
will pick-up customer security provider automatically when you re-start
the server, then I can go to admin console and create new custom security
provider instance under myrealm.
But for some reason it is not picking now,
Same version worked fine in unix environment and different weblogicinstances
in windows environment.
Can someone help me to fix this problem?
Thanks

Similar Messages

How to remove custom authentication provider in weblogic server 11g

Hi ,
I am trying to remove the custom authentication provider in weblogic server 11g, It disappears when i delete it from list of authentication providers. But upon server restart it appears again.
Documentation for 10g says delete it from service administration but i couldn't find one in 11g. Please help me in removing the custom authentication provider
Thanks
Sandeep

You can try editing the config.xml file and removing it there. (Re: After provider reorder I cannot login admin server console
If you are referring to a jar file - custom authenticators are usually placed in the <middleware-home>wlserver_10.3/server/lib/mbeantypes/ directory.

Authentication for user weblogic denied

I am unable to start node managerd server from command prompt.
I installed WebLogic Server Version: 12.1.2.0.0 on Windows 2008 R2 EN Sp1
I started Administration Server succesfully.
C:\Weblogic\Oracle\config\domains\wl_server\bin\startWebLogic.cmd
I created ihale Managed server but I couldn't start Managed Server.
C:\Weblogic\Oracle\config\domains\wl_server\bin
startManagedWebLogic.cmd ihale http://192.168.1.29:7431
I'm getting following error.
####<Dec 25, 2013 12:51:13 AM PST> <Critical> <WebLogicServer> <umman> <ihale> <main> <<WLS Kernel>> <> <> <1387961473813> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied.
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:257)
I am able to login administration console same username and password. Username: weblogic Password:xxxxx
I changed the weblogic user password and I tried again. It was unseccesfull.
I created boot.properties file in C:\Weblogic\Oracle\config\domains\wl_server\servers\ihale\security folder.
I put username and password.
After I tried to start ihale managed server, boot.properties file didn't encrypted and managed server also didn't started.
I deleted cache, data, tmp folders except logs folder in \\192.168.1.29\c$\Weblogic\Oracle\config\domains\wl_server\servers\ihale and I tried again. It was unseccesfull.
I found something on https://community.oracle.com/message/10653470
Ganesh says:
Did you restart AdminServer after deleting the LDAP Authentication provider?
I think your managed server is still trying to authenticate user through ldap authentication provider.
Torrado answers:
I found that there was a definition in Security Policy of osb_server1 for an user that belonged to deleted LDAP authenticator.
I deleted it and server started.
Thanks.
How can I delete definition in Security Policy of ihale for an user that belonged to deleted LDAP authenticator?
Could you please help to solve this problem?
Best Regards.

Hi,
You can rename the ldap folder in following directory structure.
%Domain_Name% / servers / <servername> / data/
You will find ldap folder try to rename that folder and then please restart the server again.
If you are try to start through nodemanager then rename the nodemanager under following directory.
%Domain_Name% / servers / <servername> / data/.
Try to rename these two folder and restart the nodemanager and start the server again.
It will work for you.
Regards,
Kal

Wls91 Authentication for user weblogic denied when starting

Hi,
I just installed wls91 and created a new domain using configuration wizard. I typed in username "admin" and password when it asked. Then I run startweblogic.cmd from \mydomain. But after it started it's keeping showing the Critical log on console. I didn't do any configuration yet. Of course there is no user "weblogic".
where the error coming from? Thanks
<Jan 27, 2006 4:42:20 PM PST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
<Jan 27, 2006 4:42:20 PM PST> <Notice> <Security> <BEA-090078> <User weblogic in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.>
<Jan 27, 2006 4:42:20 PM PST> <Critical> <Security> <BEA-090403> <Authentication for user weblogic denied>

Hi,
My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
If not please correct me.
I have a few query, please give me comment on this.
1) Admin and managed instances are running on the same box or different
2) Did you try to reset the password from console or using weblogic.security command
3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
Solution-1 (If Domain running on different box)
=============================
1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
2) Remote machine- rename or take a backup of ldap directory and boot.properties file
/servers/soa_server1/ldap
/servers/soa_server1/security/boot.properties.
3) Now try to brought up the soa_server1.It will prompt you the username and password.
Please let me know.
Thanks,
Rajkumar

Authentication for user weblogic denied seen in Weblogic 8.1 bea logs

I am observing the below error in bea logs of one of my managed servers. The managed server is in running state but the most of the Bridges are inactive with description "WARN: failed to connect to the source". Below is the error seen.
####<Mar 29, 2013 2:17:47 PM GMT> <Notice> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for queu
e: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090078> <User weblogic in security realm myrealm has had 5 invalid login
attempts, locking account for 30 minutes.>
####<Mar 29, 2013 2:18:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:19:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:20:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '35' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:21:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '36' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:22:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '37' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:23:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '35' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:24:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '35' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:25:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '37' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:26:46 PM GMT> <Critical> <Security> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <ExecuteThread: '37' for qu
eue: 'weblogic.kernel.Default'> <<anonymous>> <> <BEA-090403> <Authentication for user weblogic denied>
####<Mar 29, 2013 2:27:18 PM GMT> <Error> <WebLogicServer> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <weblogic.health.CoreHea
lthMonitor> <<WLS Kernel>> <> <BEA-000337> <ExecuteThread: '32' for queue: 'MessagingBridge' has been busy for "1,614" second
s working on the request "weblogic.jms.bridge.internal.MessagingBridge: gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2b
iA.bridge.MB.BPS_TO_SH_4_CBGW_ADAPTOR,ServerRuntime=managed1_gsb2biA,Type=MessagingBridgeRuntime
Set fields: [Name]
Name -> <null>
Parent -> gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2biA,Type=ServerRuntime
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
####<Mar 29, 2013 2:27:18 PM GMT> <Error> <WebLogicServer> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <weblogic.health.CoreHea
lthMonitor> <<WLS Kernel>> <> <BEA-000337> <ExecuteThread: '33' for queue: 'MessagingBridge' has been busy for "1,614" second
s working on the request "weblogic.jms.bridge.internal.MessagingBridge: gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2b
iA.bridge.com.bt.jms.bridge.GSB2B.GSB2B_To_RoBTESB.MDO.FTP.response,ServerRuntime=managed1_gsb2biA,Type=MessagingBridgeRuntim
e
Set fields: [Name]
Name -> <null>
Parent -> gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2biA,Type=ServerRuntime
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>
####<Mar 29, 2013 2:27:18 PM GMT> <Error> <WebLogicServer> <hwspx007.vipx.bt.com> <managed1_gsb2biA> <weblogic.health.CoreHea
lthMonitor> <<WLS Kernel>> <> <BEA-000337> <ExecuteThread: '34' for queue: 'MessagingBridge' has been busy for "1,618" second
s working on the request "weblogic.jms.bridge.internal.MessagingBridge: gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2b
iA.bridge.MB_BTGS_B2B_TO_RoBTESB_MPF_PI,ServerRuntime=managed1_gsb2biA,Type=MessagingBridgeRuntime
Set fields: [Name]
Name -> <null>
Parent -> gsb2biA:Location=managed1_gsb2biA,Name=managed1_gsb2biA,Type=ServerRuntime
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.>

Have a look at this... Look for "credential" to see how to fix the username/password of your message bridge...
http://docs.oracle.com/cd/E13222_01/wls/docs81/ConsoleHelp/messaging_bridge.html#1122172
Cheers,
Vlad

Authentication for user weblogic denied problem when starting managed serve

Hi All,
I have a strange situation here. I installed WLS and SOA and BAM servers. Initially I could start both WLS and SOA.
Later I changed some files (possibly startManagedWebLogic.sh or deleted soa_server1/data/ldap/ or AdminServer/security/boot.properties), but later I remember I changed them back. I am now seeing that my WLS is starting up fine, but SOA is not. I am always getting the error:
<Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090303]Authentication Failed: User weblogic weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090295]caught unexpected exception
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:251)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
>
I tried to go to admin console to change/verify the password for weblogic user, and then put plaintext password in AdminServer/security/boot.properties, then restart Adminserver. But I still cannot start SOA server.
Could you please let me know how to resolve this issue? I do want to save my environment at this point. Many thanks.

Hi,
My understanding is admin user server is coming up fine but when you try to bring the soa_server1(managed instance) is not coming up due the below mentioned exception.
If not please correct me.
I have a few query, please give me comment on this.
1) Admin and managed instances are running on the same box or different
2) Did you try to reset the password from console or using weblogic.security command
3) Did you cleared the soa_server1 temp directory(server/soa_server1/*)
Solution-1 (If Domain running on different box)
=============================
1) Copy the DefaultAuthenticatorInit.ldift file from Domain_dir/Security/ to Remote machine - Domain_dir/Security/
Note- Remote machine - take a backup of DefaultAuthenticatorInit file.
2) Remote machine- rename or take a backup of ldap directory and boot.properties file
/servers/soa_server1/ldap
/servers/soa_server1/security/boot.properties.
3) Now try to brought up the soa_server1.It will prompt you the username and password.
Please let me know.
Thanks,
Rajkumar

BPM Integration with SQL Authenticator Provider in WebLogic

Hi Gurus,
Related to the explanation from this blog : http://orasoa.blogspot.com/2010/06/sqlauthenticator-and-human-worklist.html
I have followed this review, I can see all user and groups from sql authenticator provider.
And also I can assign bpm application roles to users from sql authenticator provider.
But when I try to assign bpm application roles to groups from sql authenticator provider, the bpm application is not show from bpm workspace.
Is there any clue to solve this problem?
Cheers,
Agus W

Hi All,
Found the reason for the exception. I was implementing the generated the CustomAuthenticatorImpl class (generated through WebLogic MBeanMaker utility) as the provider class by implementing the AuthenticationProvider interface. Keeping them separate solved the issue.
Able to create the jar without any issues and also no error or exception after restart.
Thanks.

Authentication handling in WebLogic 8.1 SP 4

I have a servlet, MyServlet, running in WebLogic 8.1 SP 4 that creates another server in the init() method that listens for incoming connections on a different port than WebLogic's 7001; let's say it listens to port 5000. This server is similar to the O'Reilly's DaemonHttpServlet (http://www.stanford.edu/group/coursework/docsTech/oreilly/com.oreilly.servlet.DaemonHttpServlet.html); I'll refer to this server as HttpServer.
I created a security realm for MyServlet for Basic authentication. So if a client wants to go to MyServlet it has to authenticate itself using Basic authentication. This all works fine! However, at this point HttpServer that listens port 5000 is not part of the mentioned realm according to WebLogic. For MyServlet WebLogic takes care of the whole authentication process, that is, the initial request to MyServlet and the following response containing the Basic challenge are not going through MyServlet but are handled by WebLogic.
As the client (user agent) does not know that HttpServer is part of the same realm (as I would like it to be), it will not send its credentials that it used to logon to MyServlet to authenticate itself to HttpServer, because the URL is different at the port part of the URL.
I would like to mimic that HttpServer IS part of the same realm MyServlet is in, but I don't want to hardcode the response saying it needs to be a certain specific realm. How can I query User, Group, Realm information stored in WebLogic? Are there MBeans I should look at? Can I use JAAS to hook into WebLogic somehow? Can I use JAAS to handle the Base64-encoded username-password to the Basic challenge send in the HTTP request?

b b schrieb:
Hi:
I am confused about something, I am running weblogic 8.1 SP4 on the [sun4u sparc SUNW,Sun-Fire-480R] box and trying to deploy a normal webapp. It took like 2 minutes to finish deployment (nothing else was running on the box). however if I deploy the same webapp onto my laptop, it is really quick (<30secs).
I thought it might be the problem with that particular un box. So I tried to deploy the same webapp onto another sun box - [sun4u sparc SUNW,Sun-Fire-V240]. The results were the same (over 2minutes).
Can anybody shed some lights on why this is happening?
Thank you very much!Have You checked the XML-switches ?
(web.xml/weblogic.xml/keepgenerate/precompile)
How ist the "Staging Mode" (nostage) of Your application ?
Regards Ruedi :-)

LDAP authenticator setting in Weblogic 10

Hi there,
I am a newbie to weblogic. I am migrating an application from OAS to Weblogic 10. The application is using LDAP for login. I am havng a trouble to set up those users in weblogic console.
Here is what I did:
in web.xml:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>UserRole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>RegularUser</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<role-name>UserRole</role-name>
</security-role>
In Weblogic.xml
<?xml version="1.0" encoding="windows-1252"?>
<weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
<security-role-assignment>
<role-name>UserRole</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>
In Weblogic console, I created a new realm called RegularUser and setup LDAP authenticator. User Base DN is ou=axxx,dc=bxxx,dc=cxx. I can see those users already in the user list.
Did I miss any step?
Thanks

Thanks, Faisal.
Here is my config.xml. Do I need to select Custom Roles at the time of deployment? I manually deployed the application in console.
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>myTestDomain</name>
<domain-version>10.3.3.0</domain-version>
<security-configuration>
<name>myTestDomain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
<sec:name>RegularUsers</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:host>holdap1.abc.org</wls:host>
<wls:user-object-class>user</wls:user-object-class>
<wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
<wls:principal>ldapviewsd</wls:principal>
<wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
<wls:credential-encrypted>{AES}5dVfr76v1nSUvb8iMBO5e1WxZG5BA/M3MWZvNxDVMO4=</wls:credential-encrypted>
<wls:user-from-name-filter>(&(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:group-base-dn>ou=a,dc=b,dc=c</wls:group-base-dn>
<wls:group-from-name-filter>(&(cn=%g)(objectclass=group))</wls:group-from-name-filter>
<wls:static-group-object-class>group</wls:static-group-object-class>
<wls:static-member-dn-attribute>member</wls:static-member-dn-attribute>
<wls:static-group-dns-from-member-dn-filter>(&(member=%M)(objectclass=group))</wls:static-group-dns-from-member-dn-filter>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<realm>
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>RewardsUser</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:host>holdap1.abc.org</wls:host>
<wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
<wls:principal>ldapviewsd</wls:principal>
<wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
<wls:credential-encrypted>{AES}6mfAIvAqFASMkZ4yHygBe3AODqNyzYyLLePzCI2HTE0=</wls:credential-encrypted>
<wls:user-from-name-filter>(&(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:group-base-dn>ou=a,dc=bdc=c</wls:group-base-dn>
<wls:max-sid-to-group-lookups-in-cache>1500</wls:max-sid-to-group-lookups-in-cache>
</sec:authentication-provider>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:deploy-credential-mapping-ignored>false</sec:deploy-credential-mapping-ignored>
<sec:security-dd-model>CustomRoles</sec:security-dd-model>
<sec:combined-role-mapping-enabled>true</sec:combined-role-mapping-enabled>
<sec:name>RewardsUser</sec:name>
<sec:delegate-m-bean-authorization>false</sec:delegate-m-bean-authorization>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}AOnncmyo+t9U78VAJHcbv8uiDUVggDlU55WY5xh6NukBIg3m2MK0In76UwCRuKdlVzHp9uWx/4uYZpkVQmq9Hqk3fTRZRx4dIuyU07siwupmYdq1UHttcgTIwqqKoaWn</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}Yx0pabvYpXxQr7K7YRVB5B0f3Kyy8Lpn0cu1WQCXve8=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<server-debug>
<debug-scope>
<name>weblogic.security.atn</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic.security.atz</name>
<enabled>true</enabled>
</debug-scope>
<debug-security-atn>true</debug-security-atn>
<debug-security-atz>true</debug-security-atz>
<debug-security-saml-atn>true</debug-security-saml-atn>
<debug-security-saml2-atn>true</debug-security-saml2-atn>
</server-debug>
<listen-address></listen-address>
</server>
<embedded-ldap>
<name>myTestDomain</name>
<credential-encrypted>{AES}Iidvc9S3UqScbvwktaeOZMYr4V9BQ4aU/T5z+npeFwiYEzUZi6iLF59pfpCNI0DQ</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.3.0</configuration-version>
<app-deployment>
<name>rewards</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>servers\AdminServer\upload\rewards.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
</domain>

Sharing Authentication between different weblogic istances

Hi,
I'm using WebLogic 10.3.5.
Is there a way to share only the authentication (getRemoreUser() info) between 2 distinct ear, each deployed on different weblogic istances (same WL domain) and with only one of them under my control?
I done it successfully when the 2 ears were deployed in the same weblogic istance.
What about If I were using OHS (virtual hosts) as an "access point" to the 2 ears?
P.S. I can't use SSO,
Thank you very much.
Best regards,
S.

Turns out it does matter what domain you are accessing each app with--I was using our Apex development domain to test, and it was bombing out. When I used the same domain as the Designer forms and cookie domain, it worked like a charm.

NT domain authentication impelmented in weblogic server

hello Sir,
I would like to find out if there is any package with weblogic server that will allow me to authenticate the users of weblogic using an NT domain authentication.
Any user of weblogic should be an authenticated user of an NT domain and i am in need of a package that will do this for me. I heard that BEA has some package that implements this functionality.
Your help is very much appreciated.
Thank You
Raji Arumugam

Hi Raji,
I think that what you want is "NTRealm" for WebLogic.
Look at http://e-docs.bea.com/wls/docs61/////ConsoleHelp/ntrealm.html which should help you.
Cheers,
Joe Jerry
Raji Arumugam wrote:
hello Sir,
I would like to find out if there is any package with weblogic server that will allow me to authenticate the users of weblogic using an NT domain authentication.
Any user of weblogic should be an authenticated user of an NT domain and i am in need of a package that will do this for me. I heard that BEA has some package that implements this functionality.
Your help is very much appreciated.
Thank You
Raji Arumugam

Authentication denied on Weblogic admin console

I was playing with security policy for web applications and now I can't login from
console any more. It gives following error : Authentication Denied
The username or password has been refused by WebLogic Server. Please try again.
I can start the server from command line. How can I find out what is the problem
and how can I fix it ?
Thanks,
MK

Hi AB.
You can write your own pages and add them to WebLogic admin console by writing a console extension, here is a link to bea doc http://e-docs.bea.com/wls/docs100/console_ext/understandext.html
Regards,
Felix

Authentication error in weblogic portal 10.2 (Response: '401: Unauthorized'

I have written following code in my page flow controller in order to access file from a shared location:
Authenticator.setDefault(new MyAuthenticator(username, password));
URLConnection conn = new URL(urlString).openConnection();
InputStream instr = conn.getInputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(instr));
String str;
while ((str = in.readLine()) != null) {
     System.out.println(str);
It always gives me folloing error:
java.io.FileNotFoundException: Response: '401: Unauthorized' for url: 'http://coldev01.col.us.bic/testspec/library/Approved/Packaging%20Components/5647495.pdf'
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:476)
     at weblogic.net.http.SOAPHttpURLConnection.getInputStream(SOAPHttpURLConnection.java:36)
If I directly past this url in browser then this pdf opens properly but when i try to do through code then it does not work. Any quick help would be highly appreciated.
MyAuthenticator class
private static class MyAuthenticator extends Authenticator {
     private String username, password;
     public MyAuthenticator(String user, String pass) {
     username = user;
     password = pass;
     protected PasswordAuthentication getPasswordAuthentication() {
     System.out.println("Requesting Host : " + getRequestingHost());
     System.out.println("Requesting Port : " + getRequestingPort());
     System.out.println("Requesting Prompt : " + getRequestingPrompt());
     System.out.println("Requesting Protocol: "
     + getRequestingProtocol());
     System.out.println("Requesting Scheme : " + getRequestingScheme());
     System.out.println("Requesting Site : " + getRequestingSite());
     return new PasswordAuthentication(username, password.toCharArray());
Thanks,
Alka

Use something like HTTPClient (instead of URLConnection) which will let you specify Username/password for basic auth
e.g. http://svn.apache.org/viewvc/httpcomponents/oac.hc3x/trunk/src/examples/BasicAuthenticationExample.java?view=markup
Edited by: deepshet on May 4, 2010 9:46 AM

JAXWS EJB3.0 Based WebService Authentication and Authorization - Weblogic

Hi Experts,
I need to Create a EJB3.0 WS where this Service has static Authentication and Authorization. How can I achieve it, any pointer.
TIA

The below sample is for basic authentication and authorization.
Web service
========
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.Remote;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.annotation.security.RolesAllowed;
import javax.ejb.SecurityRoles;
@Stateless(mappedName="com.slsbBean")
@Remote( { com.bea.Service.class})
@WebService(name="TransactionPortType", serviceName="TransactionService",
targetNamespace="http://example.org")
public class ServiceBean implements Service {
@WebMethod()
@RolesAllowed ( {"Admin","Manager"})
public void testMethod(String s) {
System.out.println("inside ejb method");
System.out.println("username : " + weblogic.security.SubjectUtils.getUserPrincipal(weblogic.security.Security.getCurrentSubject()));
Client
====
import java.util.Map;
import javax.xml.ws.BindingProvider;
public class Test {
public static void main(String[] args) {
TransactionService simple = new TransactionService();
TransactionPortType port = simple.getTransactionPortTypePort();
BindingProvider bindingProvider = (BindingProvider) port;
Map<String, Object> reqContext = bindingProvider.getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY, "XXXXXX");
reqContext.put(BindingProvider.PASSWORD_PROPERTY, "XXXXXX");
port.testMethod("hello");
Regards,
Sunil P

Form-based authentication problem with weblogic

Hi Everyone,
The following problem related to form-based authentication
was posted one week ago and no reponse. Can someone give it
a shot? One more thing is added here. When I try it on J2EE
server and do the same thing, I didn't encounter this error
message, and I am redirected to the homeage.
Thanks.
-John
I am using weblogic5.1 and RDBMSRealm as the security realm. I am having the following problem with the form-based authentication login mechanism. Does anyone have an idea what the problem is and how to solve it?
When I login my application and logout as normal procedure, it is OK. But if I login and use the browser's BACK button to back the login page and try to login as a new user, I got the following error message,
"Form based authentication failed. Could not find session."
When I check the LOG file, it gives me the following message,
"Form based authentication failed. One of the following reasons could cause it: HTTP sessions are disabled. An old session ID was stored in the browser."
Normally, if you login and want to relogin without logout first, it supposes to direct you to the existing user session. But I don't understand why it gave me this error. I also checked my property file, it appears that the HTTP sessions are enabled as follows,
weblogic.httpd.session.enable=true

Hi...
Hehe... I actually did implement the way you implement it. My login.jsp actually checks if the user is authenticated. If yes, then it will forward it to the home page. On the other hand, I used ServletAuthentication to solve the problem mentioned by Cameron where Form Authentication Failed usually occurs for the first login attempt. I'm also getting this error occasionally. Using ServletAuthentication totally eliminates the occurence of this problem.
I'm not using j_security_check anymore. ServletAuthentication does all the works. It also uses RDBMSRealm to authenticate the user. I think the biggest disadvantage I can see when using ServletAuthentication is that the requested resource will not be returned after authentication cause the page returned after authenticating the user is actually hard coded (for my case, it's the home.jsp)
cheers...
Jerson
"John Wang" <[email protected]> wrote:
>
Hi Jerson,
I tried your code this weekend, it didn't work in my case. But
I solved my specific problem other way. The idea behind my problem is that the user tries to relogin when he already logs in. Therefore, I just redirect the user into another page when he is getting the login page by htting the BACK button, rather than reauthenticate the user as the way you did.
But, I think your idea is very helpful if it could work. Problems such multiple concurrence logins can be solved by pre-processing.
In your new code, you solved the problem with a new approach. I am just wondering, do you still implement it with your login.jsp file? In other word, your action in login.jsp is still "Authenticate"? Where do you put the URL "j_security_check"?
Thanks.
-John
"Jerson Chua" <[email protected]> wrote:
I've solved the problem by using ServletAuthentication. So far I'm not getting the error message. One of the side effects is that it doesn't return the requested URI after authentication, it will always return the home page.
Jerson
package com.cyberj.catalyst.web;
import weblogic.servlet.security.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class Authenticate extends HttpServlet {
private ServletAuthentication sa = new ServletAuthentication("j_username", "j_password");
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException {
int authenticated = sa.weak(request, response);
if (authenticated == ServletAuthentication.NEEDS_CREDENTIALS ||
authenticated == ServletAuthentication.FAILED_AUTHENTICATION) {
response.sendRedirect("fail_login.jsp");
} else {
response.sendRedirect("Home.jsp");
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, java.io.IOException {
doPost(request, response);
"Jerson Chua" <[email protected]> wrote:
The problem is still there even if I use page redirection. Grrr... My boss wants me to solve this problem so what are the alternatives I can do? Are there any other ways of authenticating the user? In my web tier... I'm using isUserInRole, getRemoteUser and the web tier actually connects to EJBs. If I implement my custom authentication, I wouldn't be able to use this functionalities.
Has anyone solved this problem? I've tried the example itself and the same problem occurs.
Jerson
"Cameron Purdy" <[email protected]> wrote:
Jerson,
First try it redirected (raw) to see if that indeed is the problem ... then
if it works you can "fix" it the way you want.
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
+1.617.623.5782
WebLogic Consulting Available
"Jerson Chua" <[email protected]> wrote in message
news:[email protected]...
Hi...
Thanks for your suggestion... I've actually thought of that solution. Butusing page redirection will expose the user's password. I'm thinking of
another indirection where I will redirect it to another servlet but the
password is encrypted.
What do you think?
thanks....
Jerson
"Cameron Purdy" <[email protected]> wrote:
Maybe redirect to the current URL after killing the session to let the
request clean itself up. I don't think that a lot of the request (such
as
remote user) will be affected by killing the session until the nextrequest
comes in.
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
+1.617.623.5782
WebLogic Consulting Available
"Jerson Chua" <[email protected]> wrote in message
news:[email protected]...
Hello guys...
I've a solution but it doesn't work yet so I need your help. Because
one
of the reason for getting form base authentication failed is if an
authenticated user tries to login again. For example, the one mentionedby
John using the back button to go to the login page and when the user logsin
again, this error occurs.
So here's my solution
Instead of submitting the page to j_security_check, submit it to a
servlet
which will check if the user is logged in or not. If yes, invalidates its
session and forward it to j_security_check. But there's a problem in this
solution, eventhough the session.invalidate() (which actually logs theuser
out) is executed before forwarded to j_security_check, the user doesn't
immediately logged out. How did I know this, because after calling
session.invalidate, i tried calling request.RemoteUser() and it doesn't
return null. So I'm still getting the error. What I want to ask you guyis
how do I force logout before the j_security_check is called.
here's the code I did which the login.jsp actually submits to
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class Authenticate extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponseresponse)
throws ServletException, java.io.IOException {
if (request.getRemoteUser() != null) {
HttpSession session = request.getSession(false);
System.out.println(session.isNew());
session.invalidate();
Cookie[] cookies = request.getCookies();
for (int i = 0; i < cookies.length; i++) {
cookies.setMaxAge(0);
getServletContext().getRequestDispatcher("/j_security_check").forward(reques
t, response);
public void doGet(HttpServletRequest request, HttpServletResponseresponse)
throws ServletException, java.io.IOException {
doPost(request, response);
let's help each other to solve this problem. thanks.
Jerson
"Jerson Chua" <[email protected]> wrote:
I thought that this problem will be solved on sp6 but to my
disappointment, the problem is still there. I'm also using RDBMSRealm,same
as John.
Jerson
"Cameron Purdy" <[email protected]> wrote:
John,
1. You are using a single WL instance (i.e. not clustered) on that
NT
box
and doing so without a proxy (e.g. specifying http://localhost:7001),
correct?
2. BEA will pay more attention to the problem if you upgrade to SP6.If
you don't have a reason NOT to (e.g. a particular regression), then
you
should upgrade. That will save you one go-around with support: "Hi,I
am
on SP5 and I have a problem.", "Upgrade to SP6 to see if that fixes
it.
Call back if that doesn't work."
3. Make sure that you are not doing anything special before or after
J_SECURITY_CHECK ... make sure that you have everything configuredand
done
by the book.
4. Email BEA a bug report at [email protected] ... see what they say.
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
+1.617.623.5782
WebLogic Consulting Available
"John Wang" <[email protected]> wrote in message
news:[email protected]...
Cameron,
It seems to me that the problem I encountered is different a little
from
what you have, evrn though the error message is the same eventually.
Everytime I go through, I always get that error.
I am using weblogic5.1 and sp5 on NT4.0. Do you have any solutions
to
work
around this problem? If it was a BUG as you
pointed out, is there a way we can report it to the Weblogic
technical support and let them take a look?
Thnaks.
-John
"Cameron Purdy" <[email protected]> wrote:
John,
I will verify that I have seen this error now (after having read
about it
here for a few months) and it had the following characteristics:
1) It was intermittent, and appeared to be self-curing
2) It was not predictable, only seemed to occur at the first
login
attempt,
and may have been timing related
3) This was on Sun Solaris on a cluster of 2 Sparc 2xx's; the
proxy
was
Apache (Stronghold)
4) After researching the newsgroups, it appears that this "bug"
may
have gone away temporarily (?) in SP5 (although Jerson Chua
<[email protected]> mentioned that he still got it in SP5)
I was able to reproduce it most often by deleting the tmpwar and
tmp_deployments directories while the cluster was not running,
then
restarting the cluster. The first login attempt would fail(roughly
90%
of
the time?) and that server instance would then be ignored by the
proxy
for a
while (60 seconds?) -- meaning that the proxy would send all
traffic,
regardless of the number of "clients", to the other server in thecluster.
As far as I can tell, it is a bug in WebLogic, and probably has
been
there
for quite a while.
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
+1.617.623.5782
WebLogic Consulting Available
"John Wang" <[email protected]> wrote in message
news:[email protected]...
Hi Everyone,
The following problem related to form-based authentication
was posted one week ago and no reponse. Can someone give it
a shot? One more thing is added here. When I try it on J2EE
server and do the same thing, I didn't encounter this error
message, and I am redirected to the homeage.
Thanks.
-John
I am using weblogic5.1 and RDBMSRealm as the security realm. I
am
having
the following problem with the form-based authentication login
mechanism.
Does anyone have an idea what the problem is and how to solve it?
When I login my application and logout as normal procedure, it
is
OK.
But
if I login and use the browser's BACK button to back the login
page
and
try
to login as a new user, I got the following error message,
"Form based authentication failed. Could not find session."
When I check the LOG file, it gives me the following message,
"Form based authentication failed. One of the following reasons
could
cause it: HTTP sessions are disabled. An old session ID was stored
in
the
browser."
Normally, if you login and want to relogin without logout first,
it
supposes to direct you to the existing user session. But I don'tunderstand
why it gave me this error. I also checked my property file, it
appears
that
the HTTP sessions are enabled as follows,
weblogic.httpd.session.enable=true

Authentication rerror on weblogic

Similar Messages

Maybe you are looking for