Custom asserter provider for Atuhentication Basic header.

Hello,
Is it possible to create an asserter provider to obtain the basic authentication header?
I tried to create it by following the documentation: http://docs.oracle.com/cd/E23943_01/web.1111/e13718/ia.htm
But when I configure a proxy from OSB to use "custom authentication" and select the header "Authorization", not take it.
Thanks.

I think it should be possible after turning off basic auth check on WLS by setting off enforce-valid-basic-auth-credentials in weblogic

Similar Messages

Custom authorization provider for WL7 problem (not getting all parameters from ContextHandler)

I'm implementing a custom authorization provider for WebLogic 7.
In my Access Decision isAccessAllowed method I need to check values of
the parameters passed to an EJB method. Now, if an EJB method I have
two parameters of the same type, for example int, when I get
ContextElement array from ContextHandler and iterate through it to get
names and values of the parameters I get the same value (value of the
first int parameter) from both ContextElement's.
Here is the code:
String [] names = ch.getNames();
for (int i = 0; i < names.length; i++)
String name = names;
System.out.println("name = " + name);//here it gets array of
Strings, which contains two parameter names: "int","int",
which are the types of EJB method parameters
ContextElement[] ces= ch.getValues(names);
for (int j = 0; j < ces.length; j++)
     ContextElement ce = ces[j];
     System.out.println(ce.getName()+ " = " + ce.getValue());
//here if the value of the first int was 2 and the second 0,
it would get 2 from both ContextElements (each of ContextElements will
have name "int"
If I try this with method parameters of different types, for example
int with value 2 and long with value 0, then this code work fine -
first ContextEleement has name int and value 2 and the second has name
long and value 0.
Thanks,
-Oleg Kozlov.

I'm implementing a custom authorization provider for WebLogic 7.
In my Access Decision isAccessAllowed method I need to check values of
the parameters passed to an EJB method. Now, if an EJB method I have
two parameters of the same type, for example int, when I get
ContextElement array from ContextHandler and iterate through it to get
names and values of the parameters I get the same value (value of the
first int parameter) from both ContextElement's.
Here is the code:
String [] names = ch.getNames();
for (int i = 0; i < names.length; i++)
String name = names;
System.out.println("name = " + name);//here it gets array of
Strings, which contains two parameter names: "int","int",
which are the types of EJB method parameters
ContextElement[] ces= ch.getValues(names);
for (int j = 0; j < ces.length; j++)
     ContextElement ce = ces[j];
     System.out.println(ce.getName()+ " = " + ce.getValue());
//here if the value of the first int was 2 and the second 0,
it would get 2 from both ContextElements (each of ContextElements will
have name "int"
If I try this with method parameters of different types, for example
int with value 2 and long with value 0, then this code work fine -
first ContextEleement has name int and value 2 and the second has name
long and value 0.
Thanks,
-Oleg Kozlov.

Weblogic identity assertion provider for apache

I am using apache reverse proxy to handle the user authentication. My work env. is
a) apache reverse proxy
b) mod_auth_tkt (single sign on module for apache)
c) weblogic portal server
once the user is authenticated against mod_auth_tkt/active directory, apache generates cookie/ticket based on MD5 checksum.
I need to pass the credentials from apache to weblogic.
My question is
a) Can I use any weblogic identity assertion provider which comes weblogic server product or do i have to develop custom weblogic identity assertion provider. Please advise
Thanks
Prabu

*1-Can you please double check that your latest version of your web application is deployed ?*
I have checked the application and can confirm that the correct application is deployed. With the auth-method as just BASIC (no CLIENT-CERT) I see the following behaviour:
- With a Negotiate Identity Asserter Provider I see both WWW-Authenticate: Negotiate and WWW-Authenticate: Basic
- Without a Negotiate Identity Asserter Provider I see just WWW-Authenticate: Basic
*2-I believe there is no intermediary web server (like IIS) between your client and WLS ? A third part may add additional authentication request in the http header. If there is an intermediary exist, can you please avoid it for your tests.*
I can confirm that there is no intermediary server between me and Weblogic.
*3-Can you please check "weblogic.security.enableNegotiate" system parameter value. If it is true can you please set it to false and test your app again ?*
I have weblogic.security.enableNegotiate set to true. I tried setting it to false and it seems I still see the same behaviour I described above in my answer to question 1.
*3-Although I'm quite sure that Negotiate Identity Assertion Provider would not work for your app, can you please remove it and repeat your tests again. If you detect that it's because of the Negotiate Identity Assertion Provider, that you can consider open a bug request in Oracle Support system.*
When I remove the Negotiate Identity Assertion Provider, I no longer see a WWW-Authenticate: Negotiate challenge in the response.
Edited by: user1992925 on 16/05/2010 17:06

How to create custom profile provider for fba user

Hello Every One
I have one SharePoint 2010 web application and on this FBA is configured. With help of code how can I get and set custom property for a user in
“aspnet_Profile” table in Database.
I have also try this config setting in web.config but not able to set or get profile property.
<anonymousIdentification enabled="true" />
<profile defaultProvider="AspNetSqlProfileProvider">
<providers>
<clear />

<add name="Demo_ProfileProvider" connectionStringName="fbaSQL" applicationName="/" type="System.Web.Profile.SqlProfileProvider,System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
<properties>
<add name="ThemeName" type="String" allowAnonymous="true" />
<add name="NoOfVisits" type="int" allowAnonymous="true" />
</properties>
</profile>
</system.web>
thanks
navaratan
Navaratan Sharma

Solution for this problem is
do following entry in web.config
<anonymousIdentification enabled="true" />
<profile enabled="true" defaultProvider="AspNetSqlProfileProvider">
<providers>
<clear />


<add name="AspNetSqlProfileProvider" connectionStringName="fbaSQL" applicationName="/" type="System.Web.Profile.SqlProfileProvider,System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
<properties>
<add name="ThemeName" type="String" allowAnonymous="true" />
<add name="NoOfVisits" type="int" allowAnonymous="true" />
</properties>
</profile>
</system.web>
code for get and set Profile property is
protected void OnClickbtn(object sender, EventArgs e)
try
ProfileBase profile = System.Web.Profile.ProfileBase.Create(HttpContext.Current.User.Identity.Name);
profile["ThemeName"] = txtTheme.Text;
profile["NoOfVisits"] = int.Parse( txtNoOfVisits.Text);
profile.Save();
catch (Exception ex)
protected void OnClickbtnGet(object sender, EventArgs e)
try
ProfileInfoCollection profiles = ProfileManager.GetAllProfiles(ProfileAuthenticationOption.All);
foreach (ProfileInfo profileInfo in profiles)
ProfileBase profile = ProfileBase.Create(profileInfo.UserName);
// add condition for user
txtTheme.Text = (string)profile.GetPropertyValue("ThemeName");
txtNoOfVisits.Text = Convert.ToString((int)profile.GetPropertyValue("NoOfVisits"));
SPUser user = SPContext.Current.Web.CurrentUser;
catch (Exception ex)
thanks
navaratan
Navaratan Sharma

OSB Custom Report Provider Sample - in Eclilpse

I am writing a custom report provider in OSB based on the example here: http://ias.us.oracle.com/portal/page?_pageid=33,2462026&_dad=portal&_schema=PORTAL
I downloaded that and compiled it fine using ant.
Now I am trying to bring the code into Eclipse and modify the custom report provider for my needs.
I can't jar files to add to my project to resolve the following imports:
import org.apache.xmlbeans.XmlOptions;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlTokenSource;
import com.bea.wli.reporting.ReportingDataHandler;
import com.bea.wli.reporting.MessagecontextDocument;
I looked at the build.xml and this is what it has in the compile target:
<target name="compile">
<echo message=">>>>>> compile >>>>>>"/>
<echo message="debug = ${debug}, optimize = ${optimize}, deprecation = ${deprecation}"/>
     <javac srcdir="${custom.report.provider.src.dir}"
destdir="${build.custom.report.provider.dir.classes}"
          classpath="${sb.lib.common.dir}/reporting-api.jar
          :${sb.lib.dir}/alertfwk.jar"
deprecation="${deprecation}"
debug="${debug}"
optimize="${optimize}"
source="1.5"/>
<copy file="${custom.report.provider.dir}/custom_provider.properties"
          todir="${build.custom.report.provider.dir.classes}/com/bea/alsb/fileprovider"
overwrite="true"/>
<echo message=">>>>>> Done compile >>>>>>"/>
</target>
I think that means it's using these:
classpath="${sb.lib.common.dir}/reporting-api.jar
          :${sb.lib.dir}/alertfwk.jar"
but I cannot find those in my OSB directories.
I'm sure this is something simple, but I'm a little confused right now as to how the ant build works when I can't find these jars. Glad it does but I was hoping to work on this and compile my version in eclipse.
any advice or insight is appreciated.

Thanks. It resolved the com.bea.wli.reporting.* imports fine once I added the alsb.jar.
I had to add the weblogic jar from my D:\Oracle\Middleware\wlserver_10.3\server\lib for it to resolve the imports for XmlBeans and the imports in the ApplicationListener.java file.
Now everything compiles fine in Eclipse.

Custom Security Provider impossible to remove the MBean Jar File

Hi,
I am currently developping a custom security provider for Weblogic. I
have deploy my Mbean File Jar on a remote server weblogic running on
solaris. NO authentication provider for this security provider has
been defined in the console, it means there is no link with this
security provider. Nevertheless, when I remove the MJF the server
crashes when starting:
<...>
<May 21, 2003 3:37:08 PM CEST> <Critical> <WebLogicServer> <000364>
<Server failed during initialization.
Exception:weblogic.management.configuration.ConfigurationException: -
with nested exception:
[javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.]
javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.
at weblogic.management.commo.CommoModelMBean.load(CommoModelMBean.java:588)
at weblogic.management.commo.Commo.initInstances(Commo.java:241)
at weblogic.management.commo.Commo.init(Commo.java:125)
at weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:477)
at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:659)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<...>
I have been looking through all the config file where the MJF
(removed) could be linked but I did not find anything.
I am really confused because with my local weblogic running on
win2000, there is no problem to remove this MJF.
Thx in advance,
tiggy

Tiggy,
Remove the userConfig directory under your domain directory. That should
fix the problem.
Thanks,
~satya
Tiggy wrote:
Hi,
I am currently developping a custom security provider for Weblogic. I
have deploy my Mbean File Jar on a remote server weblogic running on
solaris. NO authentication provider for this security provider has
been defined in the console, it means there is no link with this
security provider. Nevertheless, when I remove the MJF the server
crashes when starting:
<...>
<May 21, 2003 3:37:08 PM CEST> <Critical> <WebLogicServer> <000364>
<Server failed during initialization.
Exception:weblogic.management.configuration.ConfigurationException: -
with nested exception:
[javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.]
javax.management.MBeanException: Commo type:
be.fgov.minfin.ccff.security.provider.CCFFSimpleSampleAuthenticator is
not loaded. Checks MJFs.
at weblogic.management.commo.CommoModelMBean.load(CommoModelMBean.java:588)
at weblogic.management.commo.Commo.initInstances(Commo.java:241)
at weblogic.management.commo.Commo.init(Commo.java:125)
at weblogic.management.AdminServerAdmin.initializeCommo(AdminServerAdmin.java:477)
at weblogic.management.AdminServerAdmin.initialize(AdminServerAdmin.java:108)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:659)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<...>
I have been looking through all the config file where the MJF
(removed) could be linked but I did not find anything.
I am really confused because with my local weblogic running on
win2000, there is no problem to remove this MJF.
Thx in advance,
tiggy

OEPE can't launch server that uses custom Security provider

I recently migrated a Weblogic 8.1 server that we had a custom security provider for, to 10.3.2. It works fine when started with the startWeblogic.cmd file but when I try to start it using OEPE in eclipse it starts fine and runs fine but OEPE reports that
"Unable to validate WebLogic domain.Please make sure the running WebLogic instance is an Administration Server"
When I look at the Error Log it appears that it thinks one of my custom security classes is not found. But the server is running fine, so it is fine, it's on the classpath via the use of the EXT_PREPEND_CLASSPATH environment variable.
I am running Weblogic 10.3.2 on Windows XP using eclipse Ganymede 3.5.2 and OEPE version 1.5.0.201003170852
Here's the Error Log:
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Error
Thu May 13 14:25:11 EDT 2010
Server Weblogic 10.3 failed to start.
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Error
Thu May 13 14:25:10 EDT 2010
Another server (or another process) is running on the same TCP/IP port '7001'.
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Warning
Thu May 13 14:25:10 EDT 2010
Unable to validate WebLogic domain.
Please make sure the running WebLogic instance is an Administration Server
eclipse.buildId=
java.version=1.6.0_03
java.vendor=Sun Microsystems Inc.
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86 -product org.eclipse.epp.package.jee.product
This is a continuation of log file C:\tools\eclipse-workspaces\galileo\.metadata\.bak_3.log
Created Time: 2010-05-12 14:04:01.549
Error
Thu May 13 14:25:10 EDT 2010
java.io.IOException
     at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:187)
     at weblogic.management.remote.common.ClientProviderBase.newJMXConnector(ClientProviderBase.java:81)
     at javax.management.remote.JMXConnectorFactory.newJMXConnector(Unknown Source)
     at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
     at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.createConnector(WlsJMXHelper.java:269)
     at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.connectToJMX(WlsJMXHelper.java:76)
     at oracle.eclipse.tools.weblogic.server.internal.WlsJMXHelper.getDomainAttribute(WlsJMXHelper.java:139)
     at oracle.eclipse.tools.weblogic.server.internal.WlsJ2EEDeploymentHelper.validateRemote(WlsJ2EEDeploymentHelper.java:1687)
     at oracle.eclipse.tools.weblogic.server.internal.WeblogicServerBehaviour.validateRemote(WeblogicServerBehaviour.java:2646)
     at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.runOnce(ServerWatcher.java:574)
     at oracle.eclipse.tools.weblogic.server.internal.ServerWatcher.run(ServerWatcher.java:482)
     at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException [Root exception is weblogic.rjvm.PeerGoneException: ; nested exception is:
     weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream]
     at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:74)
     at weblogic.jndi.internal.WLContextImpl.translateException(WLContextImpl.java:452)
     at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:408)
     at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:393)
     at javax.naming.InitialContext.lookup(Unknown Source)
     at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:170)
     ... 11 more
Caused by: weblogic.rjvm.PeerGoneException: ; nested exception is:
     weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream
     at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
     at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
     at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
     at weblogic.jndi.internal.ServerNamingNode_1032_WLStub.lookup(Unknown Source)
     at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:405)
     ... 14 more
Caused by: weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream
     at weblogic.rjvm.RJVMImpl.gotExceptionReceiving(RJVMImpl.java:957)
     at weblogic.rjvm.ConnectionManager.gotExceptionReceiving(ConnectionManager.java:1030)
     at weblogic.rjvm.MsgAbbrevJVMConnection.gotExceptionReceiving(MsgAbbrevJVMConnection.java:459)
     at weblogic.rjvm.t3.MuxableSocketT3.hasException(MuxableSocketT3.java:327)
     at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:784)
     at weblogic.socket.SocketMuxer.deliverHasException(SocketMuxer.java:724)
     at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:359)
     at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
     at weblogic.work.ExecuteRequestAdapter.execute(ExecuteRequestAdapter.java:21)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Caused by: java.lang.AssertionError: Exception creating response stream
     at weblogic.rjvm.MsgAbbrevJVMConnection.readMsgAbbrevs(MsgAbbrevJVMConnection.java:238)
     at weblogic.rjvm.MsgAbbrevInputStream.init(MsgAbbrevInputStream.java:173)
     at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:439)
     at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:322)
     at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
     at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:915)
     at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:844)
     at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:335)
     ... 4 more
Caused by: java.lang.ClassNotFoundException: com.companyname.security.principal.CompanyNameWebLogicPrincipal
     at java.net.URLClassLoader$1.run(Unknown Source)
     at java.security.AccessController.doPrivileged(Native Method)
     at java.net.URLClassLoader.findClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClass(Unknown Source)
     at java.lang.ClassLoader.loadClassInternal(Unknown Source)
     at java.lang.Class.forName0(Native Method)
     at java.lang.Class.forName(Unknown Source)
     at java.io.ObjectInputStream.resolveClass(Unknown Source)
     at java.io.ObjectInputStream.readNonProxyDesc(Unknown Source)
     at java.io.ObjectInputStream.readClassDesc(Unknown Source)
     at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
     at java.io.ObjectInputStream.readObject0(Unknown Source)
     at java.io.ObjectInputStream.readObject(Unknown Source)
     at java.util.LinkedList.readObject(Unknown Source)
     at sun.reflect.GeneratedMethodAccessor46.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
     at java.io.ObjectInputStream.readSerialData(Unknown Source)
     at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
     at java.io.ObjectInputStream.readObject0(Unknown Source)
     at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
     at java.io.ObjectInputStream.readSerialData(Unknown Source)
     at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
     at java.io.ObjectInputStream.readObject0(Unknown Source)
     at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
     at java.io.ObjectInputStream.defaultReadObject(Unknown Source)
     at weblogic.security.acl.internal.AuthenticatedSubject.readObject(AuthenticatedSubject.java:406)
     at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
     at java.io.ObjectInputStream.readSerialData(Unknown Source)
     at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
     at java.io.ObjectInputStream.readObject0(Unknown Source)
     at java.io.ObjectInputStream.readObject(Unknown Source)
     at weblogic.rjvm.InboundMsgAbbrev.readObject(InboundMsgAbbrev.java:65)
     at weblogic.rjvm.InboundMsgAbbrev.read(InboundMsgAbbrev.java:37)
     at weblogic.rjvm.MsgAbbrevJVMConnection.readMsgAbbrevs(MsgAbbrevJVMConnection.java:227)
     ... 11 more

I am also facing the same issue.
i am running my web service program on tomcat. the server is weblogic 9.1. I am trying to invoke the EJBs running on the server from the tomcat.
i am getting similar exception. anyone got a solution for this ?
Caused by: weblogic.rjvm.PeerGoneException: ; nested exception is:weblogic.utils.NestedException: java.lang.AssertionError: Exception creating response stream at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
thanks
Kiranlal.

OWSM Custom Assertion for OSB RESTful Proxy Service

Hello,
I have implemented a Custom OWSM Assertion to authenticate requests with a custom token placed in a HTTP header. I can assign this assertion to a SOAP proxy service as a security policy. However I am not able to assign the very same policy to a Restful JSON service (Proxy service defined as messaging service with text message type). I am getting this error:
[OSB Kernel:398128]One of the Web service policy attached is not allowed on service default/RESTful because the service binding does not support it
My policy:
<wsp:Policy xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:custom="http://custom"
    orawsp:status="enabled"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" orawsp:category="security"
    orawsp:attachTo="binding.server" wsu:Id="http_customtoken_authentication_policy"
    xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    wsp:Name="custom/http_customtoken_authentication_policy">
    <custom:customTokenHttpAuthentication
        orawsp:Silent="true" orawsp:Enforced="true"
        orawsp:name="Http custom token Authentication" orawsp:category="security/authentication" >
        <orawsp:bindings>
            <orawsp:Config orawsp:name="authenticationassertion"
                orawsp:configType="declarative">
                <orawsp:PropertySet orawsp:name="headerName">
                    <orawsp:Property orawsp:name="headerName"
                        orawsp:type="string" orawsp:contentType="constant">
                        <orawsp:Value>CustomToke</orawsp:Value>
                    </orawsp:Property>
                </orawsp:PropertySet>
            </orawsp:Config>
        </orawsp:bindings>
    </custom:customTokenHttpAuthentication>
</wsp:Policy>
My OSB version is OSB 11g PS6 and in this version, OWSM policies are supported for Restful services. Interesting is, that the built-in policy oracle/http_basic_auth_over_ssl_service_policy can be assigned to my Restful service. Do you know a solution for the problem, how can I assign my custom assertion to the Restful service? Anything special is needed in the policy definition?
Thanks.
Marian

Hi Vinoth,
The users/groups are picked up from the LDAP configured in Security Realms->myRealm->Providers
You basically have 2 options:
- You can configure your LDAP in Providers
- Use the DefaultAuthenticator that weblogic provides you by default.
If you do not want to configure an LDAP, and want to use weblogic's default, then all you have to do is add users and groups in Security Realms->myRealm->Users and Groups
Do mark this as useful or answered, if this has helped.

Where to upload custom JACC provider jar for AS9.1 (Glassfish V2 Beta 1)?

Hello,
as I do have some issues with SOAPMessage object on AS9.0U1 as described here: http://forum.java.sun.com/thread.jspa?threadID=5162508
I'm also trying to duplicate this issue on AS9.1 (Glassfish V2 Beta 1). At the first I need to deploy our custom JACC provider. I've provided correct setup in admin console Configuration -> Security -> JACC providers, I've also switched to use this provider and as I'm used to, I've uploaded JACC provider jar file to the domains/domain1/lib directory. The problem is, it's not working since starting AS9.1 complains about not found class of my provider. As I said, this is exactly how it's working for me on AS9.0U1. Anyway, I've tried to upload the jacc provider jar file to domains/domain1/lib/ext, but then starting AS9.1 complains about missing javax/security/jacc/PolicyContextException. Whole error message in the server log looks like:
[#|2007-04-20T10:12:52.015+0200|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=10;_ThreadName=main;com.objectsecurity.openpmf.jacc.Policy;|SEC1143: Loading policy provider com.objectsecurity.openpmf.jacc.Policy.|#]
[#|2007-04-20T10:12:52.031+0200|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=10;_ThreadName=main;_RequestID=822161e0-8f06-433a-b052-fb42afffb14a;|java.lang.reflect.InvocationTargetException
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:585)
     at com.sun.enterprise.server.PELaunch.main(PELaunch.java:272)
Caused by: java.lang.NoClassDefFoundError: javax/security/jacc/PolicyContextException
     at java.lang.Class.forName0(Native Method)
     at java.lang.Class.forName(Class.java:164)
     at com.sun.enterprise.security.PolicyLoader.loadPolicy(PolicyLoader.java:133)
     at com.sun.enterprise.security.SecurityLifecycle.onInitialization(SecurityLifecycle.java:96)
     at com.sun.enterprise.server.ApplicationServer.onInitialization(ApplicationServer.java:240)
     at com.sun.enterprise.server.ondemand.OnDemandServer.onInitialization(OnDemandServer.java:93)
     at com.sun.enterprise.server.PEMain.run(PEMain.java:316)
     at com.sun.enterprise.server.PEMain.main(PEMain.java:260)
     ... 5 more
Please note that com.objectsecurity.openpmf.jacc.Policy is a Policy provider of our own JACC provider.
My question is: where exactly to upload JACC provider jar file in order to have it working correctly?
Thanks!
Karel

Did you solve this problem? I've been spinning my head over this. I reinstalled my jdk, reinstalled glassfish, and updated my java.policy file and I still get the same problem.

NAM 3.2.1 Custom Authentication Class for BASIC not loaded

Hi!
Im trying to write a custom authentication class for
BASIC/PROTECTED_BASIC, so I started with the PasswordClass sample from
SDK novell-nacm3_2-devel-2012.08.10.tar.gz, stripped out the
STSAuthenticationClass and changed the type to
AuthnConstants.PROTECTED_PASSWORD --> and it works!
public String getType() {
return AuthnConstants.PROTECTED_PASSWORD;
Next I wanted to create a custom BASIC auth class by changing the type
to AuthnConstants.BASIC / AuthnConstants.PROTECTED_BASIC
public String getType() {
return AuthnConstants.PROTECTED_BASIC;
but now IDP complains about the unsupported type.
<amLogEntry> 2012-12-20T15:11:17Z WARNING NIDS Application:
AM#300105006: AMDEVICEID#FC77EC2A45509E7B: Failed to load
authentication class due to unsupported type: ITdBasicTestClass
</amLogEntry>
Im running NAM 3.2.1 single box appliance for development/testing.
There is an old thread here, that looks like the same issue:
http://tinyurl.com/c6eawj6
Any hits?
regards
Thomas
PS: What i really want to solve is strip out the Domain from the
username on basic authentication since most MS apps/clients provide the
username in format DOMAIN\USER...
reibenwein
reibenwein's Profile: https://forums.netiq.com/member.php?userid=1382
View this thread: https://forums.netiq.com/showthread.php?t=46430

hmmm, well try writing the value out to stderr and see if you can at least make sure you are getting
a good read.
Like a System.out.println(AuthnConstants.PROTECTED_PASSWO RD);
I ran into some strange stuff where some constants had no values for no apparent reason when they
should.
I would also try supplying the actual value instead of the constant and see if it goes through that
way. ("ProtectedBasic")
On 1/10/2013 11:14 AM, reibenwein wrote:
>
> Hi!
>
>
> I copied com.novell.nam.authentication.PasswordClass to start with my
> test custom auth class. It includes a method getType() like this:
>
> /**
> * Get the authentication type this class implements
> *
> * @return returns the authentication type represented by this
> class
> */
> public String getType() {
> return AuthnConstants.PROTECTED_PASSWORD;
> }
>
>
> --> IDP loads my custom auth class, as long as a leave getType()
> returning AuthnConstants.PROTECTED_PASSWORD! But this is form base
> authentication. According to the API documentation (see page 17 in
> namc_enu.pfd within the sdk download), getType should
> returnAuthnConstants. PROTECTED_BASIC for secure Basic authentication
> (or AuthnConstants.BASIC for non SSL Basic auth). So i changed getType()
> like this:
>
>
> /**
> * Get the authentication type this class implements
> *
> * @return returns the authentication type represented by this class
> */
> public String getType() {
> return AuthnConstants.PROTECTED_BASIC;
> }
>
>
> --> and then IPD comes with the error "Failed to load authentication
> class due to unsupported type"...
>
>
> regards,
> Thomas
>
>

Building an Admin Console Extension for a Custom Security Provider

I am looking for an example or a description how to build an Administration Console extension for a custom Authentication Provider.
Especially the creation page for the provider is interesting because I am not able to create and register the required Authentication Provider MBean.
The call “mbeanHome.getMBeanServer().createMBean(className,objectname)” always throws the following Exception “javax.management.ReflectionException: The MBean class could not be loaded by the default loader repository”
Even if I try the class “weblogic.security.providers.authentication.IPlanetAuthenticator”, that is part of the bea distribution, the same exception is thrown.
It seams that the Problem has something to do with class loaders?
When I use the standard admin console pages to create and configure my provider everything works fine.
The only example “kennedy0208.zip” I found in the net does not deal with the creation of the MBean.
It only customizes the edit pages for the provider and at that point the MBean has already been created by the standard admin pages.
Maybe the author discovered the same Problems and gave up!?
What makes me wondering is that I have to put my MBean Classes to my console extension war file to be able to import the packages in my jsp.
If I not put the classes to my war the compiler throws an exception because he can’t resolve the package.
Because I moved my provider implementation jar to the directory “WLHOME\server\lib\mbeantypes” as described in the bea documentation it should run without putting the classes to the war!?!
I am very surprised that the bea documentation does not provide any example about this topic.

Found it. Cut and paste error. I still had one of their example class
names in my code. Oops.

Problem in adding Custom Provider for Work Management Service

Hello,
I'm facing an issue in adding custom provider for work management service. As you are aware, Work management service is a Provider model and we
can integrate with other systems by adding custom providers. So with that confidence, i have started writing a connector as mentioned below.
Step - 1: Added new provider xml in the below path
"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\CONFIG\WorkManagementService\Providers"
Provider Name: provider.bizagitasklist
Provider XML Content:
<Provider ProviderKey="DAA52AF3-A147-4086-8C0C-82D2F83A089D" OverrideProviderKey="" Assembly="adidas.TaskProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5d6f3e6be60a351b" > </Provider>
Step -2: Added a class which inherits "IWmaTaskProvider" and implemented the override methods.
public class BizAgiTaskListProvider : IWmaTaskProvider
public string LocalizedProviderName
get { return "BizAgiTaskListProvider"; }
public string ProviderName
get { return "BizAgiTaskListProvider"; }
public Microsoft.Office.Server.WorkManagement.CalloutInfo GetCalloutInfo(IWmaTaskContext context, string taskExternalKey, string locationExternalKey)
return null;
public DashboardExtensionInfo GetDashboardExtensionInfo(IWmaBasicProviderContext context)
return new DashboardExtensionInfo { ClassName = "SP.UI.SharePointExtension" };
public BulkEditResult HandleBulkEdits(IWmaTaskContext context, BulkEdit updates)
return null;
public TaskEditResult HandleTaskEdit(IWmaTaskContext context, BaseAggregatorToProviderTaskUpdate taskUpdate)
return null;
public void RefreshSingleTask(IWmaTaskRefreshContext context, string externalKey)
public void RefreshTasks(IWmaTaskRefreshContext context)
//context.WriteProviderCustomData(
Step – 3: Written a class to fetch the tasks from BizAgi System which has method to provide the task data.
But I’m not able to feed those tasks in the class written in Step – 2 as I’m able to find any method which will take Tasks as Input and I’m not
sure about the format of tasks.
I’m able to debug the provider, and the breakpoint hitting in only one method and two properties.
(LocalizedProviderName, ProviderName, GetDashboardExtensionInfo).
Can you please help me to proceed further in implementing the above solution?
Best Regards
Mahesh

Hi Mahesh,
Although the implementation of work management service application is based on the provider model, I reckon the current SP 2013 RTM does not support custom providers. Only SharePoint task lists, Project server and MS Exchange are supported for now.
Regards,
Yatin

Unable to save changes in console for a custom security provider

I built a custom security provider and dropped it in the mbeantypes folder. This gets picked up by weblogic. I then try to modify the control flags and make it SUFFICIENT. I reboot the server but when i log back in the control flag is reset to OPTIONAL. It not saving the data to the xml file. We are running it on a UNIX box.

Hi,
I solved the problem by myself.
The log area was at 100%, that's why the configtool wasn't able to save my changes.
Now I changed the backup properties for the log files to AutoLog (in the Backup Wizard) and it works fine.
Best regards,
Christian

Custom Role Provider has issue with AuthorizeAttribute for MVC

Hi, I am developing a MVC 5 application with custom role provider, but it seems that the AuthorizeAttribute never call my customer role provider, my code is as below:
My Customer provider:
namespace MyDomain
public class CustomRoleProvider : RoleProvider
public override string[] GetRolesForUser(string username)
using (MyContext objContext = new MyContext())
var objUser = objContext.Users.FirstOrDefault(x => x.Username == username);
if (objUser == null)
return null;
else
string[] ret = { objUser.Access_Levels.Name };
return ret;
public override bool IsUserInRole(string username, string roleName)
var userRoles = GetRolesForUser(username);
return userRoles.Contains(roleName);
My controller:
[Authorize(Roles = "Administrator")]
public class AdminController : Controller
And Web.Config:
<system.web>
<roleManager defaultProvider="CustomRoleProvider" enabled="true" >
<providers>
<clear />
<add name="CustomRoleProvider" type="Online_Storage_Portal.CustomRoleProvider" cacheTimeoutInMinutes="30"/>
</providers>
</roleManager>
</system.web>
Also my custom role provider is in the same project as my other controllers, I am able to call my custom role provider method with following code within my controller
String[] roles = Roles.GetRolesForUser(username)
but the controller with [Authorize(Roles = "Administrator")] always redirect the page to login screen, even the user login and role are both valued.
Please help!!

You should post this question to
ASP.NET MVC forums as problem relates more to that than C#. But the problem might relate to how you have set the principal the one that you can access from HttpContext.User property. I think that is the one where the roles are retrieved.

Using Federated Security in BizTalk against custom Token Provider and Custom Token

Hi,
I as the topic states, I'm trying to get BizTalk to use a Custom Token Provider with custom tokens.
So I thought this would be rather painless using ws2007FederationHttpBinding but got stuck. The problem is that the service expect soap action and a special structure (se example):
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsc="common.namespace" xmlns:ws="securitytoken.namespace">
   <soapenv:Header>
      <wsc:AutHeader>
Containing Custom Auth header information tags, about 20 or so
      </wsc:AutHeader>
   </soapenv:Header>
   <soapenv:Body>
      <ws:SECSSecurityTokenCreate_V1_0InputArgs>
         <ws:SecurityTokenCreateRequest>
            <ws:securityToken></ws:securityToken>
         </ws:SecurityTokenCreateRequest>
      </ws:SECSSecurityTokenCreate_V1_0InputArgs>
   </soapenv:Body>
</soapenv:Envelope>
Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<SECSSecurityTokenCreate_V1_0OutputArgs xmlns:ns2="common.namespace" xmlns="tokenservice,namespace">
<SecurityTokenCreateResponse>
<securityToken>  </securityToken>
</SecurityTokenCreateResponse>
<ResponseState>
<ns2:ErrorCode>0</ns2:ErrorCode>
<ns2:Severity>0</ns2:Severity>
<ns2:ComponentId>201</ns2:ComponentId>
<ns2:StrErrorCode xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" />
<ns2:Message>OK</ns2:Message>
<ns2:NativeError xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" />
<ns2:LogSequence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" />
</ResponseState>
</SECSSecurityTokenCreate_V1_0OutputArgs>
</soap:Body> </soap:Envelope>
Error Message in BizTalk, when I send message via ws2007FederationHTTPBinding to the SOAP service, as expected the soap structure dosent match the expected one from the server, most obvisly is the missing SOAP action and incorrect BODY element.
System.ServiceModel.ProtocolException: The content type text/html; charset=iso-8859-1 of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 521 bytes of the response were: '<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>Server</soap:Value>
</soap:Code>
<soap:Reason>

<soap:Text xml:lang="en">Missing operation for soapAction [null] and body element [{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken] with SOAP Version [SOAP 1.2]</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>'. ---> System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.GetResponse()
at System.Servi
My plan to solve this is to try using beahviors added to the "inner" wcf binding that will help reconstruct the message from the standard form that I has, but I'm a bit vorried that I start to solve this and later on I'll have to add custom handling
for token extraction and handling since the token should be placed in a custom header in the soap envelope with custom namespace =).
So my question is, could this be solved via sw2007FederationHttpBinding or is an orchestration and some custom code for signing the path forward?
Thanks in advance for any help or guidance!
/Mattias

It's a little tough to use sw2007FederationHttpBinding, I faced similar situation before. :(

Custom asserter provider for Atuhentication Basic header.

Similar Messages

Maybe you are looking for