Custom authenticator problem in 9.1
We are in the proccess of converting to 9.1 and unfortunately it is not going very smoothly. One of the problems we are running into is in our security module. Our custom authenticator appears to be creating the correct MDF file but after reading through the xml file it uses it seems to loop back and start creating duplicate classes in the created java file. Has anyone seen anything like this?
Hi, SCW -
Welcome to Apple's Discussions.
This may apply - http://discussions.apple.com/thread.jspa?messageID=607636&
Similar Messages
-
Clearing Interactive Report, custom authentication problem
I have written my own custom authentication for my apex app. It calls a custom function in the db that looks in a table for user/password. It works fine. Login works and when I save sort order for standard reports, they are saved between sessions.
However, for my interactive report the sort orders on my Interactive reports are being reset each time the user gets a new session id.
I'm not sure why this is happening. Any suggestions or ideas on why this happens when I don't use 'user cookies' (standard apex login)?
-Thanks,
-Ben Goodwin
Edited by: r0ckflite on Jan 26, 2012 4:19 PMHi r0ckflite,
are you sure you press on action (at report) --> save report --> change save "as named report" to "as default report settings" primary should be already marked the press Apply
this should work iam pretty sure...
regards,
blacksev -
Strange problem when using custom authentication schema
Hello,
I'm building a custom authentication system for the application. Basically, I followed the blog post from Martin: http://www.talkapex.com/2009/03/custom-authentication-status.html
However, the authentication seems working fine at the beginning when running the page 101 from Application Builder and log in, but when I log out from the application (redirect back to page 101) and try to log in with the same credentials, it gives error message "Invalid Login Credentials ". Also, when the application is accessed from public (open page 101 directly using another computer), the authentication doesn't work at all.
Furthermore, I checked the table apex_workspace_access_log and found out that it has "AUTH_SUCCESS" even if using the fake credentials and the login failed (I use "apex_util.set_authentication_result (p_code => 3);" when auth function return false).
I couldn't find the cause of the problem, then I created the same custom authentication in apex.oracle.com. The problem doesn't appear anymore. To make sure they are same, I have double checked the custom authentication in both the development environment and the apex.oracle.com.
This is very strange to me and I don't know where to looking for the problem. Could you give me some advice of what may cause this problem. Thanks in advance!I found the problem myself. The cause is the VPD, the account table has VPD policy applied, which prevented public access.
-
Problems with custom authentication when migrating from 3.2 to 4.1.1
Hi,
we’re about to upgrade our APEX instances to 4.1.1 and to migrate our applications. I encountered some problems with our custom authentication schema.
1. Recognize already authenticated sessions: in 3.2 the sentry function could return false as long as the user was not authenticated. Public pages could still be displayed (including the login page). The result of the function apex_custom_auth.is_session_valid returned false until once the sentry function returned true. How can I recognize non authenticated sessions in 4.1.1? I looked for the test the Condition “User is the public user (user has not authenticated)” computes on a page but didn’t found the right one. It’s not what docu states here (comparison with the public user): http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/condition001.htm#HTMDB25943. I replaced the test with p_authentication.username = ‘nobody’. It works. But that doesn’t seem to me to be the right way …
2. Post_logout lacks session context: the Post Logout Procedure does not receive a session_id and username. Neither the V(‘APP_SESSION’) nor p_authentication.session_id are set. This applies to both plugin authentication schemes and non-plugin custom authentication schemes. Is there another way to obtain the logged-out sessions infos or is this a bug?
See apex.oracle.com for a demo, workspace WS_MW, gast/gast. Can someone please guide me the way?
MichaelHello again,
there are no replies until now .... I reviewed some posts regarding custom authentication again and did not find any solution for the issues. Found some that worked with APEX 3.2.1 but not with 4.1.1. I can only work around
1.) in an insecure way, because the non documented (?) user "nobody" can change and all new sessions will be considered authenticated
2.) in a way, that ends up in implementing the logout from the non apex environment outside the authentication schema or authentication plugin.
May be I should contact support for at least the second issue because this doesn't work as documented or am I doing something wrong?
Michael -
Custom Authenticator not returning correctly
Hi,
I have written a custom authenticator to automatically migrate users from an oracle
SSO database into the default WLS8.1 realm (and ultimately to an LDAP Realm).
It all works fine, except that the over all login process fails.
The server is set up to use the default Authenticator initially (set to SUFFICIENT),
then, if this fails, the Migration authenticator (set to REQUIRED) is called.
If this finds the user on the Oracle db, it creates a user for them in the default
realm, and logs them in.
The problem is that even though my Migration Authenticator finishes successfully
(ie the commit() method is executed and returns true) WLS still calls the login
error page as set up in the web.xml file.
The last few lines of the login() method of the authenticator are :
loginSucceeded = true;
addUserToWLSRealm(userId, userPassword);
principalsForSubject.add(new WLSUserImpl(userId));
then the commit() method is :
public boolean commit() throws LoginException {
if(loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
System.out.println("OracleSSOLoginModule.commit - true");
return true;
} else {
System.out.println("OracleSSOLoginModule.commit - false");
return false;
If the user then tries to log in again, since they have been added to the WLS
realm, they are let in, but it should happen on the first attempt.
Any Ideas...?
TIA
Paul"Paul Davies" <[email protected]> wrote in message
news:3f4f37b3$[email protected]..
>
Hi,
I have written a custom authenticator to automatically migrate users froman oracle
SSO database into the default WLS8.1 realm (and ultimately to an LDAPRealm).
It all works fine, except that the over all login process fails.
The server is set up to use the default Authenticator initially (set toSUFFICIENT),
then, if this fails, the Migration authenticator (set to REQUIRED) iscalled.
If this finds the user on the Oracle db, it creates a user for them in thedefault
realm, and logs them in.
The problem is that even though my Migration Authenticator finishessuccessfully
(ie the commit() method is executed and returns true) WLS still calls thelogin
error page as set up in the web.xml file.
Turn on security debugging and see if you are getting a login exception
in the debug output - set the DebugSecurityAtn attribute in the ServerDebug
mbean. -
Custom Authentication Module on Identity Server
Hi,
I have a custom authentication module which I am trying to access through the policy agent.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
My login module code is something like this:
package com.iplanet.am.samples.authentication.providers;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import java.rmi.RemoteException;
import java.io.FileInputStream;
import java.util.Properties;
public class LoginModule1 extends AMLoginModule
private String userName;
private String userTokenId;
private HashMap usersMap;
private java.security.Principal userPrincipal = null;
public LoginModule1() throws LoginException
public void init(Subject subject, Map sharedState, Map options)
System.out.println("LoginModule1 initialization");
usersMap = new HashMap();
ResourceBundle bundle = ResourceBundle.getBundle("users");
Enumeration users = bundle.getKeys();
while (users.hasMoreElements())
String user = (String)users.nextElement();
String password = bundle.getString(user.trim());
usersMap.put(user, password);
public int process(Callback[] callbacks, int state) throws AuthLoginException
int currentState = state;
if (currentState == 1)
userName = ((NameCallback) callbacks[0]).getName().trim();
char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
String passwdString = new String (passwd);
if (userName.equals(""))
throw new AuthLoginException("names must not be empty");
if (userName.equals("testuser") && passwdString.equals("testuser"))
userTokenId = userName;
return -1;
if (usersMap.containsKey(userName))
if (usersMap.get(userName).equals(new String(passwd)))
userTokenId = userName;
return -1;
return 0;
public java.security.Principal getPrincipal()
if (userPrincipal != null)
return userPrincipal;
else
if (userTokenId != null)
userPrincipal = new SamplePrincipal("testuser");
return userPrincipal;
else
return null;
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
SrinivasDoes the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why. -
New server and/or CA certificate for connection from custom authentication
We are running Access Manager version 72005Q4 in the Sun ONE Web Server 6.1SP5 B06/23/2005 container with java build 1.5.0_07-b03. I run a custom authentication module which checks sessions against our university single sign on system which is CAS (from Yale/Jasig). The checks are essentially https calls. All this has been working well for us for the last couple of years.
I would like to migrate the certificate used on the university CAS system from a Verisign certificate to a wildcard certificate issued by the IPS CA in spain -- these are in most browsers but are not in the standard batch of cacerts CA's -- and are free for .edu domains.
My other java based authentication plugins (Blackboard, custom apps etc) have worked fine once I import the certificate into the cacerts for the java container, but I'm missing something (obvious probably) about importing this certificate so that my amserver custom authentication module can connect to the CAS server once the CAS server is using the new certificate.
Could anyone provide guidance on where I need to import this server certificate (or preferably the IPS CA) in order to allow the custom authentication module to work properly? I assume this same problem has been solved by people wishing to connect from the amserver to services with self signed certificates. For some reason I'm finding the debugging unexpectedly difficult, I'll outline some of those details below.
Relevant things I've tried so far:
Import both the server cert and the IPS CA into the cacerts of the java container identified in the web server server.xml /usr/jdk/entsys-j2se.
Import the IPS CA into the web server cert8 style db via the web admin server.
The debugging has surprised me a bit, as I'm not getting an error that is explicitly SSL related error. It almost seems like the URLConnection object ends up using a HttpURLConnection rather than an HttpsURLConnection and never gives me a cert error, rather a connection refused since there is no non SSL service running on CAS. The same code pointed to the server running the verisign cert works as expected.
Part of the stack:
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: java.net.ConnectException: Connection refused
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.socketConnect(Native Method)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.Socket.connect(Socket.java:516)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at java.net.Socket.connect(Socket.java:466)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.NetworkClient.doConnect(NetworkClient.java:157)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.openServer(HttpClient.java:365)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.openServer(HttpClient.java:477)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.<init>(HttpClient.java:214)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.New(HttpClient.java:287)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.http.HttpClient.New(HttpClient.java:311)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.setNewClient(HttpURLConnection.java:489)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.setNewClient(HttpURLConnection.java:477)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:422)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:937)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.yale.its.tp.cas.util.SecureURL.retrieve(Unknown Source)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(Unknown Source)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at edu.fsu.ucs.authentication.providers.CASAMLoginModule.process(CASAMLoginModule.java:86)
[28/Mar/2008:17:21:54] warning (25335): CORE3283: stderr: at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:729)
The relevent bit of code from the SecureURL.retrieve looks as follows:
URL u = new URL(url);
if (!u.getProtocol().equals("https"))
throw new IOException("only 'https' URLs are valid for this method");
URLConnection uc = u.openConnection();
uc.setRequestProperty("Connection", "close");
r = new BufferedReader(new InputStreamReader(uc.getInputStream()));
String line;
StringBuffer buf = new StringBuffer();
while ((line = r.readLine()) != null)
buf.append(line + "\n");
return buf.toString();
} finally { ...
The fact that this same code in other authentication modules running outside the amserver (in other web containers as well, tomcat and resin for example) running java 1.5 works fine with the new CA, as well as with self signed certs that I've imported into the appropriate cacerts file leads me to believe that I'm either importing the certificate into the wrong store, or that there is some additional step needed for the amserver in the Sun Web container.
Thank you very much for any insights and help,
EthanI thought since this has had a fair number of views I would give an update.
I have been able to confirm that the custom authentication module is using the cert8 db defined in the AMConfig property com.iplanet.am.admin.cli.certdb.dir as documented. I do seem to have a problem using the certificate to make outgoing connections, even though the certificate verifies correctly for use as a server certificate. This is likely a question for a different forum, but just to show what I'm looking at:
root@jbc1 providers#/usr/sfw/bin/certutil -V -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u V
certutil: certificate is valid
root@jbc1 providers#/usr/sfw/bin/certutil -V -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u C
certutil: certificate is invalid: Certificate type not approved for application.
root@jbc1 providers#/usr/sfw/bin/certutil -M -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -t uP,uP,uP
root@jbc1 providers#/usr/sfw/bin/certutil -V -l -n "FSU Wildcard Certificate" -d /opt/SUNWwbsvr/alias -P https-jbc1.ucs.fsu.edu-jbc1- -u C
FSU Wildcard Certificate : Certificate type not approved for application.
So it could be that I don't understand how to use the certutiil to get the permissions I want, or it could be that using the same certificate for both server and client functions is not supported -- though you can see why this would be a common case with wildcard certificates.
BTW for those interested, it did seem to be the case that when the certificate failure occurred that the attempt was then made by the URLConnection to bind to port 80 in cleartext even though the URL was clearly https. I'm sure this was just an attempt to help out misformed URL, but it seemed that the URLConnection implementation in the amserver would swapped traffic over cleartext if that port had been open on the server I was making the https connection to; that seems dangerous to me, I would not have wanted it to quietly work that way exposing sensitive information to the network.
This was why I was getting back a connection refused instead of a certificate exception. The URLConnection implementation used by the amserver is defined by java.protocol.handler.pkgs=com.iplanet.services.comm argument passwd to the JVM, and I imagine this is done because the amserver pre-dates the inclusion of the sun.net.www.protocol handlers, but I don't know, there maybe reasons why the amserver wants it own handler. I only noticed that this is what was going on when I as casting the httpsURLConnection objects to other types trying to diagnose the certificate problem. I would be interested in hearing if anyone knows if there is a reason not to use sun.net.www.protocol with the amserver.
After switching to the sun.net.www.protocol handler I was able to get my certificate errors rather than the "Connection Refused" which is what lead me to the above questions about certutil. -
Custom Authenticator WL startup exception
Hi, I am using Weblogic 9.2 on Linux and have created an example custom authenticator.
I have followed several suggested method for creation/deployment, but still am having a exception upon startup and hoping someone could help.
from a previous post I have used the below instructions and have deployed the jar in $WL_HOME/server/lib/mbeantypes
$WL_HOME/server/providers: This is the base Directory for Customer security Provider.
$WL_HOME/server/providers/src This is the directory for the Source Code.
$WL_HOME/server/providers/providersjar This is the directory for the Custom Provider Jar file .
$WL_HOME/server/providers/created_files This is the Directory for the created schema file by Mbean maker.
After having the directory structure as mentioned above run the command as below:
cd $WL_HOME/server
$WL_HOME/samples/domains/wl_server/setExamplesEnv.sh
java -Dfiles=providers/created_files -DMDF=providers/src/MyAuthenticator.xml -DMJF=providers/providersjar/MyAuthenticator.jar -DpreserveStubs=true -DcreateStubs=true weblogic.management.commo.WebLogicMBeanMakerStarted the WL server with the following exception:
starting weblogic with Java version:
java version "1.5.0_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
BEA JRockit(R) (build R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32, compiled mode)
Starting WLS with line:
/home/A470231/bea/jrockit_150_12/bin/java -jrockit -Xms256m -Xmx512m -Xverify:none -Xverify:none -da -Dplatform.home=/home/A470231/bea/weblogic92 -Dwls.home=/home/A470231/bea/weblogic92/server -Dwli.home=/home/A470231/bea/weblogic92/integration -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/home/A470231/bea/patch_weblogic923/profiles/default/sysext_manifest_classpath -Dweblogic.configuration.schemaValidationEnabled=false -Dweblogic.Name=examplesServer -Djava.security.policy=/home/A470231/bea/weblogic92/server/lib/weblogic.policy weblogic.Server
<Aug 2, 2010 1:14:57 PM EDT> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
/home/A470231/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_common.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_common.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/wsrp-common.jar>
<Aug 2, 2010 1:14:58 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32 from BEA Systems, Inc.>
<Aug 2, 2010 1:14:59 PM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 9.2 MP3 Mon Mar 10 08:28:41 EDT 2008 1096261 >
<Aug 2, 2010 1:15:03 PM EDT> <Info> <WebLogicServer> <BEA-000215> <Loaded License : /home/A470231/bea/license.bea>
<Aug 2, 2010 1:15:03 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 2, 2010 1:15:03 PM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Aug 2, 2010 1:15:04 PM EDT> <Notice> <Log Management> <BEA-170019> <The server log file /home/A470231/bea/weblogic92/samples/domains/wl_server/servers/examplesServer/logs/examplesServer.log is opened. All server side log events will be written to this file.>
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.CredentialMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkRoleMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkAuthorizationServiceConfigHelper_TestRealm<
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.RoleMappingServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.RoleDeploymentServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************REALM:TestRealm
*****************ProviderMBean length:2
*****************ProviderMBean[0]weblogic.security.providers.authorization.DefaultAuthorizerMBeanImpl@a27aaa68([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Authorizers[DefaultAuthorizer])
*****************ProviderMBean[1]weblogic.security.providers.authorization.DefaultAdjudicatorMBeanImpl@c6697d45([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Adjudicator[DefaultAdjudicator])
*****************SERVICE:>com.bea.common.security.internal.legacy.helper.AuthorizationServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.PolicyDeploymentServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.IsProtectedResourceServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
*****************SERVICE:>weblogic.security.service.internal.RoleConsumerServiceConfigHelper_TestRealm<
<Aug 2, 2010 1:15:07 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.security.service.SecurityServiceRuntimeException: [Security:090877]Service Common AuthorizationService unavailable, see exception text: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:147)
at weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.java:83)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doATZ(CommonSecurityServiceManagerDelegateImpl.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:273)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:444)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:459)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:540)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:376)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Caused by: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:342)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:292)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:263)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:71)
at weblogic.security.service.SecurityServiceManager.getService(SecurityServiceManager.java:95)
at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:137)
... 11 more
Caused by: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:40)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:340)
... 16 more
Can anyone have any ideas?
I have narrowed it down to having a problem retrieving the role and policy consumer services I believe
Thanks,
Bobby.Hi All,
Found the reason for the exception. I was implementing the generated the CustomAuthenticatorImpl class (generated through WebLogic MBeanMaker utility) as the provider class by implementing the AuthenticationProvider interface. Keeping them separate solved the issue.
Able to create the jar without any issues and also no error or exception after restart.
Thanks. -
Custom Authentication Provider and User Manage like SQLAuthenticator, How?
Hi everyone,
I faced a problem with login function of my portal (Webcenter Application). The Problem is:
- Allow the users logging in by user that store in another system. I must communicate using low level of socket. This really is not a problem.
- If user logged in, for first time of logging in, i must store them in some identity store (Maybe tables database).
- View Users in Weblogic Console. To do that, i known that i must implemeted something that i dont what that are.
Here are my work:
- I Created a Custom Authentication Provider. And configuration in Admin Console. But i don't know what are that i should implementing to View user & group in Admin Console.
- I Cannot logging in: After i created simple application for testing, i cannot logging in even i tested with SQLAuthenticator Provider and original DefaultProvider. In Logging Console, I saw every I Printed In The Code of Login Module.
Here are my Code:
<?xml version="1.0" ?>
<MBeanType Name = "OrkitVASPortal" DisplayName = "OrkitVASPortal"
Package = "orkit"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate">
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Default = ""orkit.OrkitVASPortalProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""WebLogic Simple Sample Audit Provider""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.0""
/>
<MBeanAttribute
Name = "LogFileName"
Type = "java.lang.String"
Default = ""SimpleSampleAuditor.log""
/>
</MBeanType>
package orkit;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.*;
public final class OrkitVASPortalProviderImpl implements AuthenticationProviderV2 {
private String description;
private LoginModuleControlFlag controlFlag;
public OrkitVASPortalProviderImpl() {
System.out.println("The Orkit VASPortal Provider Implemented!!!!!");
@Override
public IdentityAsserterV2 getIdentityAsserter() {
return null;
// Our mapping of users to passwords/groups, instead of being in LDAP or in a
// database, is represented by a HashMap of MyUserDetails objects..
public class MyUserDetails {
String pw;
String group;
// We use this to represent the user's groups and passwords
public MyUserDetails(String pw, String group) {
this.pw = pw;
this.group = group;
public String getPassword() {
return pw;
public String getGroup() {
return group;
// This is our database
private HashMap userGroupMapping = null;
public void initialize(ProviderMBean mbean, SecurityServices services) {
System.out.println("The Orkit VASPortal Provider is intializing......");
OrkitVASPortalMBean myMBean = (OrkitVASPortalMBean) mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
System.err.println("#In realm:" + myMBean.getRealm().wls_getDisplayName());
// We would typically use the realm name to find the database
// we want to use for authentication. Here, we just create one.
userGroupMapping = new HashMap();
userGroupMapping.put("a", new MyUserDetails("passworda", "g1"));
userGroupMapping.put("b", new MyUserDetails("passwordb", "g2"));
userGroupMapping.put("system", new MyUserDetails("12341234",
"Administrators"));
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("Invalid control flag " + flag);
public AppConfigurationEntry getLoginModuleConfiguration() {
HashMap options = new HashMap();
options.put("usermap", userGroupMapping);
System.out.println("UserMap: " + options);
return new AppConfigurationEntry(
"orkit.OrkitVASPortalLoginModule",
controlFlag, options);
public String getDescription() {
return description;
public PrincipalValidator getPrincipalValidator() {
return new PrincipalValidatorImpl();
public AppConfigurationEntry getAssertionModuleConfiguration() {
return null;
// public IdentityAsserter getIdentityAsserter() {
// return null;
public void shutdown() {
* To change this template, choose Tools | Templates
* and open the template in the editor.
package orkit;
import orkit.OrkitVASPortalProviderImpl;
import java.io.IOException;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.LoginModule;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* This login module will be called by our Authentication Provider. It assumes
* that the option, usermap, will be passed which contains the map of users to
* passwords and groups.
public class OrkitVASPortalLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private HashMap userMap;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsBeforeCommit = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
// Fetch user/password map that should be set by the authenticator
userMap = (HashMap) options.get("usermap");
* Called once after initialize to try and log the person in
public boolean login() throws LoginException {
// First thing we do is create an array of callbacks so that
// we can get the data from the user
Callback[] callbacks;
callbacks = new Callback[2];
callbacks[0] = new NameCallback("username: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException eio) {
throw new LoginException(eio.toString());
} catch (UnsupportedCallbackException eu) {
throw new LoginException(eu.toString());
String username = ((NameCallback) callbacks[0]).getName();
System.out.println("Username: " + username);
char[] pw = ((PasswordCallback) callbacks[1]).getPassword();
String password = new String(pw);
System.out.println("PASSWORD: " + password);
if (username.length() > 0) {
if (!userMap.containsKey(username)) {
throw new FailedLoginException("Authentication Failed: Could not find user:" + username);
}else{
System.out.println("Contstainded Username");
String realPassword = ((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getPassword();
if (realPassword == null || !realPassword.equals(password)) {
throw new FailedLoginException("Authentication Failed: Password incorrect for user" + username);
}else{
System.out.println("Everyitng OKIE");
} else {
// No Username, so anonymous access is being attempted
loginSucceeded = true;
// We collect some principals that we would like to add to the user
// once this is committed.
// First, we add his username itself
principalsBeforeCommit.add(new WLSUserImpl(username));
// Now we add his group
principalsBeforeCommit.add(new WLSGroupImpl(((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getGroup()));
return loginSucceeded;
public boolean commit() throws LoginException {
if (loginSucceeded) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
return true;
}and OrkitVASPortalMBean & OrkitVASPortalImpl class created by MBeanMaker tool.
Can someome help.
Thanks in advance!Hi ,
SQLAuthenticator is not yet supported with UCM 11g due to some JPS Provider limitations .
Currently there is an Enhancement request for this .
Thanks
Srinath -
Custom Authentication With Identity Store
Hi everyone,
I faced a problem with login function of my portal (Webcenter Application). The Problem is:
- Allow the users logging in by user that store in another system. I must communicate using low level of socket. This really is not a problem.
- If user logged in, for first time of logging in, i must store them in some identity store (Maybe tables database).
- View Users in Weblogic Console. To do that, i known that i must implemeted something that i dont what that are.
Here are my work:
- I Created a Custom Authentication Provider. And configuration in Admin Console. But i don't know what are that i should implementing to View user & group in Admin Console.
- I Cannot logging in: After i created simple application for testing, i cannot logging in even i tested with SQLAuthenticator Provider and original DefaultProvider. In Logging Console, I saw every I Printed In The Code of Login Module.
Here are my Code:
<?xml version="1.0" ?>
<MBeanType Name = "OrkitVASPortal" DisplayName = "OrkitVASPortal"
Package = "orkit"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate">
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Default = ""orkit.OrkitVASPortalProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""WebLogic Simple Sample Audit Provider""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.0""
/>
<MBeanAttribute
Name = "LogFileName"
Type = "java.lang.String"
Default = ""SimpleSampleAuditor.log""
/>
</MBeanType>
package orkit;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.*;
public final class OrkitVASPortalProviderImpl implements AuthenticationProviderV2 {
private String description;
private LoginModuleControlFlag controlFlag;
public OrkitVASPortalProviderImpl() {
System.out.println("The Orkit VASPortal Provider Implemented!!!!!");
@Override
public IdentityAsserterV2 getIdentityAsserter() {
return null;
// Our mapping of users to passwords/groups, instead of being in LDAP or in a
// database, is represented by a HashMap of MyUserDetails objects..
public class MyUserDetails {
String pw;
String group;
// We use this to represent the user's groups and passwords
public MyUserDetails(String pw, String group) {
this.pw = pw;
this.group = group;
public String getPassword() {
return pw;
public String getGroup() {
return group;
// This is our database
private HashMap userGroupMapping = null;
public void initialize(ProviderMBean mbean, SecurityServices services) {
System.out.println("The Orkit VASPortal Provider is intializing......");
OrkitVASPortalMBean myMBean = (OrkitVASPortalMBean) mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
System.err.println("#In realm:" + myMBean.getRealm().wls_getDisplayName());
// We would typically use the realm name to find the database
// we want to use for authentication. Here, we just create one.
userGroupMapping = new HashMap();
userGroupMapping.put("a", new MyUserDetails("passworda", "g1"));
userGroupMapping.put("b", new MyUserDetails("passwordb", "g2"));
userGroupMapping.put("system", new MyUserDetails("12341234",
"Administrators"));
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("Invalid control flag " + flag);
public AppConfigurationEntry getLoginModuleConfiguration() {
HashMap options = new HashMap();
options.put("usermap", userGroupMapping);
System.out.println("UserMap: " + options);
return new AppConfigurationEntry(
"orkit.OrkitVASPortalLoginModule",
controlFlag, options);
public String getDescription() {
return description;
public PrincipalValidator getPrincipalValidator() {
return new PrincipalValidatorImpl();
public AppConfigurationEntry getAssertionModuleConfiguration() {
return null;
// public IdentityAsserter getIdentityAsserter() {
// return null;
public void shutdown() {
* To change this template, choose Tools | Templates
* and open the template in the editor.
package orkit;
import orkit.OrkitVASPortalProviderImpl;
import java.io.IOException;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.LoginModule;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* This login module will be called by our Authentication Provider. It assumes
* that the option, usermap, will be passed which contains the map of users to
* passwords and groups.
public class OrkitVASPortalLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private HashMap userMap;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsBeforeCommit = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
// Fetch user/password map that should be set by the authenticator
userMap = (HashMap) options.get("usermap");
* Called once after initialize to try and log the person in
public boolean login() throws LoginException {
// First thing we do is create an array of callbacks so that
// we can get the data from the user
Callback[] callbacks;
callbacks = new Callback[2];
callbacks[0] = new NameCallback("username: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException eio) {
throw new LoginException(eio.toString());
} catch (UnsupportedCallbackException eu) {
throw new LoginException(eu.toString());
String username = ((NameCallback) callbacks[0]).getName();
System.out.println("Username: " + username);
char[] pw = ((PasswordCallback) callbacks[1]).getPassword();
String password = new String(pw);
System.out.println("PASSWORD: " + password);
if (username.length() > 0) {
if (!userMap.containsKey(username)) {
throw new FailedLoginException("Authentication Failed: Could not find user:" + username);
}else{
System.out.println("Contstainded Username");
String realPassword = ((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getPassword();
if (realPassword == null || !realPassword.equals(password)) {
throw new FailedLoginException("Authentication Failed: Password incorrect for user" + username);
}else{
System.out.println("Everyitng OKIE");
} else {
// No Username, so anonymous access is being attempted
loginSucceeded = true;
// We collect some principals that we would like to add to the user
// once this is committed.
// First, we add his username itself
principalsBeforeCommit.add(new WLSUserImpl(username));
// Now we add his group
principalsBeforeCommit.add(new WLSGroupImpl(((OrkitVASPortalProviderImpl.MyUserDetails) userMap.get(username)).getGroup()));
return loginSucceeded;
public boolean commit() throws LoginException {
if (loginSucceeded) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsBeforeCommit);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
return true;
}and OrkitVASPortalMBean & OrkitVASPortalImpl class created by MBeanMaker tool.
Can someome help.
Thank you very much!When i login with the password and username from my custom authentication provider, my login module check ok, but logon form still there.
-
Custom Authentication Issue with Policy Agent
Hi,
I have a custom authentication module which is hosted on the BEA application server and I am trying to access through the policy agent on apache.
I have set the following property in AMAgent.properties file
com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login
So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication is succeed, user sesion is being created and I get the following error message in the agent log file.
2004-10-19 16:20:26.908 Error 27620:e1140 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:3
2004-10-19 16:20:26.908 128 27620:e1140 RemoteLog: User unknown was denied access to http://hostname:port/weblogic/protapp/protected/a.html.
2004-10-19 16:20:26.908 Error 27620:e1140 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
2004-10-19 16:20:26.909 Error 27620:e1140 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
2004-10-19 16:20:26.909 -1 27620:e1140 PolicyAgent: URL Access Agent: access denied to unknown user
The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
Thanks
NeerajHi Neeraj,
I still have not been able to resolve that issue. Let me know If you find a solution for the same.
Thanks,
Srinivas -
Unable to login using OAM Custom Authentication Plugin
Hi,
I have a problem with OAM Custom Authentication Plugin, My Plugin is Activate successfully. When try to login from Access Manager SSO login page, it is unable to login. I am getting followiing message in the log file.
I am return ExecutionStatus.SUCCESS from my Java code and I have only one step where I have attached Plugin and my Steps Orchestration is
On Success -> Success
On Failure -> Failure
On Error -> Failure
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:is_resource_protected.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Processing Event is_resource_protected
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthzEngineController processEvent
INFO: Is Resource Protected status : success
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :is_resource_protected with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_valid_session.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.sso.SSOEngineController processEvent
INFO: Processing Event check_valid_session
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_valid_session with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB User Authentication Scheme
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB User Authentication Scheme.
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB User Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=default, username=string, contextValue=OAM, password=sercure_string, challenge_url=/pages/login.jsp}
Authentication Module Name: = DB Authentication module
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication module.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector: ["PluginPhaseEvent.oracle.security.am.plugin.diagnostic.PluginPhaseEvent@6d6a08fb":" Collector : OAMS/OAM/Plugin/AUTHN/Plugin_SamplePlugin/PluginLocate
Type : PHASE_EVENT
Metrics : 511
LogLevel : OFF
EnableRate : false EnablePersistence : false"], registered at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 12, 2013 9:06:22 AM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 12, 2013 9:06:22 AM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: false.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 12, 2013 9:06:22 AM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 12, 2013 9:06:22 AM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Can anyone help me regarding this issue.
Thanks
Tamim KhanHi,
Little update about authentication plugin, please see the log file below, Result of Authentication Scheme Execution:true, now but, still the cookie is LOGGEDOUTCONTINUE and still I am unable to login.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:process_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleProcessCredentials
INFO: Successfully validated the submitted credentials.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :process_creds with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:validate_creds.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.AuthnEngineController processEvent
INFO: Processing Event validate_creds
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.authn processEvent
INFO: Policy ID : DB Authentication Scheme
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Authentication Scheme Id: DB Authentication Scheme.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Runtime Authentication Scheme: Scheme name: = DB Authentication Scheme
Scheme Challenge URL: = http://idmlab.tigerit.com:14100/oam/server/
Scheme Challenge Mec: = FORM
Scheme Challenge Par: = {contextType=external, username=string, contextValue=/oam, password=sercure_string, challenge_url=http://192.168.1.220:14100/ssologin/ssologin.jsp}
Authentication Module Name: = DB Authentication Module
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor execute
INFO: Authentication Module Factory Class: DB Authentication Module.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
User Name: test and Password : test
Set 1st Responce
Set 2nd Responce
Set 3rd Responce
Setting cookie
Authentication Successfull return ExecutionStatus.SUCCESS
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.DiagnosticUtil getDynamicPath
INFO: DiagnosticUtil: enetered getDynamicPath
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.common.adapters.OAMLoggerImpl info
INFO: Registering collector at runtime.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.diagnostic.impl.MetricHierarchy getOrCreateCollector
INFO: Collector already exists, reusing existing.
Jun 19, 2013 1:51:44 PM oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl validateUser
INFO: Result of Authentication Scheme Execution: true.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :validate_creds with status fail.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:check_authn_retry.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :check_authn_retry with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:cred_collect.
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Processing Event cred_collect
Jun 19, 2013 1:51:44 PM oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController handleCollectCredentials
INFO: Credential collection process success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :cred_collect with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: processing Event:PBL_return.
Jun 19, 2013 1:51:44 PM oracle.security.am.controller.MasterController processEvent
INFO: Master Controller: Event processing finished :PBL_return with status success.
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:InProcess for request -414941018507193158;
Jun 19, 2013 1:51:44 PM oracle.security.am.common.controller.util.BasicCacheHandler sync
INFO: Cache data sync:Success for request -414941018507193158;
Can anyone help me please.
Thanks
Tamim Khan -
Authentication problem in 3.1.2
Hi,
recently we had an upgrade from 10 g to 11g.
I exported the application from 10g.but in 11g i am having problem with one application.In this application we are using custom authentication.so from backend(using hash func),i updated password and what i see is that,as i enter and username and password and click login,it goes no where it loads the same page again and i see that now i have lost developer previlages as well(i logged in as workspace admin). if i check in backend whether the password stored in db matches what i entered,it matches.
Anyone out there faced any issue like this?any hints ,tips would be helpful.
Regards,
CKLP11g has some additional setting rlated to ACL.
Look in this forum and also look up the installation guide for 11g pre and post installation tasks. Follow the instllation guide verbatim and you will be ok.
Regards, -
Apex Custom Authentication Schema Page Sentry Error
Hi,
I am using Application Express 4.0.0. I am struggling with a strange problem while trying to implement custom authentication schema.
I declare a page sentry function 'page_sentry' which returns TRUE or FALSE based on certain conditions. My page_sentry is as follows:
FUNCTION PAGE_SENTRY RETURN BOOLEAN
IS
l_username VARCHAR2(512);
l_session_id NUMBER;
BEGIN
IF USER != 'APEX_PUBLIC_USER' THEN
RETURN false;
END IF;
l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
-- check application session cookie.
IF wwv_flow_custom_auth_std.is_session_valid THEN
apex_application.g_instance := l_session_id;
l_username := wwv_flow_custom_auth_std.get_username;
wwv_flow_custom_auth.define_user_session(
p_user => l_username, p_session_id => l_session_id);
RETURN true;
ELSE
--redirect to login page using OWA_UTIL.REDIRECT_URL
END IF;
RETURN false;
END page_sentry;
And Cookie Name : _AUTH
At first, It always returned FALSE. I wasn't getting any error. However, even after forcibly returning TRUE from the page_sentry function the redirect was still not happening. I tried to look into what cookies were being set for the same and I found this:
Name: ApexLibErrorStack1
Content: page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication
I couldn't find any relevant help for this. Worst of it is I cannot set any cookie from the page_sentry function at all. Please help!Hi all.
Can someone please help me out with the above issue. I am not sure if things are wrong at my end or is this an apex bug.
--Update:
The source of my problem perhaps lies in the manner in which I have configured my Oracle HTTP Server. When I disable port HTTP server on port 80 and run apex without it on default port 8080, the custom authentication schema cookie gets set.
Executing the following with Oracle HTTP Server:
OWA_UTIL.PRINT_CGI_ENV;
gives:
HTTP_COOKIE = ApexLibErrorStack1=page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication.; ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL
And without HTTP Server:
gives:
HTTP_COOKIE = WWV_CUSTOM-F_1420403886791332_100=9625AAC49B9951D8;......
Did I miss something in my HTTP server configuration ?
Edited by: pc on Jan 2, 2012 3:15 AM -
Can Actions Menu of Interactive Reports work with Custom Authentication?
My testing is leading my to believe that Actions Menu do not work with Custom Authentication (but only work with APEX Authentication) in APEX 3.1.2? If that's true then is there a work around to this?
Just to clarify, I've posted/asked this question twice before:
1) Re: Actions Menu in Interactive Reports does not sort, filter, select cols etc
2) Interactive Report actions don't work for users (i.e. for non-developers)
But I've come to believe this is the main problem. I just don't know how to resolve/work around this?
Thanks for any help.I haven't setup a sample because my custom authentication is using LDAP authentication. I'm not sure how I can replicate that on the samples server?
I'm using LDAP authentication with a Page Sentry function. My further testing reveals that the Page Sentry function is setting the APEX variable user to NULL (ie blank) whenever there's any code in the Page Sentry function box. PL/SQL code as simple as
BEGIN return TRUE; END;
in the Page Sentry function box sets the "user" is set to <null>. When the Page sentry function box is left empty (no code specified) it sets the "user" properly after authentication against the specified LDAP directory.
What all this has to do with Interactive Reports...
It seems like when the user is NULL it messes-up Interactive Reports that are stored in the flows database. Although it shows the default report properly, but no runtime interactive actions (filtering, sorting, column break, etc.) work.
Can someone please correct or confirm this?
Thanks.
Maybe you are looking for
-
I was trying to sync my itouch with my new mac, and some songs won't download because they are not authorized for this computer. But even after my computer was authorized they still won't sync. How do I fix this?
-
How can i use query in Print out
I am going to insert some Item's properties to print out of good issue, I dont know how can I use query in this tools?
-
I have updated to OS 8.1 and the update has been installing for hours now. The install is not complete yet and my phone doesn't want to turn on or off. How do I get my phone to turn on?
-
Hello! We are using Weblogic 5.1 and Netscape's iPlanet as a proxy server. Both the machines are running of seperate NT boxes with static IP addresses. All the changes which need to made on iPlanet side (i.e. copying proxy36.dll, modificatiopn of mim
-
"Time Machine could not delete the backup disk"
This morning, I got the "Time Machine must create a new backup for you" message referred to here: http://pondini.org/TM/C13.html I went ahead and told it "start new backup" but after a few minutes, got this message, ending in error message -1: "Tim