Custom mix Authentication

Similar Messages

• How to use a custom database authentication with APEX_AUTHENTICATION??

  i have Custom user authentication method.
  create or replace function user_check(username varchar2,password varchar2) return boolem
  is
  check_out integer;
  begin
  select count(*) into check_out from "user" where USER_EMAIL=username and USER_PASS=password;
  if check_out >0 then
  return true;
  else
  return false;
  end if;
  end;
  apex_authentication.login() how to use. And how to make apex_authentication.login() use my method Verify User Login

  You can't mix custom authentication and the internal APEX authentication functions.. So either you use the pre-built user authentication in APEX or you can build your own CUSTOM authentication...
  Many examples of custom authentication are out there...
  Thank you,
  Tony Miller
  Ruckersville, VA

• Custom DB authentication to an application from Oracle Portal not working.

  Hi All,
  We have a Portal customized and integrated to LDAP for SSO.
  From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
  When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
  Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
  In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
  Below is the code:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
  <jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  </jazn>
  and in jazn-data.xml, we gave the role mapping.
  But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
  Can anyone throw light on this?
  Do we need to give the same configuration in the j2ee/home/config directory files also?
  Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
  Any help in this regard will be highely appreciated.
  Thanks,
  Sasi Bhushan

  Hi All,
  We have a Portal customized and integrated to LDAP for SSO.
  From the portal, we have a link that takes to another custom application that requires another level of authentication. We have implemented this authentication as custom Database based authentication.
  When user login to the portal and access this link, he will be directed for authentication again. This custom application has been installed on a different OC4J instance while Oracle Portal is running in a different OC4J instance.
  Issue is though user details are being propagated to the custom application page, we are receiving an error saying authentication failed.
  In the OC4J instance specific for this custom application, we have configured jazn.xml to use custom authentication.
  Below is the code:
  <?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
  <!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
  <jazn provider="XML" location="./jazn-data.xml" default-realm="jazn.com">
  <property name="role.mapping.dynamic" value="true"/>
  <property name="custom.loginmodule.provider" value="true"/>
  </jazn>
  and in jazn-data.xml, we gave the role mapping.
  But the problem is when the link to the custom application is accessed, it seems like the custom autentication mechanism is not working.
  Can anyone throw light on this?
  Do we need to give the same configuration in the j2ee/home/config directory files also?
  Can we use both LDAP and custom DB authentication with in the same OAS setup. Remember as of now, Portal and custom application are running in different OC4J instances but within the same OAS.
  Any help in this regard will be highely appreciated.
  Thanks,
  Sasi Bhushan

• Example of custom external authentication

  Where can I find the example of custom external authentication
  which Paul Encarnation has written since most of the links on
  the discussion forum mails seem to be outdated.
  Thanks

  Where can I find the example of custom external authentication
  which Paul Encarnation has written since most of the links on
  the discussion forum mails seem to be outdated.
  Thanks

• Custom ldap authenticator to retrieve user bean ldap profile

  Hi,
  Wondering if we could use a custom ldap authenticator to get the user profile from Ldap and put the data bean into session.
  This will allow to use the same connection to Ldap and to benefit from Bea security authentication configuration.
  Any input on this ?
  Thank you

  Increasing the search limit is the only practical solution. Really, ~2000 entries is not that many.

• Error in custom OAM authentication plugin

  Hi All
  I am trying to build a custom OAM authentication plugin using JDeveloper. Here are the version information:
  OAM - 11.1.1.5 BP04
  WLS - 10.3.5
  Issue:
  I get the following error in the OAM logs when I try to activate the plugin.
  [2012-11-14T09:39:17.996-08:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: DistributedCache:DistributionCache:EventDispatcher] [userId: <anonymous>] [ecid: 0000Jfzyiy6EgKI5qrH7iY1GcxMc000002,0] [APP: oam_server] Activation failed due to felix bundle exception while installing and starting the bundle.Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)[[
  org.osgi.framework.BundleException: Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)
  at org.apache.felix.framework.Felix.resolveBundle(Felix.java:3404)
  The names of jar file, class file, plugin xml file etc are all same. My plugin code is very generic and I have the following values in the plugin's manifest and xml file
  Plugin xml file [oamCustomAuthPlugin.xml]:
  <Plugin name="oamCustomAuthPlugin" type="Authentication">
  <author>uid</author>
  <email>[email protected]</email>
  <creationDate>09:32:20, 2011-11-13</creationDate>
  <version>4</version>
  <description>OAM Custom Authentication plugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>com.company.oam.oamCustomAuthPlugin</implementation>
  <configuration>
  <AttributeValuePair>
  <Attribute type="string" length="20">INPUT_PARAM1</Attribute>
  <mandatory>true</mandatory>
  <instanceOverride>false</instanceOverride>
  <globalUIOverride>true</globalUIOverride>
  <value>Param1</value>
  </AttributeValuePair>
  <AttributeValuePair>
  <Attribute type="string" length="20">INPUT_PARAM2</Attribute>
  <mandatory>true</mandatory>
  <instanceOverride>false</instanceOverride>
  <globalUIOverride>true</globalUIOverride>
  <value>Param2</value>
  </AttributeValuePair>
  </configuration>
  </Plugin>
  Manifest File [MANIFEST.MF]:
  Ant-Version: Apache Ant 1.7.1
  Bundle-Version: 1.0.0.4
  Bundle-Name: oamCustomAuthPlugin
  Bundle-Activator: oamCustomAuthPlugin
  Bundle-ManifestVersion: 2
  Created-By: 17.0-b17 (Sun Microsystems Inc.)
  Import-Package: oracle.security.am.plugin,oracle.security.am.plugin.authn
  Bundle-SymbolicName: oamCustomAuthPlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  Please let me know if you have faced a sinilar issues in the past. Please help !!

  Try with Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api If it doesn't work try with - Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api ,oracle.security.am.plugin.ExecutionStatus

• Error in Custom Ldap Authentication

  Hi All,
  I was trying to use the custom LDAP authentication( [Earlier Post|http://forums.oracle.com/forums/thread.jspa?threadID=2251976&stqc=true] ) but was not successful in making it work with our AD LDAP server. Thats when I came across post [ http://forums.oracle.com/forums/thread.jspa?messageID=916185&#916185|http://forums.oracle.com/forums/thread.jspa?messageID=916185&#916185]
  I used the same function
  create or replace function authenticate_aduser(
  p_username in varchar2,
  p_password in varchar2)
  return boolean
  is
  l_user varchar2(256);
  l_ldap_server varchar2(256) := '<Hostname>';
  l_domain varchar2(256) := '<Domain Name>';
  l_ldap_port number := 389;
  l_retval pls_integer;
  l_session dbms_ldap.session;
  l_cnt number;
  begin
  l_user := p_username||'@'||l_domain;
  l_session := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session
  l_retval := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
  l_retval := dbms_ldap.unbind_s( l_session ); -- unbind
  return true;
  exception when others then
  l_retval := dbms_ldap.unbind_s( l_session );
  return false;
  end;Test it by giving correct password
       SQL> declare
  begin
  if authenticate_aduser('<username>','<correct password>') then
  dbms_output.put_line('Test Successful');
  else
  dbms_output.put_line('Test Failed');
  end if;
  end; 2 3 4 5 6 7 8
  9 /
  Test Successful
  PL/SQL procedure successfully completed.Tested it by giving wrong password
  SQL> declare
  begin
  if authenticate_aduser('<user name>','<wrong password>') then
  dbms_output.put_line('Test Successful');
  else
  dbms_output.put_line('Test Failed');
  end if;
  end; 2 3 4 5 6 7 8
  9 /
  Test Failed
  PL/SQL procedure successfully completed.So the fundtion is working perfectly with LDAP server.
  I am trying to create a custom authentication scheme with the above function.
  Shared Components -> Authentication Schemes -> create ->From Scratch ->
  In Autentication Function -> return authenticate_aduser(:P101_USERNAME,:P101_PASSWORD);
  In Logout URL -> wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&amp;p_next_flow_page_sess=4155:PUBLIC_PAGE
  Then after setting this as the current authentication scheme. Whenever I try to login with correct credentials it is giving me error
  Invalid Login Credentials
  Kindly let me know were I am going wrong here.
  Thanks & Regards,
  Vikas Krishna

  I was able to fix this.
  I used the same function authenticate_aduser
  and then followed blog http://www.talkapex.com/2009/03/custom-authentication-status.html to create a custom authentication. It worked finally.
  Thanks to Martin for his wonderful post.
  Thanks & Regards,
  Vikas Krishna

• Custom SPNEGO Authenticator

  I'm working on developing a custom spnego authenticator to JBoss. I saw a client example in Advanced JGSS Security Programming. But I haven't found if it's possible to develop a program that accepts a browser's token spnego in the server side. Is it possible in Java 6?
  Thanks a lot!!

  http://dev2dev.bea.com/utilitiestools/security.html

• WAP4410N WPA2 Enterprise Mixed authentication problem against Cisco ACS 4.2

  We have 3 x WAP4410N at new office setup in Singapore.
  Customer asked us to setup those 3 AP to make client auth against an ACS 4.2 sitting in US office.
  All the user notebooks were joined to Windows domain in US office, before sent out to Singapore office.
  We configured APs with WPA2 Enterprise Mixed mode and entered radius server address and secrects correctly.
  Logging from ACS shows that users are authenticated successfully but, on the user notebooks, authentication never seems successful and keeps authenticating.
  We have tried with other option (RADIUS) but, problem persists.
  Please help.

  Hi Robert,
  Firmware version is 2.0.4.2.
  We have tested with WPA-personal, WPA2-personal and all worked.
  For enterprise, we have tested using WPA-ent, WPA2-ent, WPA2-ent-mixed and RADIUS.
  All did not work.
  Client keeps flapping between auth and validation.
  ACS logs showed that auth OK.
  Syslog from AP showed that client was assiciated but it happened repeatedly.
  <134>Oct 28 16:13:27 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Open Authentication    10.200.4.12    28/10 16:13:28.720   
  <134>Oct 28 16:13:27 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Associated    10.200.4.12    28/10 16:13:28.720   
  <134>Oct 28 16:13:29 MVIS-SG-AP01 kernel: [][A0:88:B4:40:41:D4] SUBTYPE_AUTH    10.200.4.12    28/10 16:13:30.720   
  <134>Oct 28 16:13:29 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Open Authentication    10.200.4.12    28/10 16:13:30.720   
  <134>Oct 28 16:13:29 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Associated    10.200.4.12    28/10 16:13:30.736   
  <134>Oct 28 16:13:31 MVIS-SG-AP01 kernel: [][A0:88:B4:40:41:D4] SUBTYPE_AUTH    10.200.4.12    28/10 16:13:32.689   
  Below is the diagram for your kind ref.
        US Office          Site-to-Site VPN    SG Office 
  ACS --- ASA ------------ Internet ------------ ASA5505 ------ 2960 PoE SW ----- 3 x WAP4410N
                                                                                                     \ \___ DNS/DHCP Server
                                                                                                      \____ Wired Clients
  Note: SG office ASA is 5505 and outside interface is on Vlan 2, inside interface is on Vlan 1. 2960 switch is configured with all ports in Vlan 2. Vlan feature on WAP4410N is disabled. Layer3 communication among US office ACS, SG office ASA5505, DHCP server and WAP4410N is fine. All wired clients in SG office get IP from DHCP server. I feel this is a bit odd and you may need to know.
  Do feel free to let me know, should you need further input from me. Thanks!

• How do I use my own Custom Auth/Authentication/Entitlement (Token)?

  [ Background ]
  Adobe Access DRM provides for 3 authentication mechanisms:
  Anonymous - Licenses are issued irregardless on if there is/isn't a valid authentication token attached to the license request.
  UsernamePassword - Licenses are ONLY issued if the license request has a valid Adobe-Access-Server-Issued authentication token.
  Custom - Licenses are ONLY issued if there is a valid cusom authentication token attached to the license request.
  Typically, customers already have some authentication scheme in place and choose to re-use that system, instead of leveraging Adobe Access' built-in usernamePassword support.  For this to succeed, accomodations must be made during packaging time, on the client device, and at the Adobe Access license server endpoint.
  [ More Background ]
  Here's a forum thread that prompted this thread: http://forums.adobe.com/message/5085330#5085330
  [ Recipe ]
  1. Adobe Access DRM Policy is created that specifies a "custom" authentication token.  As of Adobe Access 4.0, the tools that ship with the Java SDK cannot create a DRM policy with "custom" authentication out the box; a small Java application will have to be written to do this, which is covered in the thread posted above.
  2. Content is packaged using this custom_auth policy.
  3. Client device performs authentication via whatever channel already exists for you to perform authentication (e.g. SAML tokens, etc...)
  4. Client device sets the authentication token: DRMManager.setAuthenticationToken()
  5. Client device attempts to acquire a license for the content created in step #2: DRMManager.loadVoucher();
  5a) Because step #4 set the authentication, all license requests going forward will automatically have this custom auth token appended to it
  6. License server receives request & extracts custom auth token to parse & perform additional entitlement checks
  7. Licnese server generates a license to return to client device.
  [ Server Code Snippet (RefImplLicenseReqHandler.java) ]
  try {
    ServletInputStream in = request.getInputStream();
    ServletOutputStream out = response.getOutputStream();
    HandlerConfiguration context = super.getHandlerContext();
    ServerCredential licenseServerCred = getLicenseParams().getLicenseServerCred();
    licenseHandler = new LicenseHandler(context, in, out, licenseServerCred);
    licenseHandler.parseRequest();
    List<? extends LicenseRequestMessage> requests = licenseHandler.getRequests();
    // Multiple request in one message is not supported in FAXS 2.0 or 3.0 client.
    for (LicenseRequestMessage licenseReq : requests) {
       try {
    // TODO: If custom authentication is specified in the DRM policy, here is where
    // you can retrieve the custom authentication token and perform custom parsing to
    // determine further business rules and entitlement before issuing a license.
    // The "Custom Authentication" will look like:
    // 1. Client device obtains auth token using some other channel
    // 2. Client device sets auth token by calling DRMManager.setAuthenticationToken()
    // 3. Client makes a license request by calling DRMManager.loadVoucher()
    // 4. Adobe Access Server receives request and:
    // 4a) Determines Custom Auth is required by DRM Policy: licenseReq.getContentInfo().getContentMetadata().getPolicies()[0].getLicenseServerInfo(). getAuthenticationType();
    // 4b) Retrieves Custom Auth token for custom parsing/handling: licenseReq.getRawAuthenticationToken()
    // 5. If there are no errors when parsing the custom token, Adobe Access Server generates a license.
                                                    V2ContentMetaData metadata = licenseReq.getContentInfo().getContentMetadata();
                                                    ApplicationProperties applicationProperties = null;
                                                    String usageModelString = null;
                                                    if (metadata != null) {
                                                              applicationProperties = metadata.getCustomProperties();
                                                              if (applicationProperties != null) {
                                                                        usageModelString = applicationProperties.getSingleValueAsUTF8String(DEMOMODE);
  cheers,
  /Eric.

  Google Search: '''firefox create a persona'''
  * '''Personas for Firefox''' | How to Create Personas<br>https://www.getpersonas.com/en-US/demo_create
  * '''Personas for Firefox''' | Frequent Questions<br>http://www.getpersonas.com/en-US/faq
  * '''Personas for Firefox''' | Getting Started<br>http://www.getpersonas.com/en-US/getting_started
  '''I think you'd have a lot more fun with Styles though''', personas tend to hide things on toolbars, styles can be more helpful (or just as bad)
  * '''Stylish''' :: Add-ons for Firefox<br>https://addons.mozilla.org/en-US/firefox/addon/stylish/
  * '''Restyle the web with Stylish!''' - userstyles.org<br>http://userstyles.org/
  * '''Scrollbar Context Menu''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/54
  * '''Scrollbar Menu''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/52
  * '''Link Warning''' - Themes and Skins for Mozilla - userstyles.org<br>http://userstyles.org/styles/1301
  * '''Tabs, Enlarge list-all-tabs button''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/18553
  * '''Tabs Bar Minimal Size''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/9043
  * '''Tab Color Underscoring active/read/unread (Fx3.6)''' - Themes and Skins for Browser - userstyles.org<br>http://userstyles.org/styles/24728

• Configuring custom database authentication in Weblogic 10

  Hi,
  For my project I am trying to configure security/login module. It's an ADF based web application(ADF11g) and is deployed on Weblogic10. I have implemented the custom authentication with DB login module, created the jar and placed it inside %WL_HOME%/server/lib/mbeantypes. Now I have created one new Authenticator inside 'myrealm'. But after the successful deployment of the application when I am trying to access any secured page this custom authenticator is not being invoked. Can anyone please tell me the exact steps I have to follow for getting custom authenticator working properly.
  Thanks much!

  I had some minor implementation faults in code, after fixing those it is working fine

• Customizing an Authenticator MBean

  All,
  I'm working on creating a custom SSPI for our specific security system. I
  have it setup and working, but there are some problems with the MBean used
  to plug it into Weblogic.
  1) I created an MDF file with three Attributes (ProviderClassName,
  Description, Version). When I go the Authentication Provider tab in the
  Weblogic console, I see that these settings are being properly retreived and
  displayed.
  But if I select my specific provider, the page that comes back has blank
  entries for everything listed here (things like name, description, version,
  control flag). Also, Control Flag appears as an empty text-input field
  instead of a drop down listing the proper flags.
  In the System.out window I see a bunch of exceptions get thrown when I
  request the details page:
  java.lang.NoSuchMethodException: couldn't find getter for 'Name' on
  com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticatorMBea
  n
  I attempted to add a new Attribute in the MDF file for "Name" and rebuilt,
  but it did not appear to fix the problem. What do I need to do to make the
  details page for my Authenticator provide useful information?
  2) My Authenticator requires some configuration properties to run. I
  currently have them hard-coded for testing purposes, but I would like for
  users to be able to set these in the console. What must I do to make these
  appear as text-input fields in the console? I could not find any examples
  of how to do this.
  -jdr

  What I did was to get the SampleSecurityProviders as a starting point
  and then add my custom properties to it.
  It didn't work for a while because of the classpath issue but once I had
  this resolved it started working fine without me having to do anything more.
  --dejan
  Jordan Reed wrote:
  Thanks Dejan,
  when I pulled all the classes out of the main server classpath and only had
  them in a jar under the mbeantypes directory in weblogic it started working
  correctly.
  Now I just need to figure out how to put my own configurable attribute in
  the MBean.
  -jordan
  "Deyan D. Bektchiev" <[email protected]> wrote in message
  news:[email protected]...
  Hi Jordan,
  I had a similar issue and the solution was to remove all of the provider
  classes from the server classpath.
  There is a sample on dev2dev.bea.com called SampleSecurityProviders that
  was very useful for me, but it has the same classpath issue (BEA support
  said they'll update their documentation for this).
  Regards,
  Dejan
  Jordan Reed wrote:
  All,
  I'm working on creating a custom SSPI for our specific security system.
  I
  have it setup and working, but there are some problems with the MBean
  used
  to plug it into Weblogic.
  1) I created an MDF file with three Attributes (ProviderClassName,
  Description, Version). When I go the Authentication Provider tab in the
  Weblogic console, I see that these settings are being properly retreived
  and
  displayed.
  But if I select my specific provider, the page that comes back has blank
  entries for everything listed here (things like name, description,
  version,
  control flag). Also, Control Flag appears as an empty text-input field
  instead of a drop down listing the proper flags.
  In the System.out window I see a bunch of exceptions get thrown when I
  request the details page:
  java.lang.NoSuchMethodException: couldn't find getter for 'Name' on
  com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticatorMBe
  a
  n
  I attempted to add a new Attribute in the MDF file for "Name" and
  rebuilt,
  but it did not appear to fix the problem. What do I need to do to make
  the
  details page for my Authenticator provide useful information?
  2) My Authenticator requires some configuration properties to run. I
  currently have them hard-coded for testing purposes, but I would like for
  users to be able to set these in the console. What must I do to make
  these
  appear as text-input fields in the console? I could not find any
  examples
  of how to do this.
  -jdr

• SecurityException (Invalid Subject) with custom database authentication provider WLS 7.0

  Hello
  I have implemented a custom authentication provider using a
  database. The login module works fine. It check the username and
  password, add the user as a WLSUser-principal and add the groups
  relatated to the user as WLSGroup-principals to the subject. I
  am able to start the WLS only using my authentication provider,
  but if i want to login into the console i get following
  SecurityException:
  java.lang.SecurityException: Invalid Subject: principals=
  [system, Administrators]
  at weblogic.security.service.SecurityServiceManager.seal
  (SecurityServiceManager.java:893)
  at weblogic.security.service.RoleManager.getRoles
  (RoleManager.java:269)
  at
  weblogic.security.service.AuthorizationManager.isAccessAllowed
  (AuthorizationManager.java:608)
  at
  weblogic.servlet.security.internal.WebAppSecurity.hasPermission
  (WebAppSecurity.java:370)
  at
  weblogic.servlet.security.internal.SecurityModule.checkPerm
  (SecurityModule.java:125)
  at
  weblogic.servlet.security.internal.FormSecurityModule.checkUserPe
  rm(FormSecurityModule.java:328)
  at
  weblogic.servlet.security.internal.SecurityModule.beginCheck
  (SecurityModule.java:179)
  at
  weblogic.servlet.security.internal.FormSecurityModule.checkA
  (FormSecurityModule.java:167)
  at
  weblogic.servlet.security.internal.ServletSecurityManager.checkAc
  cess(ServletSecurityManager.java:185)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet
  (WebAppServletContext.java:2960)
  at weblogic.servlet.internal.ServletRequestImpl.execute
  (ServletRequestImpl.java:2466)
  at weblogic.kernel.ExecuteThread.execute
  (ExecuteThread.java:152)
  at weblogic.kernel.ExecuteThread.run
  (ExecuteThread.java:133)
  Seems to me, that the default role manager does not map the
  group Administrators to the role Admin, which is allowed to
  access the resource console. So, what i do wrong? Must i set
  additional credentials to the subject? Or must i use a special
  Principal class? Who can help me?
  Thanks in advance & greetings
  Dirk Fellenstein

  I have solved it. The Problem was that the two Principal implementations, one that
  implements WLSGroup and one that implements WLSUser, need a common principal base
  class. The principal validator class, method getPrincipalBaseClass() must then return
  the common principal base class.
  "Dirk Fellenstein" <[email protected]> wrote:
  >
  Hello
  I have implemented a custom authentication provider using a
  database. The login module works fine. It check the username and
  password, add the user as a WLSUser-principal and add the groups
  relatated to the user as WLSGroup-principals to the subject. I
  am able to start the WLS only using my authentication provider,
  but if i want to login into the console i get following
  SecurityException:
  java.lang.SecurityException: Invalid Subject: principals=
  [system, Administrators]
  at weblogic.security.service.SecurityServiceManager.seal
  (SecurityServiceManager.java:893)
  at weblogic.security.service.RoleManager.getRoles
  (RoleManager.java:269)
  at
  weblogic.security.service.AuthorizationManager.isAccessAllowed
  (AuthorizationManager.java:608)
  at
  weblogic.servlet.security.internal.WebAppSecurity.hasPermission
  (WebAppSecurity.java:370)
  at
  weblogic.servlet.security.internal.SecurityModule.checkPerm
  (SecurityModule.java:125)
  at
  weblogic.servlet.security.internal.FormSecurityModule.checkUserPe
  rm(FormSecurityModule.java:328)
  at
  weblogic.servlet.security.internal.SecurityModule.beginCheck
  (SecurityModule.java:179)
  at
  weblogic.servlet.security.internal.FormSecurityModule.checkA
  (FormSecurityModule.java:167)
  at
  weblogic.servlet.security.internal.ServletSecurityManager.checkAc
  cess(ServletSecurityManager.java:185)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet
  (WebAppServletContext.java:2960)
  at weblogic.servlet.internal.ServletRequestImpl.execute
  (ServletRequestImpl.java:2466)
  at weblogic.kernel.ExecuteThread.execute
  (ExecuteThread.java:152)
  at weblogic.kernel.ExecuteThread.run
  (ExecuteThread.java:133)
  Seems to me, that the default role manager does not map the
  group Administrators to the role Admin, which is allowed to
  access the resource console. So, what i do wrong? Must i set
  additional credentials to the subject? Or must i use a special
  Principal class? Who can help me?
  Thanks in advance & greetings
  Dirk Fellenstein

• Anyone have Weblogic Server 5.1 and Firewall-1 mix authentication problems?

  We have a Weblogic Server 5.1 instance running behind Firewall-1 from
  Checkpoint. When an external client tries to connect, the following
  happens:
  1. an authentication dialog box from Firewall-1 pops up and once it
  authenticates the user, then
  2. ANOTHER authenticatino dialog box pops up from WLS but it says it is a
  combo of both WLS and Firewall-1???
  Bizzarre!
  Ideally, Just one popup should occur or people should be able to athenticate
  once in FW1 and then secondly in ONLY WLS realm (not some hybrid)
  Any ideas / suggestions
  Bart Jenkins, CTO, Globeflow SA
  Madrid Spain

  Bart,
  Could you please provide more details? For example, what is it that makes
  you believe that it is a combo?
  I ask because there is no integration between the two products. I would
  have expected that FW-1 would
  prompt because it is authenticating the user and then WLS would prompt via
  basic or form-based authentication
  if the resource is protected.
  Paul Patrick
  "Bart Jenkins" <[email protected]> wrote in message
  news:3a75efb6$[email protected]..
  We have a Weblogic Server 5.1 instance running behind Firewall-1 from
  Checkpoint. When an external client tries to connect, the following
  happens:
  1. an authentication dialog box from Firewall-1 pops up and once it
  authenticates the user, then
  2. ANOTHER authenticatino dialog box pops up from WLS but it says it is a
  combo of both WLS and Firewall-1???
  Bizzarre!
  Ideally, Just one popup should occur or people should be able toathenticate
  once in FW1 and then secondly in ONLY WLS realm (not some hybrid)
  Any ideas / suggestions
  Bart Jenkins, CTO, Globeflow SA
  Madrid Spain

• WCF - Custom WSDL (Authentication)

  I`m looking for a way to generate a WSDL based on the permissions the user has.
  We using DigistAuthentication for authorization.
  What we have so far..
  When the user logon with his credentials I can produce the WSDL for this user because I have the UserIdentity and I can use IWsdlExportExtension with ExportContract to create the WSDL for this user.
  Whats the problem..
  After a user did logon to the webservice, the service description is created for the first user which logged on. I would like to be able to generate the WSDL (ServiceDescription) for each user.

  Since the authentication is not occurring where the service is hosted, the solution will be to hand-craft a WSDL file, and then tell WCF to reference it using
  externalmetadatalocation.