Error generating custom authentication providor MBean

Similar Messages

• Error generating custom progress

  Hi!
  When I run an application JavaFx in Firefox or IntenetExplorer displays the following message:
  Error generating custom progress : java.lang.SecurityException: attempted to open sandboxed jar http://dl.javafx.com/1.3/progressbar__V1.3.1_b101.jar as a Trusted-Library
  java.lang.SecurityException: attempted to open sandboxed jar http://dl.javafx.com/1.3/javafx-rt-windows-i586__V1.3.1_b101.jar as a Trusted-Library
       at com.sun.deploy.security.CPCallbackHandler$ParentElement.checkResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.checkResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath$JarLoader.getResource(Unknown Source)
       at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
       at sun.plugin2.applet.JNLP2ClassLoader.findClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
       at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  Excepción: java.lang.SecurityException: attempted to open sandboxed jar http://dl.javafx.com/1.3/javafx-rt-windows-i586__V1.3.1_b101.jar as a Trusted-Library
  The version of Java is 1.6.0_21
  Thanks for the help!

  Many of problems i've expienced with deployment where about jar signature and cache. Is that problem appear only with your APP, is it signed, there were many bug related issues with JDK u18 to 20.

• OAM 11g: Error while importing Custom Authentication Plug-in.

  We are trying to create a sample custom authentication plugin in OAM 11g as per the 11.1.1.5.0 doc.
  But while trying to import the plugin via oamconsole (system configuration->Plugins->Import Plugin) we receive an error "Invalid XML Structure".
  Do we have to embed the XSD (XML Schema Definition) as well ?
  -------------------------SamplePlugin.java-------------------------------------
  import oracle.security.am.plugin.ExecutionStatus;
  import oracle.security.am.plugin.MonitoringData;
  import oracle.security.am.plugin.PluginConfig;
  import oracle.security.am.plugin.authn.AuthenticationContext;
  import oracle.security.am.plugin.authn.AuthenticationException;
  import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
  import java.util.Map;
  import java.util.logging.Level;
  class SamplePlugin extends AbstractAuthenticationPlugIn {
       private static final String CLASS_NAME = "FirstTestClass";
       public ExecutionStatus initialize (PluginConfig config){
            super.initialize(config);
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering initialize");
            return ExecutionStatus.SUCCESS;
       @Override
       public String getDescription() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public Map<String, MonitoringData> getMonitoringData() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public String getPluginName() {
            // TODO Auto-generated method stub
            return null;
       @Override
       public int getRevision() {
            // TODO Auto-generated method stub
            return 0;
       @Override
       public ExecutionStatus process(AuthenticationContext arg0)
                 throws AuthenticationException {
            if(LOGGER.isLoggable(Level.FINE)){
                 LOGGER.logp(Level.FINE,CLASS_NAME,"initialize","Entering process");
            return ExecutionStatus.SUCCESS;
       @Override
       public void setMonitoringStatus(boolean arg0) {
            // TODO Auto-generated method stub
       @Override
       public boolean getMonitoringStatus() {
            // TODO Auto-generated method stub
            return false;
  -------------------------SamplePlugin.java-------------------------------------
  ------------------------SamplePlugin.xml--------------------------------
  <?xml version="1.0" encoding="UTF-8" ?>
  <Plugin name="SamplePlugin" type="Authentication">
  <author>Self</author>
  <email>[email protected]</email>
  <creationDate>09:41:22, 2012-02-05</creationDate>
  <version>1</version>
  <description>SamplePlugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>SamplePlugin</implementation>
  </Plugin>
  ------------------------SamplePlugin.xml--------------------------------
  ------------------------MANIFEST.MF--------------------------------
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.8.2
  Bundle-Version: 1.0.0.qualifier
  Bundle-Name: SamplePlugin
  Bundle-Activator: SamplePlugin
  Bundle-ManifestVersion: 2
  Created-By: 1.6.0_24-b07 (Sun Microsystems Inc.)
  Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.
  plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api,
  oracle.security.am.common.utilities.principal,oracle.security.idm,jav
  ax.naming,javax.sql,java.management,javax.security.auth
  Bundle-SymbolicName: SamplePlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  ------------------------MANIFEST.MF--------------------------------
  Contents of SamplePlugin.jar
  1. SamplePlugin.xml
  2. SamplePlugin.class
  3. META-INF/
  MANIFEST.MF

  I build the Plugin.jar file similarly as above(followed the same steps)..
  But when i log into OAM and trying to import the plugin (System Configuration->Plugins- Import Plugin) the browser goes to hung state and i see below error in logs (domain log and in diag log)
  I see the jar file created in this location (\Middleware\user_projects\domains\IAMdomain\oam\plugins)
  Please let me know if you have any idea..Thanks!
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803273> <BEA-000000> <ADFc: /WEB-INF/adfc-config.xml: >
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adf.controller.internal.metadata.MetadataService> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-00000000000003fe> <1330549803274> <ADFC-52024> <ADFc: Duplicate managed bean definition for 'accessCheck' detected.>
  ####<Feb 29, 2012 1:10:03 PM PST> <Warning> <oracle.adfinternal.view.faces.renderkit.rich.RegionRenderer> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000402> <1330549803479> <ADF_FACES-60099> <The region component with id: pt1:_lar has detected a page fragment with multiple root components. Fragments with more than one root component may not display correctly in a region and may have a negative impact on performance. It is recommended that you restructure the page fragment to have a single root component.>
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <javax.enterprise.resource.webcontainer.jsf.application> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833253> <BEA-000000> <java.lang.NullPointerException
  javax.faces.el.EvaluationException: java.lang.NullPointerException
       at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51)
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190
  ####<Feb 29, 2012 1:10:33 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833316> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase INVOKE_APPLICATION 5
  javax.faces.FacesException: #{FileProcessor.doUpload}: java.lang.NullPointerException
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
       at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
       at oracle.adf.view.rich.component.rich.RichPopup$BroadcastContextCallback.invokeContextCallback(RichPopup.java:666)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.invokeOnComponent(UIXComponentBa
  >
  ####<Feb 29, 2012 1:10:33 PM PST> <Error> <oracle.oam.admin.console.policy> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-0000000000000593> <1330549833361> <OAM-400016> <Failed to authenticate the user
  javax.servlet.ServletException: java.lang.NullPointerException
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:277)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adf.view.rich.component.fragment.UIXRegion> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834008> <ADF_FACES-00009> <Error processing viewId: /plugin-taskflow/authplugins URI: /oracle/security/am/taskflows/authplugin.jsff actual-URI: /oracle/security/am/taskflows/authplugin.jsff.
  javax.el.ELException: java.lang.NullPointerException
       at javax.el.BeanELResolver.getValue(BeanELResolver.java:266)
       at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:173)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper._encodeAll(PanelCollectionRenderer.java:728)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer$PanelCollectionHelper.access$500(PanelCollectionRenderer.java:537)
       at oracle.adfinternal.view.faces.renderkit.rich.PanelCollectionRenderer.encodeAll(PanelCollectionRenderer.java:402)
       at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1396)
       at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
       at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:767)
       at javax.faces.component.UIComponent.encodeAll(UIComponent.java:937)
  ####<Feb 29, 2012 1:10:34 PM PST> <Warning> <oracle.adfinternal.view.faces.lifecycle.LifecycleImpl> <spsolutions> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <d6305b57ff260991:700b4664:135ca3d69dc:-8000-000000000000059a> <1330549834020> <BEA-000000> <ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RENDER_RESPONSE 6
  javax.faces.FacesException: javax.el.ELException: java.lang.NullPointerException
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._renderResponse(LifecycleImpl.java:804)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:294)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:214)

• Updating a Property in my Custom Authenticator MBean

  I have created a custom AuthenticationProvider. It is configured through an
  MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
  property in the XML file with a default value. My AuthenticationProvider is
  able to get the bean and read back the default value.
  Now, I wish to change that value to something else to allow uses to
  configure the provider. The documentation clearly says that I will be
  unable to use the Weblogic Console to do this and will have to use the
  command line "weblogic.Admin" application to do it. This is fine, but I
  cannot figure out how to access or modify my MBean.
  How do I know the MBeans name or type? The MBean generated is called
  WeblogicCarbonAuthenticatorMBean.java
  I have tried (I have not include username/password in this post for brevity)
  java weblogic.Admin GET -type WeblogicCarbonAuthenticator
  No MBeans found
  java weblogic.Admin GET -type Authenticator
  No MBeans found
  No success.
  I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
  which claim to show me all the MBeans deployed. Searching through the list
  I see nothing with the world "Carbon" or "Authenticator" in it.
  How can I find/configure my Authenticator MBeans?
  Thanks
  -jordan

  Jordan Reed wrote:
  Getting there! I can now look at my bean, but I cannot seem to update it.
  There is a string property on the MBean called "UserManagerLocation" that I
  need the end user to be able to update to their appropriate location.
  I am able to use the weblogic.Admin utility to query the MBean, but not to
  update.
  So here is my query:
  java weblogic.Admin -pretty GET -mbean
  Security:Name=myrealmWeblogicCarbonAuthenticator
  MBeanName: "Security:Name=myrealmWeblogicCarbonAuthenticator"
  ControlFlag: REQUIRED
  Description: Carbon Authentication Provider adapts authentication
  behavior to the User Manager Service
  ProviderClassName:
  com.sapient.services.security.auth.weblogic7.WeblogicCarbonAuthenticationPro
  vider
  Realm: Security:Name=myrealm
  UserManagerLocation: /security/management/test/RdbmsUserManager
  Version: 4.2
  But here is my failing update:
  java weblogic.Admin SET -mbean
  Security:Name=myrealmWeblogicCarbonAuthenticator -property
  UserManagerLocation "/security/management/RdbmsUserManager"
  MBean not specified for setting of attributes. Value UserManagerLocation for
  parameter ["9"]Get rid of the "'s around the Value. If that does not work, try
  something like this,
  java weblogic.Admin SET -mbean
  Security:Name=myrealmWeblogicCarbonAuthenticator -commotype -property
  UserManagerLocation /security/management/RdbmsUserManager
  If that does not work, please open a support case with BEA.
  Thanks,
  -satya
  >
  >
  >
  But, inside my MBean descriptor I've got it set as writable:
  <MBeanType
  Name = "WeblogicCarbonAuthenticator"
  DisplayName = "WeblogicCarbonAuthenticator"
  Package = "com.sapient.services.security.auth.weblogic7"
  Extends =
  "weblogic.management.security.authentication.Authenticator"
  PersistPolicy = "OnUpdate"
  Writable = "true"
  >
  <MBeanAttribute
  Name = "UserManagerLocation"
  Type = "java.lang.String"
  PersistPolicy = "OnUpdate"
  Readable = "true"
  Writeable = "true"
  Default =
  ""/security/management/test/RdbmsUserManager""
  />
  </MBeanType>
  Any clue why I am unable to update the attribute from the command line?
  Thanks
  -Jordan
  "Satya Ghattu" <[email protected]> wrote in message
  news:[email protected]...
  Jordan,
  You can use weblogic.Admin utility to change values of your custom MBean
  if you know the object name of your MBean.
  Jordan Reed wrote:
  I have created a custom AuthenticationProvider. It is configured
  through an
  MBean produced by WebLogicMBeanMaker from my XML file. I have a custom
  property in the XML file with a default value. MyAuthenticationProvider is
  able to get the bean and read back the default value.
  Now, I wish to change that value to something else to allow uses to
  configure the provider. The documentation clearly says that I will be
  unable to use the Weblogic Console to do this and will have to use the
  command line "weblogic.Admin" application to do it. This is fine, but I
  cannot figure out how to access or modify my MBean.
  How do I know the MBeans name or type? The MBean generated is called
  WeblogicCarbonAuthenticatorMBean.java
  I have tried (I have not include username/password in this post forbrevity)
  java weblogic.Admin GET -type WeblogicCarbonAuthenticator
  No MBeans foundyou should use the fully qualified MBean name. i.e
  java weblogic.Admin GET -type foo.blah.WeblogicCarbonAuthenticator
  java weblogic.Admin GET -type Authenticator
  No MBeans found
  No success.
  I also deployed a pair of JSPs called listMBeans.jsp and showMBean.jsp,
  which claim to show me all the MBeans deployed. Searching through the
  list
  I see nothing with the world "Carbon" or "Authenticator" in it.
  How can I find/configure my Authenticator MBeans?I assume that you are using 7.0sp1, if not please upgrade to sp1. You
  should see a file called CommoConfig.xm.booted file under your domain
  directory, this file contains all the security MBeans that the server
  found. You should be able to get the object names of your custom mbeans
  from this file.
  Hope it helped,
  -satya
  Thanks
  -jordan

• Apex Custom Authentication Schema Page Sentry Error

  Hi,
  I am using Application Express 4.0.0. I am struggling with a strange problem while trying to implement custom authentication schema.
  I declare a page sentry function 'page_sentry' which returns TRUE or FALSE based on certain conditions. My page_sentry is as follows:
  FUNCTION PAGE_SENTRY RETURN BOOLEAN
  IS
  l_username VARCHAR2(512);
  l_session_id NUMBER;
  BEGIN
  IF USER != 'APEX_PUBLIC_USER' THEN
  RETURN false;
  END IF;
  l_session_id := wwv_flow_custom_auth_std.get_session_id_from_cookie;
  -- check application session cookie.
  IF wwv_flow_custom_auth_std.is_session_valid THEN
  apex_application.g_instance := l_session_id;
  l_username := wwv_flow_custom_auth_std.get_username;
  wwv_flow_custom_auth.define_user_session(
  p_user => l_username, p_session_id => l_session_id);
  RETURN true;
  ELSE
  --redirect to login page using OWA_UTIL.REDIRECT_URL
  END IF;
  RETURN false;
  END page_sentry;
  And Cookie Name : _AUTH
  At first, It always returned FALSE. I wasn't getting any error. However, even after forcibly returning TRUE from the page_sentry function the redirect was still not happening. I tried to look into what cookies were being set for the same and I found this:
  Name:     ApexLibErrorStack1
  Content:     page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication
  I couldn't find any relevant help for this. Worst of it is I cannot set any cookie from the page_sentry function at all. Please help!

  Hi all.
  Can someone please help me out with the above issue. I am not sure if things are wrong at my end or is this an apex bug.
  --Update:
  The source of my problem perhaps lies in the manner in which I have configured my Oracle HTTP Server. When I disable port HTTP server on port 80 and run apex without it on default port 8080, the custom authentication schema cookie gets set.
  Executing the following with Oracle HTTP Server:
  OWA_UTIL.PRINT_CGI_ENV;
  gives:
  HTTP_COOKIE = ApexLibErrorStack1=page%3D1%3Cbr%20%2F%3EERR-1201%20session%20ID%20not%20set%20on%20custom%20authentication.; ORA_WWV_R1=%23ALL; ORA_WWV_R2=%23ALL; ORA_WWV_R3=%23ALL
  And without HTTP Server:
  gives:
  HTTP_COOKIE = WWV_CUSTOM-F_1420403886791332_100=9625AAC49B9951D8;......
  Did I miss something in my HTTP server configuration ?
  Edited by: pc on Jan 2, 2012 3:15 AM

• Customer ##1 Enter a valid time interval error while generating customer BP

  Dear Experts,
  I am getting the following error when I am auto generating Customer while creating Business Partner in BP transaction code.
  Customer ##1: Enter a valid time interval
  Message no. CMD_API087
  Had anybody faced this problem?
  Regards
  Komal

  Hi,
  In Transaction 'BP', after values is put for BP name, Grouping & Create in BP role, there is a field for Validity period. Click on the icon to Create Validity period. This should resolve the issue.
  Regards,
  Nimesh

• Error in custom OAM authentication plugin

  Hi All
  I am trying to build a custom OAM authentication plugin using JDeveloper. Here are the version information:
  OAM - 11.1.1.5 BP04
  WLS - 10.3.5
  Issue:
  I get the following error in the OAM logs when I try to activate the plugin.
  [2012-11-14T09:39:17.996-08:00] [oam_server1] [WARNING] [] [oracle.oam.extensibility.lifecycle] [tid: DistributedCache:DistributionCache:EventDispatcher] [userId: <anonymous>] [ecid: 0000Jfzyiy6EgKI5qrH7iY1GcxMc000002,0] [APP: oam_server] Activation failed due to felix bundle exception while installing and starting the bundle.Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)[[
  org.osgi.framework.BundleException: Unresolved constraint in bundle oamCustomAuthPlugin [2]: Unable to resolve 2.0: missing requirement [2.0] package; (package=oracle.security.am.plugin.ExecutionStatus)
  at org.apache.felix.framework.Felix.resolveBundle(Felix.java:3404)
  The names of jar file, class file, plugin xml file etc are all same. My plugin code is very generic and I have the following values in the plugin's manifest and xml file
  Plugin xml file [oamCustomAuthPlugin.xml]:
  <Plugin name="oamCustomAuthPlugin" type="Authentication">
  <author>uid</author>
  <email>[email protected]</email>
  <creationDate>09:32:20, 2011-11-13</creationDate>
  <version>4</version>
  <description>OAM Custom Authentication plugin</description>
  <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
  <implementation>com.company.oam.oamCustomAuthPlugin</implementation>
  <configuration>
  <AttributeValuePair>
  <Attribute type="string" length="20">INPUT_PARAM1</Attribute>
  <mandatory>true</mandatory>
  <instanceOverride>false</instanceOverride>
  <globalUIOverride>true</globalUIOverride>
  <value>Param1</value>
  </AttributeValuePair>
  <AttributeValuePair>
  <Attribute type="string" length="20">INPUT_PARAM2</Attribute>
  <mandatory>true</mandatory>
  <instanceOverride>false</instanceOverride>
  <globalUIOverride>true</globalUIOverride>
  <value>Param2</value>
  </AttributeValuePair>
  </configuration>
  </Plugin>
  Manifest File [MANIFEST.MF]:
  Ant-Version: Apache Ant 1.7.1
  Bundle-Version: 1.0.0.4
  Bundle-Name: oamCustomAuthPlugin
  Bundle-Activator: oamCustomAuthPlugin
  Bundle-ManifestVersion: 2
  Created-By: 17.0-b17 (Sun Microsystems Inc.)
  Import-Package: oracle.security.am.plugin,oracle.security.am.plugin.authn
  Bundle-SymbolicName: oamCustomAuthPlugin
  Bundle-RequiredExecutionEnvironment: JavaSE-1.6
  Please let me know if you have faced a sinilar issues in the past. Please help !!

  Try with Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api If it doesn't work try with - Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.api ,oracle.security.am.plugin.ExecutionStatus

• Error in Custom Ldap Authentication

  Hi All,
  I was trying to use the custom LDAP authentication( [Earlier Post|http://forums.oracle.com/forums/thread.jspa?threadID=2251976&stqc=true] ) but was not successful in making it work with our AD LDAP server. Thats when I came across post [ http://forums.oracle.com/forums/thread.jspa?messageID=916185&#916185|http://forums.oracle.com/forums/thread.jspa?messageID=916185&#916185]
  I used the same function
  create or replace function authenticate_aduser(
  p_username in varchar2,
  p_password in varchar2)
  return boolean
  is
  l_user varchar2(256);
  l_ldap_server varchar2(256) := '<Hostname>';
  l_domain varchar2(256) := '<Domain Name>';
  l_ldap_port number := 389;
  l_retval pls_integer;
  l_session dbms_ldap.session;
  l_cnt number;
  begin
  l_user := p_username||'@'||l_domain;
  l_session := dbms_ldap.init( l_ldap_server, l_ldap_port ); -- start session
  l_retval := dbms_ldap.simple_bind_s( l_session, l_user, p_password ); -- auth as user
  l_retval := dbms_ldap.unbind_s( l_session ); -- unbind
  return true;
  exception when others then
  l_retval := dbms_ldap.unbind_s( l_session );
  return false;
  end;Test it by giving correct password
       SQL> declare
  begin
  if authenticate_aduser('<username>','<correct password>') then
  dbms_output.put_line('Test Successful');
  else
  dbms_output.put_line('Test Failed');
  end if;
  end; 2 3 4 5 6 7 8
  9 /
  Test Successful
  PL/SQL procedure successfully completed.Tested it by giving wrong password
  SQL> declare
  begin
  if authenticate_aduser('<user name>','<wrong password>') then
  dbms_output.put_line('Test Successful');
  else
  dbms_output.put_line('Test Failed');
  end if;
  end; 2 3 4 5 6 7 8
  9 /
  Test Failed
  PL/SQL procedure successfully completed.So the fundtion is working perfectly with LDAP server.
  I am trying to create a custom authentication scheme with the above function.
  Shared Components -> Authentication Schemes -> create ->From Scratch ->
  In Autentication Function -> return authenticate_aduser(:P101_USERNAME,:P101_PASSWORD);
  In Logout URL -> wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&amp;p_next_flow_page_sess=4155:PUBLIC_PAGE
  Then after setting this as the current authentication scheme. Whenever I try to login with correct credentials it is giving me error
  Invalid Login Credentials
  Kindly let me know were I am going wrong here.
  Thanks & Regards,
  Vikas Krishna

  I was able to fix this.
  I used the same function authenticate_aduser
  and then followed blog http://www.talkapex.com/2009/03/custom-authentication-status.html to create a custom authentication. It worked finally.
  Thanks to Martin for his wonderful post.
  Thanks & Regards,
  Vikas Krishna

• Custom Authenticator WL startup exception

  Hi, I am using Weblogic 9.2 on Linux and have created an example custom authenticator.
  I have followed several suggested method for creation/deployment, but still am having a exception upon startup and hoping someone could help.
  from a previous post I have used the below instructions and have deployed the jar in $WL_HOME/server/lib/mbeantypes
  $WL_HOME/server/providers: This is the base Directory for Customer security Provider.
  $WL_HOME/server/providers/src This is the directory for the Source Code.
  $WL_HOME/server/providers/providersjar This is the directory for the Custom Provider Jar file .
  $WL_HOME/server/providers/created_files This is the Directory for the created schema file by Mbean maker.
  After having the directory structure as mentioned above run the command as below:
  cd $WL_HOME/server
  $WL_HOME/samples/domains/wl_server/setExamplesEnv.sh
  java -Dfiles=providers/created_files -DMDF=providers/src/MyAuthenticator.xml -DMJF=providers/providersjar/MyAuthenticator.jar -DpreserveStubs=true -DcreateStubs=true weblogic.management.commo.WebLogicMBeanMakerStarted the WL server with the following exception:
  starting weblogic with Java version:
  java version "1.5.0_12"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-b04)
  BEA JRockit(R) (build R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32, compiled mode)
  Starting WLS with line:
  /home/A470231/bea/jrockit_150_12/bin/java -jrockit -Xms256m -Xmx512m -Xverify:none -Xverify:none -da -Dplatform.home=/home/A470231/bea/weblogic92 -Dwls.home=/home/A470231/bea/weblogic92/server -Dwli.home=/home/A470231/bea/weblogic92/integration -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/home/A470231/bea/patch_weblogic923/profiles/default/sysext_manifest_classpath -Dweblogic.configuration.schemaValidationEnabled=false -Dweblogic.Name=examplesServer -Djava.security.policy=/home/A470231/bea/weblogic92/server/lib/weblogic.policy weblogic.Server
  <Aug 2, 2010 1:14:57 PM EDT> <Notice> <WebLogicServer> <BEA-000395> <Following extensions directory contents added to the end of the classpath:
  /home/A470231/bea/weblogic92/platform/lib/p13n/p13n-schemas.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_common.jar:/home/A470231/bea/weblogic92/platform/lib/p13n/p13n_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_common.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_schemas.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/netuix_system.jar:/home/A470231/bea/weblogic92/platform/lib/wlp/wsrp-common.jar>
  <Aug 2, 2010 1:14:58 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.4.0-90_CR358515-94243-1.5.0_12-20080118-1154-linux-ia32 from BEA Systems, Inc.>
  <Aug 2, 2010 1:14:59 PM EDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 9.2 MP3 Mon Mar 10 08:28:41 EDT 2008 1096261 >
  <Aug 2, 2010 1:15:03 PM EDT> <Info> <WebLogicServer> <BEA-000215> <Loaded License : /home/A470231/bea/license.bea>
  <Aug 2, 2010 1:15:03 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
  <Aug 2, 2010 1:15:03 PM EDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
  <Aug 2, 2010 1:15:04 PM EDT> <Notice> <Log Management> <BEA-170019> <The server log file /home/A470231/bea/weblogic92/samples/domains/wl_server/servers/examplesServer/logs/examplesServer.log is opened. All server side log events will be written to this file.>
  *****************SERVICE:>com.bea.common.security.internal.legacy.helper.CredentialMappingServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
  *****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkRoleMappingServiceConfigHelper_TestRealm<
  *****************SERVICE:>com.bea.common.security.internal.legacy.helper.BulkAuthorizationServiceConfigHelper_TestRealm<
  *****************SERVICE:>com.bea.common.security.internal.legacy.helper.RoleMappingServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.RoleDeploymentServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
  *****************REALM:TestRealm
  *****************ProviderMBean length:2
  *****************ProviderMBean[0]weblogic.security.providers.authorization.DefaultAuthorizerMBeanImpl@a27aaa68([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Authorizers[DefaultAuthorizer])
  *****************ProviderMBean[1]weblogic.security.providers.authorization.DefaultAdjudicatorMBeanImpl@c6697d45([wl_server]/SecurityConfiguration[wl_server]/Realms[TestRealm]/Adjudicator[DefaultAdjudicator])
  *****************SERVICE:>com.bea.common.security.internal.legacy.helper.AuthorizationServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.PolicyDeploymentServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.IsProtectedResourceServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.ApplicationVersioningServiceConfigHelper_TestRealm<
  *****************SERVICE:>weblogic.security.service.internal.RoleConsumerServiceConfigHelper_TestRealm<
  <Aug 2, 2010 1:15:07 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
  There are 1 nested errors:
  weblogic.security.service.SecurityServiceRuntimeException: [Security:090877]Service Common AuthorizationService unavailable, see exception text: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
  at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:147)
  at weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.java:83)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doATZ(CommonSecurityServiceManagerDelegateImpl.java:348)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:273)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:444)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:459)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:540)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:376)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  Caused by: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:342)
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:292)
  at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:263)
  at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:71)
  at weblogic.security.service.SecurityServiceManager.getService(SecurityServiceManager.java:95)
  at weblogic.security.service.AuthorizationManager.initialize(AuthorizationManager.java:137)
  ... 11 more
  Caused by: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name is not specified.
  at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:40)
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:340)
  ... 16 more
  Can anyone have any ideas?
  I have narrowed it down to having a problem retrieving the role and policy consumer services I believe
  Thanks,
  Bobby.

  Hi All,
  Found the reason for the exception. I was implementing the generated the CustomAuthenticatorImpl class (generated through WebLogic MBeanMaker utility) as the provider class by implementing the AuthenticationProvider interface. Keeping them separate solved the issue.
  Able to create the jar without any issues and also no error or exception after restart.
  Thanks.

• Cannot Start Weblogic Server After adding  Custom Authentication Provider

  Hi,
  I implemented a Custom authentication provider and configured it wih Weblogic 10.3 application server. Although I successfully added Authentication provider, I couldn't restart my server. I used MBeanMaker utility to package my Authentication provider and login module. Although the MBean Utility signalled some warnings and severe messages, it successfully packaged the files. When I look at the config.xml file after adding he authenticator it just adds three lines
  ( <sec:authentication-provider>
  <sec:name>STOREDPROCEDURE</sec:name>
  </sec:authentication-provider>
  ) Although there are some other attributes of the authenticator.
  Please advice.
  Here is some stack trace.
  Best Regards,
  Salim
  com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
  at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
  at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
  at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
  at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:47)
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
  at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
  at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
  at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  ####<Feb 3, 2009 12:22:42 AM EET> <Error> <Security> <localhost.localdomain> <DefaultServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1233613362036> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified..
  weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
  at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(Unknown Source)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(Unknown Source)
  at weblogic.security.service.SecurityServiceManager.initialize(Unknown Source)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for STOREDPROCEDURE is not specified.
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
  at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
  at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
  at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
  at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(Unknown Source)
  at weblogic.security.service.CSSWLSDelegateImpl.initialize(Unknown Source)

  You need to make sure that you nuke the whole directory that you are specifying to the MBean marker generator. For example, I use the following command to generate the provider jar file.
  java -Dfiles=$PRJROOT/ERModel/classes -DMDF=$PRJROOT/ERModel/classes/MyCustomAuthenticator.xml -DMJF=$PRJROOT/ERModel/custom-auth-provider.jar -DtargetNameSpace=http://xmlns.oracle.com/oracleas/schema/11/adf/sampleapp/weblogic/providers -DpreserveStubs=true -DcreateStubs=true weblogic.management.commo.WebLogicMBeanMaker1c
  I need to nuke the directory in the -Dfile option i.e. 'rm -rf $PRJROOT/ERModel/classes/' each time I generate the jar file. If you don't, the jar file generates without any error but you will get a runtime exception.

• Custom Authenticator not returning correctly

  Hi,
  I have written a custom authenticator to automatically migrate users from an oracle
  SSO database into the default WLS8.1 realm (and ultimately to an LDAP Realm).
  It all works fine, except that the over all login process fails.
  The server is set up to use the default Authenticator initially (set to SUFFICIENT),
  then, if this fails, the Migration authenticator (set to REQUIRED) is called.
  If this finds the user on the Oracle db, it creates a user for them in the default
  realm, and logs them in.
  The problem is that even though my Migration Authenticator finishes successfully
  (ie the commit() method is executed and returns true) WLS still calls the login
  error page as set up in the web.xml file.
  The last few lines of the login() method of the authenticator are :
  loginSucceeded = true;
  addUserToWLSRealm(userId, userPassword);
  principalsForSubject.add(new WLSUserImpl(userId));
  then the commit() method is :
  public boolean commit() throws LoginException {
  if(loginSucceeded) {
  subject.getPrincipals().addAll(principalsForSubject);
  principalsInSubject = true;
  System.out.println("OracleSSOLoginModule.commit - true");
  return true;
  } else {
  System.out.println("OracleSSOLoginModule.commit - false");
  return false;
  If the user then tries to log in again, since they have been added to the WLS
  realm, they are let in, but it should happen on the first attempt.
  Any Ideas...?
  TIA
  Paul

  "Paul Davies" <[email protected]> wrote in message
  news:3f4f37b3$[email protected]..
  >
  Hi,
  I have written a custom authenticator to automatically migrate users froman oracle
  SSO database into the default WLS8.1 realm (and ultimately to an LDAPRealm).
  It all works fine, except that the over all login process fails.
  The server is set up to use the default Authenticator initially (set toSUFFICIENT),
  then, if this fails, the Migration authenticator (set to REQUIRED) iscalled.
  If this finds the user on the Oracle db, it creates a user for them in thedefault
  realm, and logs them in.
  The problem is that even though my Migration Authenticator finishessuccessfully
  (ie the commit() method is executed and returns true) WLS still calls thelogin
  error page as set up in the web.xml file.
  Turn on security debugging and see if you are getting a login exception
  in the debug output - set the DebugSecurityAtn attribute in the ServerDebug
  mbean.

• OWA_SEC.CUSTOM package - Custom authentication procedures...

  Folks -
  I haven't ever used the OWA_SEC.CUSTOM package for custom authentication of a psp application - and now need to do so. The documentation doesn't have any examples of what I need to do. Although there is plenty of documentation - it all says the same stuff, without saying what developers need to do to get it to work.
  For example I have updated the following files in the following ways - and still it doesn't work:
  owapriv.sql - updated the line that says:
  auth_scheme := OWA_SEC.NO_CHECK;
  to :
  auth_scheme := OWA_SEC.CUSTOM;
  owacust.sql - updated to say:
  create or replace package body OWA_CUSTOM is
  /* Global PLSQL Agent Authorization callback function - */
  /* It is used when PLSQL Agent's authorization scheme is set to */
  /* GLOBAL or CUSTOM when there is overriding OWA_CUSTOM package.*/
  /* This is a default implementation. User should modify. */
  function authorize return boolean is
  v_username varchar2(30);
  v_pass varchar2(30);
  BEGIN
  owa_sec.set_authorization(OWA_SEC.CUSTOM);
  owa_sec.set_protection_realm('my_app');
  v_username := owa_sec.get_user_id;
  v_pass := owa_sec.get_password;
  IF v_username = 'cmanning' THEN
  return TRUE;
  ELSE
  return FALSE;
  END IF;
  end;
  end;
  show errors
  wdbsvrapp.sql looks like this:
  [DAD_mydad]
  connect_string = my_connect_string
  password = my_password
  username = my_username
  default_page = my_default_package.procedure
  ;document_table =
  ;document_path =
  ;document_proc =
  ;upload_as_long_raw =
  ;upload_as_blob =
  name_prefix =
  ;always_describe =
  ;after_proc =
  ;before_proc =
  reuse = Yes
  connmax = 20
  ;pathalias =
  ;pathaliasproc =
  enablesso = No
  ;custom_auth =
  Can anyone tell me what I am missing / doing wrong.
  For example:
  When I take out the username/password reference from the wdbsvr.app file - the browswer tries to authenticate me and the only username/password that validates is the username/password of the database user.
  I don't want to have to have database users for every application user that should be authenticated in my application. I want to put a routine in the owacust.sql file that authenticates users (via my own routine or an optional LDAP/radius/SecurID lookup). In this basic example - I am only validating with the cmanning/cmanning combination.
  From what I understand in the documentation - if I use OWA_SEC.CUSTOM - then I don't have to put a .authorize function in every package - the OWA agent simply authenticates every request via the OWA_CUSTOM.authorize function.....
  Dude - what's up?
  Can someone from the Big O help a brother out?
  cfm
  null

  Charles
  It looks to me like you want your users authenticated when they try to view your pl/sql-generated html pages, but you want to control the validation with custom code.
  You appear to be trying to use owa_custom.authorize to authorize each request, which seems like a good approach.
  This whole area is quite complex and I have never found any really comprehensive doco on it. Here are my thoughts which others might like to comment on.
  This is a simple version of owa_custom:
  PACKAGE BODY OWA_CUSTOM IS
  FUNCTION authorize return boolean is
  BEGIN
  owa_sec.set_protection_realm('aRealm');
  if owa.user_id is null then
  return false;
  else
  return my_validate_user
  (owa.user_id,owa.get_password);
  end if;
  exception
  RETURN FALSE;
  END authorize;
  begin
  owa_sec.set_authorization(OWA_SEC.GLOBAL);
  end;
  Note the begin block that applies to the package and sets authorization to GLOBAL when the package is loaded.
  The authentication mode in the DAD will need to be Global Owa (afaik) and you will need to supply an oracle username and password in the DAD. ie. you will authenticate the userid/password supplied by the user and then the user will connect to the database as the oracle user specified in the DAD.
  I cannot test this code at the moment. Nor can I give you complete instructions to set up authentication from scratch. But here's a brief description of what the code should do.
  1. It sets authorization to GLOBAL. So mod_plsql will call owa_custom.authorize for every request. That is, you don't call owa_custom.authorize, it will be done for you and the internals probably look like this:
  if owa_custom.authorize then
  user_requesed_page(user_supplied_args);
  else
  send_access_denied;
  end if;
  2. It sets up a realm, which is relevant to HTTP Basic Authentication and its challenge/response. (You don't have to use HTTP Basic Authentication. An alternative is to present a login form to the user, then you manage the userid/password.)
  3. It looks in owa.user_id which will hold the userid supplied by the browser after a HTTP Basic Authentication challenge/response.
  4. It uses your custom code to validate the userid and password once the user has been challenged to provide these. You obviously have to create the my_validate_user procedure in the schema and package of your choice.
  5. It does not time users out, it does not sustain multi-sessions per user via cookies and it does not support logout without shutting the browsers. But it is simpler for lacking these features.
  If this is a way you want to try then your first aim should be to make sure owa_custom is called globally and that it lets you into the database via the DAD-supplied userid and password. You may need some way of writing debug on the server using utl_file to confirm it is being called. Or you could make it return true unconditionally, request a page, then make it return false and request a page.
  This is just a start, but let me know if it is on topic.
  It would be great to hear suggestions and comments from others on authentication for an htp application under iAS.
  Has anyone tried DB Prism?
  null

• How to make the JMX custom authentication work ?

  I am using the password and access file based authentication on JMX. When building my JMXConnectorServer, i use the property names and it works fine.
      Map<String, String> env = new HashMap<String, String>();
      env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
      env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
      connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);However, now i want to use a custom authenticator and i implemented my own LoginModule to have a encrypted password in the password file. Thus the ideas is to have an encrypted password and plain text user name in the password file.
      public class ABCDJMXLoginModule implements LoginModule {
          private CallbackHandler callbackHandler;
          private Subject subject;
          private String u_username;
          private String u_password;
          private JMXPrincipal user;
          private Properties userCredentials;
          private String passwordFile;
          private String f_username;
          private String f_password;
          private static final Logger logger = LoggerFactory.getLogger(ABCDJMXLoginModule.class);
          public boolean abort() throws LoginException {
              // TODO Auto-generated method stub
              return false;
          public boolean commit() throws LoginException {
              // TODO Auto-generated method stub
              return true;
          public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
                  Map<String, ?> options) {
              this.subject = subject;
              this.callbackHandler = callbackHandler;
          public boolean login() throws LoginException {
              try {
                  attemptLogin();
                  loadPasswordFile();
              } catch (Exception e) {
                  logger.info("Exception, e");
              if (u_username == null || u_password == null) {
                  throw new LoginException("Either no username or no password specified");
              logger.info("Password from user and file : " + u_password + " :: " + f_password);
              if (u_password.equals(f_password)) {
                  return true;
              return false;
          public boolean logout() throws LoginException {
              // TODO Auto-generated method stub
              return true;
          private void attemptLogin() throws LoginException {
              Callback[] callbacks = new Callback[2];
              callbacks[0] = new NameCallback("u_username");
              callbacks[1] = new PasswordCallback("u_password", false);
              try {
                  callbackHandler.handle(callbacks);
              } catch (IOException e) {
                  logger.error("IOException", e);
              } catch (UnsupportedCallbackException e) {
                  logger.error("UnsupportedCallbackException", e);
              u_username = ((NameCallback) callbacks[0]).getName();
              user = new JMXPrincipal(u_username);
              char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
              u_password = tmpPassword.toString();
              logger.info("UserName : " + u_username);
              logger.info("Password : " + u_password);
              System.arraycopy(tmpPassword, 0, u_password, 0, tmpPassword.length);
              ((PasswordCallback) callbacks[1]).clearPassword();
          private void loadPasswordFile() throws IOException {
              FileInputStream fis = null;
              passwordFile = "c:\\abcd.jmx.enc.password.file";
              try {
                  fis = new FileInputStream(passwordFile);
              } catch (SecurityException e) {
                  logger.error("Security Exception", e);
              BufferedInputStream bis = new BufferedInputStream(fis);
              userCredentials = new Properties();
              userCredentials.load(bis);
              bis.close();
              f_username = u_username;
              f_password = (String) userCredentials.get(f_username);
              logger.info("UserName before Decrypt : " + f_username);
              logger.info("Password from file before Decrypt : " + f_password);
              // decrypt the password from file and later compare it with user password from JConsole
              if (f_password != null) f_password = Cryptography.decrypt(f_password);
              logger.info("Password from file after Decrypt : " + f_password);
      }When i use the following code and try to connect via JConsole nothing happens.
      Map<String, String> env = new HashMap<String, String>();
      env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
      env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
      env.put("jmx.remote.x.login.config", "com.splwg.ejb.service.management.ABCDJMXLoginModule");
      connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);Any ideas on why this happens ? For sure, i am also not coming into the ABCDJMXLoginModule class - I have some print statements there and none of them get printed. Any sort of ideas and solutions are appreciated. I tried with the property "com.sun.management.jmxremote.login.config" too. I was expecting that mentioning the property in the environment and passing it to the JMXCOnnectorServer would do all the trick.
  Am i missing something ?

  Hello dcloko_BR,
  I downloaded and installed Lenovo´s The Lenovo Solution Center and now the solution center starts after pressing the blue button. Perhaps give it a try.
  Edit: Upps sorry, only newer models are supported according to the readme.txt.
  Best regards
  Andreas
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• URGENT help required : Custom Authentication Plugin for validation of users

  Hi Experts.
  I'm a newbie and am stuck in middle of nowhere.
  I have been asked to develop a custom authentication plug-in which would validate a user using the attributes such as a userid and a shared-userid.
  shared-userid is just a custom id that would be generated on the basis of some logic.
  Currently I'm using OAM 10.1.4.3.0 on WINDOWS server and as everybody, I'm also not able to find any sample files or sample folder structure.
  As per one of the other threads https://forums.oracle.com/forums/thread.jspa?messageID=3838474, sample code and sample folders are removed from this particular version and were present in some previous version.
  So, can anyone please help me out with the following:
  1. How can I proceed to accomplish this task, i.e. to check whether a user-id and a shared-userid both are validated and a user is granted access.
  2. Are all of these files required to create a custom authentication plug-in or can we proceed only with the ".c" file (i.e. make file, authn.c, and a dll file made using the make file and .c file)
  3. Can anybody provide me with a sample file or a sample code written in "C" wherein the plug-in connects to the LDAP and searches for a particular dn for comparison or something. Also a sample make file for windows to convert the .c file to .dll.
  PLEASEEEE help me ASAP.
  Regards
  Edited by: 805912 on Nov 15, 2011 7:18 PM

  Hi,
  Regarding question 2, you also need the header file is supplied in the Access Server installation directory, under ...access\oblix\sdk\authn_api and is called authn_api.h. you need this to build the dll which must then be placed in the Access Server's ...\access\oblix\lib directory.
  Regarding question 3, if you install an earlier version of the Access Server, ie 10.1.4.2 or less, then you will get a \access\oblix\sdk\authentication\samples\authn_api directory that contains a basic sample authentication plugin. However, there is still documented in the 10.1.4.3 Developer Guide another sample plugin, simplapi.c, in the 10.1.4.3 Developer Guide with instructions on how to use it. It does work, but unfortunately requires a couple of edits to get it working after copy&pasting it (no code changes, just fairly obvious case changes eg changing ObanPlugin* to ObAnPlugin*). I used the following commands to get it to compile into a .so file on unix:
  g++44 -c -fPIC -Wno-deprecated -m32 simpleapi.c
  g++44 -shared -nostdlib -lc -m32 simpleapi.o -o simpleapi.so
  but I really would not know if or how these translate into a Windows environment.
  Regards,
  Colin
  Edited by: ColinPurdon on Nov 15, 2011 2:50 PM

• Custom Authentication Module on Identity Server

  Hi,
  I have a custom authentication module which I am trying to access through the policy agent.
  I have set the following property in AMAgent.properties file
  com.sun.am.policy.am.loginURL= http://host:port/amserver/UI/Login?module=CustomLoginModule.
  My login module code is something like this:
  package com.iplanet.am.samples.authentication.providers;
  import java.util.*;
  import javax.security.auth.Subject;
  import javax.security.auth.callback.Callback;
  import javax.security.auth.callback.NameCallback;
  import javax.security.auth.callback.PasswordCallback;
  import javax.security.auth.login.LoginException;
  import com.sun.identity.authentication.spi.AMLoginModule;
  import com.sun.identity.authentication.spi.AuthLoginException;
  import java.rmi.RemoteException;
  import java.io.FileInputStream;
  import java.util.Properties;
  public class LoginModule1 extends AMLoginModule
  private String userName;
  private String userTokenId;
  private HashMap usersMap;
  private java.security.Principal userPrincipal = null;
  public LoginModule1() throws LoginException
  public void init(Subject subject, Map sharedState, Map options)
            System.out.println("LoginModule1 initialization");
            usersMap = new HashMap();
            ResourceBundle bundle = ResourceBundle.getBundle("users");
            Enumeration users = bundle.getKeys();
            while (users.hasMoreElements())
                 String user = (String)users.nextElement();
                 String password = bundle.getString(user.trim());
                 usersMap.put(user, password);
  public int process(Callback[] callbacks, int state) throws AuthLoginException
            int currentState = state;
            if (currentState == 1)
                 userName = ((NameCallback) callbacks[0]).getName().trim();
                 char[] passwd = ((PasswordCallback) callbacks[1]).getPassword();
                 String passwdString = new String (passwd);
                 if (userName.equals(""))
                      throw new AuthLoginException("names must not be empty");
                 if (userName.equals("testuser") && passwdString.equals("testuser"))
                      userTokenId = userName;
                      return -1;
                 if (usersMap.containsKey(userName))
                      if (usersMap.get(userName).equals(new String(passwd)))
                           userTokenId = userName;
                           return -1;
                 return 0;
       public java.security.Principal getPrincipal()
            if (userPrincipal != null)
                 return userPrincipal;
            else
            if (userTokenId != null)
                 userPrincipal = new SamplePrincipal("testuser");
                 return userPrincipal;
            else
                 return null;
  So When the user requests a protected resource, the policy agent forwards the user to Identity Server with the module as CustomLoginModule. However, after this, authentication does not succeed and I get the following error message in the agent log file.
  2004-08-09 15:24:08.640 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:09.030 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:23.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:28.281 Error 2712:24fda5e8 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.484 Error 2712:130f060 PolicyAgent: validate_session_policy() access allowed to unknown user
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 PolicyEngine: am_policy_evaluate: InternalException in Service::construct_auth_svc with error message:Application authentication failed during service creation. and code:20
  2004-08-09 15:24:29.499 128 2712:24fda5e8 RemoteLog: User unknown was denied access to http://ps0391.persistent.co.in:80/test/index.html.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 LogService: LogService::logMessage() loggedBy SSOTokenID is invalid.
  2004-08-09 15:24:29.499 Error 2712:24fda5e8 all: am_log_vlog() failed with status AM_REMOTE_LOG_FAILURE.
  2004-08-09 15:24:29.499 -1 2712:24fda5e8 PolicyAgent: validate_session_policy() access denied to unknown user
  The necessary policy object is already created in Identity Server. Please send your suggestions to fix this problem.
  Thanks
  Srinivas

  Does the principal "testuser" exist in your realm? If I understand your module correctly, it looks like it always returns "testuser".
  I am guessing that Access Manager is not finding your principal. Typically if access manager cannot associate the principal returned by the custom AMLoginModule it will fail the authentication.
  I am wondering if this is related to a seperate problem I have seen with custom login modules. Try chaning the code to return an LDAP style principal it may work:
  so return "uid=testuser,ou=People,dc=yourdomain,dc=com" for example. In theory this should not be necessary but it solved some problems for me, though I am not sure why.