How to authenticate CXF-Webservice against external LDAP in WebLogic?

Similar Messages

• Authenticate OID against external LDAP v3 Directory

  Has anyone managed to get Oracle OID to authenticate
  against an external LDAP v3 directory such as Domino v5.12 or later?
  If so can you provide any assistance as to how this was achieved.
  Thank you.

  Bill,
  What documentation did you use to get this working. Our infrastructure team has really struggled figuring out how to have AD be the single signon source for our Oracle apps and technologies (Portal, Collab Suite, ...) Our EBS install is hosted at OOD.
  Doug Gabel
  School Specialty

• Issue while integrating external LDAP with weblogic

  Hi,
  i am trying integrating external LDAP (OpenLdap) with weblogic 10.3. I created a provider and provided required credentials and able to see users and group of the LDAP into the weblogic console. I am also able to login in the weblogic console with the users available in the LDAP after assigning the admin role to the ldap group. But i when i see the user's property (by clicking on the user in the admin console) it only shows the tabs for General, Password and Group only. on the other hand if i see the users from DefaultAuthenticator, it shows the Attribute tab apart from the General, Password and Group.
  Can anyone let me knwo how can we get the Attribute tab for the Ldap users.
  thx,
  Ajay

  Hi Ajay
  By default Weblogic has READ ONLY adapters for any External Security Providers that are configured like any AD Providers. READ ONLY means, you can only read the data from the ldap but not modify it, hence may be its not showing the Attributes tag. For Default Authenticator, see the first paragraph note in Attributes tab, that says the same thing. NOW, may be WLS can atleast show Attributes in READ only format, but it needs some sort of mappings to be defined. Say on Weblogic side, we have like firstName, lastName which on any typical AD will be like sn (surname = lastname), givenname (firstname) etc etc. This mapping is tough to generalize.
  One thing for sure is, from Weblogic you cannot modify or edit any attributes for any user in external AD. If you really want to get those attributes, you may need to use some javax.ldap apis or some 3rd party ready to use tools/apis. I remember Weblogic Portal has a facility to configure a xml file that defines attributes mapping and get all attributes for any user. But again thats in Weblogic Portal product and not part of weblogic server.
  If you have any SOA Software, they have some utilities for the same.
  Thanks
  Ravi Jegga

• How to authenticate OIM from AD using LDAP sync

  Hi Team,
  We do not want to use password synchronization connector for AD password sync to OIM
  After reading few article' I found two probable ways for it:
  1. Authenticate OIM via AD using libOVD with OIM and LDAP sync enable
  2. Authenticate OIM via AD using libOVD, OID and LDAP sync enable.
  Please suggest whether theses approcahes are practicaly possible or not.
  If yes then please shae related architecture docs.
  Thanks,
  Gaurav

  Here is the one of the doc:
  Configuring LDAP Authentication When LDAP Synchronization is Enabled

• How to add user to external LDAP programmatically?

  Hello.
  I have portal application in JDeveloper. Here is code that adds user to WLS embedded LDAP:
  JpsContextFactory jps = JpsContextFactory.getContextFactory();
  JpsContext jpsContext = jps.getContext();
  IdentityStoreService storeService = jpsContext.getServiceInstance(IdentityStoreService.class);
  IdentityStore is = storeService.getIdmStore();
  UserManager mn = is.getUserManager();
  RoleManager rm = is.getRoleManager();
  Principal p = mn.createUser(username,password.toCharArray()).getPrincipal();
  Role r = is.searchRole(is.SEARCH_BY_NAME, "Administrators");
  rm.grantRole(r, p);
  But I also have external LDAP on my WLS. How can I add users to external LDAP programmaticaly?

  System Preferences > Users & Groups > Unlock the lock on the bottom left > click the plus sign on the bottom left

• External LDAP for authentication

  Hi All,
  I want to use external ldap for authentication purpose with Access Manager.
  I tried adding this external ldap as a secondary ldap but couldn�t succeed.
  If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
  How can I achieve this?
  I read many topics in this forum regarding this but none of them explain how it can be achieved.
  Please suggest.
  Thanks in advance.

  This is what the amconsole log says:
  ERROR: ConsoleServletBase.onUncaughtException
  java.lang.NullPointerException
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
       at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
       at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
       at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
       at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
       at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
       at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
       at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
       at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
       at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
       at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
       at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)

• Authenticating a User against UNIX LDAP

  I recently submitted a post to determine how to authenticate a user against the Windows Active Directory. Is this also possible with UNIX? Is the code syntax basically the same? Thanks in advance.

  "Yonatan Taub" <[email protected]> wrote in message
  news:[email protected]..
  I'm using Weblogic server 7.
  I need to authenticate a user against a domain: establish whether the user
  exists and if so, verify his password.
  Code samples would be most welcome.
  You can use the login method .
  http://e-docs.bea.com/wls/docs81/javadocs/weblogic/security/services/Authent
  ication.html

• URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2

  I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
  http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
  Questions:
  1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
  2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
  Any help is appreaciated.

  this problem is due to hard-coded user/pwd in installation scripts. Here are steps
  1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
  2) reach to target CreateStartupClasses
  3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
  4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
  5) this should be password of 'ORAESB' database user.
  6) change this password value; and restart the installation.
  Regards,
  Vaibhav

• How to access an External LDAP on a weblogic server using OPSS APIs.

  Hi,
  Can anyone let me know how I can access an External LDAP configured on a weblogic server using OPSS APIs( or alternative APIs).
  I'm currently using the below snippet and I'm getting only the Users and groups from the DefaultAutheticator on the weblogic server and not the external LDAP Server.
  I've verified the providers, users and groups on the weblogic server console and can see that external LDAP server content is being picked, but my below code does not query them.
  import oracle.security.idm.IMException;
  import oracle.security.idm.IdentityStore;
  import oracle.security.idm.Role;
  import oracle.security.jps.JpsContext;
  import oracle.security.jps.JpsContextFactory;
  import oracle.security.jps.JpsException;
  import oracle.security.jps.service.idstore.IdentityStoreService;
  List<Role> rowData = null;
  JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
  JpsContext ctx = ctxf.getContext();
  IdentityStoreService storeService = ctx.getServiceInstance(IdentityStoreService.class);
  IdentityStore idStore = storeService.getIdmStore();
  rowData = this.getRoles(idStore, "*");
  Any help or pointers are highly appreciated.
  Thanks,
  Bhasker

  Can anyone please provide any suggestions. I trying to google around but still not able to find any solution.
  Thanks,
  Bhasker

• How to call Apache CXF webservice/Spring/jms from Oracle BPM 10g

  Hi , I am new to Oracle BPM and trying to develop simple POC. Can anybody give me some pointers on how to call a webservice whcich is based on Apache CXF/Spring/WSDL/jms as transport from oracle bpm 10g

  You should ask this question in the JDeveloper or BI Publisher forum.

• How to configure webcenter services to use external LDAP?

  Reassociating the identity store with an external LDAP server is mandatory only if you're using the Documents service and/or the Discussions service, in which case the WC_Spaces server, Content Server, and Collaboration server must all be configured to use the same external LDAP server.
  The question is how to configure?
  Is there any document which details this?
  Please help! this is urgent.
  Regards

  Refer
  http://docs.oracle.com/cd/E28280_01/webcenter.1111/e12405/wcadm_security_id_store.htm#WCADM1845
  http://docs.oracle.com/cd/E28280_01/webcenter.1111/e12405/wcadm_security_id_store.htm#WCADM345
  Thanks

• How do I configure version 3.0.6.6.5  to use an external LDAP?

  We're running an old version of the Portal (3.0.6.6.5) and we want to use an external ldap running on another box.
  Is it possible?
  How do I do it?

  No sorry as those portable builds are for Windows only.
  If you want Firefox 3.6.18 then see http://www.mozilla.com/en-US/firefox/all-older.html
  You could also try fooling the site in thinking you are using Firefox 3.6.18 by using this Extension. https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

• ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)

  ACS cannot Authenticate Aironet Users against Exernal DB (LDAP)
  Can anyone point me to a technical explanation of why this is true?
  All I have found so far is one small note in a help file and something that might be related under EAP-FAST explanation.
  I have posed this question to our Cisco account team but no response yet.
  Just need to have a good explanation when explaining to mgmt why we need to have a special setup for WLAN users.

  Hmmm....you should be getting more than that from debug radius and debug aaa authen if your AP is truly attempting EAP authentication. The debugs I generally use for this are 'debug aaa authen', 'debug radius', and 'debug dot11 aaa dot1x all' coupled with gathering the detailed support logs from ACS. A warning about 'debug dot11 aaa dot1x all'....it is VERY verbose and cryptic if you don't have alot of experience looking at it so it may be best to open up a TAC case. With these debugs turned on, you should see an EAPOL logon show up from the client (usually says 'received EAPOL packet...') and then a request for identity from the switch and a response from the client with a username and password. Then a series of RADIUS challenge/response packets will be passed which consists of the server cert being passed to the client for validation and then the client sending the username and password to the server. Then you will finally get an access-reject or access-accept packet from the RADIUS server. The failed and passed attempts logs in ACS can also provide good info as to what the source of the failure may be. Do you get any passed or failed attempts for these authentications?

• OCS + authentication external LDAP

  Is there anyone with experiences to use OCS in combination
  with external authentication against an SunONE LDAP server?
  I don't want to synchro the two LDAPs. I just want to use the usernames & passwords of the external LDAP.
  Can you explain to me which procedures must I follow?
  Is is necessary to create all the users of the external LDAP exists in the OID of OCS?
  If not how does this work? For example how do I grant email/files rights to a user which is not in the OCS OID?
  If the users must exists in the OID, which components must I configure within OCS? Must I write a pl/sql package for authentication to the external LDAP?
  Thanks in advantage!

  Hi Elvis!
  What you need to do is to configure an OID plug-in that can be used to authenticate the users against the SUN LDAP. There are some examples in the OID admin guide.
  The users must exist in the OID.
  The users need to be administered in the OID as the CS needs the entries in the users tree as well as the emailservercontainer tree.
  cu
  Andreas

• Authentication against both LDAP and BI repository

  I have a lot of user who are authenticated against LDAP. I need add few users who aren't exist in LDAP. I can create user in BI repository and if this user is in an Administrator group he is able to log in. But if this user isn't in an Administrator group he get error "Succesfull execution of intitializtion block LDAP is required". Is there any way how to authenticate users agains both LDAP and BI repository?

  Hi,
  why dont you create a group in ldap and add the correspondng users to that group.
  You can configure the LDAP server with that group and try...
  Hope it works...
  Regards
  Venkat