Identiy Assertion Provider
What is the recommended way to access a database from an identity assertion provider?
For assert identity the caller should have admin privs. Depending on how the client
obtains and communicate with the EJB you have the option to setup a <run-as> tag
then map the role to an admin user via <run-as-role-assignment> using the deployment
descriptors.
-Craig
"Claude" <[email protected]> wrote:
>
Thank you for your answer !
I had not thought of building a custom "UsernamePassword" authenticator
and use
the password as token. It seams to be a good simple way of solving the
problem.
The EJB that accepts a token as parameter is interesting as well (especially
if
they are
performance issues). Are you sure that the class
weblogic.security.services.Authentication is suitable to be called from
an EJB?
Thanks, Claude
"Craig" <[email protected]> wrote:
I don't know of many uses outside of WebService or WebApp except when
using 2-way
SSL where the client certificate can be used to assert identity.
You could write an EJB that accepted the token and then the EJB would
programmatically
call identity assertion. Or if you had a custom authenticator you could
take the
token as the "password".
http://edocs.bea.com/wls/docs81/javadocs/weblogic/security/services/Authentication.html
-Craig
"Claude" <[email protected]> wrote:
Hello
I'm wondering whether an Identity Assertion Provider can be used with
a Java-client
or
if they are only for Web-clients (or Web-services).
I'm also wondering how the client sends its token (through the credential
set
of the JAAS
subject ?).
Thanks
Claude
Similar Messages
-
OAM Identity Asserter Provider Error:Unable to create the AccessGate entry
Hi All,
I have installed Oracle Access Manager and trying to protect an application deployed on weblogic application server.
I have added the jar oamAuthnProvider in weblogic server lib mbeantypes and configured an OAM Identity Asserter Provider in myrealm. When I restart the weblogic server, I encounter the following error:
<Error> <> <BEA-000000> <OAMAP-60516:Unableto create the AccessGate entry for identity assertion/authentication.>
<Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException
: com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException.weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException
When I remove the following section from config.xml, the server starts fine:
<sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:oam-identity-asserterType">
<n1:name xmlns:n1="http://www.bea.com/ns/weblogic/90/security">OAMID</n1:name>
<n2:control-flag xmlns:n2="http://www.bea.com/ns/weblogic/90/security">REQUIRED</n2:control-flag>
<ext:access-gate-name>MYAPP</ext:access-gate-name>
<ext:primary-access-server>AccessServer</ext:primary-access-server>
<ext:application-domain>MYDOMAIN.com</ext:application-domain>
<ext:access-gate-password-encrypted>{AES}P3UIYbQpYupPs=</ext:access-gate-password-encrypted>
</sec:authentication-provider>
Has anyone come across this error before? Please suggest a workaround..
Software versions being used:
OAM 10.1.4.3
Weblogic: 10.3.2
Thanks
JoeI am having the same problem on my WLS 10.3.4. running OSB 11g. I get the following error:
tuning)'> <<WLS Kernel>> <> <> <1296595010528> <BEA-000000> <OAMAP-60516:Unable to create the AccessGate entry for identity assertion/authentication.>
####<Feb 1, 2011 1:16:50 PM PST> <Info> <Security> <WD-OR14P5A5W624> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1296595010528> <BEA-090511> <The following exception has occurred:
com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
at weblogic.security.SecurityService.start(SecurityService.java:142)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
I looked the error number up and it says:
OAMAP-60516: Unable to create the AccessGate entry for identity assertion/authentication.
Cause: AccessGate instance creation failed.
Action: See the Identity Asserter/Authenticator log for details.
Level: 1
Type: ERROR
Impact: Configuration
This seems to indication my identity assertion is incorrect. My oam authentication provider is pretty simple.
I am using OPEN transport security so the provider config is pretty simple. I provided an AccessGate pwd, primary and secondary access gate servers and Access Gate name provided by my administrator.
I'm not sure about what the Application Domain field refers to. Can someone provide guidance on that? -
Hi All,
Im trying to call this Webservice in SOAP UI and Im getting this error.
The webservice , I Need to use is:
BusinessPartnerSUITEBulkReplicateRequest_In
http://es-workplace.sap.com/socoview(bD1lbiZjPTAwMSZkPW1pbg==)/render.asp?id=84B45EB7B18A11DE2B8D000F20FCB6A9&fragID=&pa…
Can you please help me to avoid it.
thank you for your help
Gireesh P.
Error Log:
Wert SRT: Plain SOAP: Reliable messaging (RM) configured, but no Message ID and no WSRM assertion provided.Hi Tim,
For this error following are the places that needs to be checked.
1. In C4C the protocol defined in the Communication System should be 5 - Web Services
2. In C4C Communication Arrangement should have the right protocol selected
3. In PI make sure the Communication Channel's are created using provided Communication Channel Templates as part of the standard PI content.
In other words just follow the integration guide available in SMP to avoid such errors.
Hope this helps.
Thanks,
Prakash -
Custom asserter provider for Atuhentication Basic header.
Hello,
Is it possible to create an asserter provider to obtain the basic authentication header?
I tried to create it by following the documentation: http://docs.oracle.com/cd/E23943_01/web.1111/e13718/ia.htm
But when I configure a proxy from OSB to use "custom authentication" and select the header "Authorization", not take it.
Thanks.I think it should be possible after turning off basic auth check on WLS by setting off enforce-valid-basic-auth-credentials in weblogic
-
Weblogic identity assertion provider for apache
I am using apache reverse proxy to handle the user authentication. My work env. is
a) apache reverse proxy
b) mod_auth_tkt (single sign on module for apache)
c) weblogic portal server
once the user is authenticated against mod_auth_tkt/active directory, apache generates cookie/ticket based on MD5 checksum.
I need to pass the credentials from apache to weblogic.
My question is
a) Can I use any weblogic identity assertion provider which comes weblogic server product or do i have to develop custom weblogic identity assertion provider. Please advise
Thanks
Prabu*1-Can you please double check that your latest version of your web application is deployed ?*
I have checked the application and can confirm that the correct application is deployed. With the auth-method as just BASIC (no CLIENT-CERT) I see the following behaviour:
- With a Negotiate Identity Asserter Provider I see both WWW-Authenticate: Negotiate and WWW-Authenticate: Basic
- Without a Negotiate Identity Asserter Provider I see just WWW-Authenticate: Basic
*2-I believe there is no intermediary web server (like IIS) between your client and WLS ? A third part may add additional authentication request in the http header. If there is an intermediary exist, can you please avoid it for your tests.*
I can confirm that there is no intermediary server between me and Weblogic.
*3-Can you please check "weblogic.security.enableNegotiate" system parameter value. If it is true can you please set it to false and test your app again ?*
I have weblogic.security.enableNegotiate set to true. I tried setting it to false and it seems I still see the same behaviour I described above in my answer to question 1.
*3-Although I'm quite sure that Negotiate Identity Assertion Provider would not work for your app, can you please remove it and repeat your tests again. If you detect that it's because of the Negotiate Identity Assertion Provider, that you can consider open a bug request in Oracle Support system.*
When I remove the Negotiate Identity Assertion Provider, I no longer see a WWW-Authenticate: Negotiate challenge in the response.
Edited by: user1992925 on 16/05/2010 17:06 -
Security realm - Security:097533 - Developing own authentication provider
hi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thankshi everyone,
i Developing own authentication provider and i installed a security patch, so while i restarting the weblogic server encountered the below Exeption:
<10/05/2013 05:54:33 PM COT> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified..
weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:341)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:220)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1789)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:443)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.ServiceInitializationException: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:46)
Truncated. see log file for complete stacktrace
Caused By: com.bea.common.engine.SecurityServiceRuntimeException: [Security:097533]SecurityProvider service class name for AS400Realm is not specified.
at com.bea.common.security.internal.legacy.service.SecurityProviderImpl.init(SecurityProviderImpl.java:42)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:363)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
Truncated. see log file for complete stacktrace
this is the config.xml :
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd http://xmlns.oracle.com/weblogic/security/extension http://xmlns.oracle.com/weblogic/1.0/security.xsd">
<name>base_domain</name>
<domain-version>12.1.1.0</domain-version>
<security-configuration>
<name>base_domain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xmlns:ext="http://xmlns.oracle.com/weblogic/security/extension" xsi:type="ext:as400-realmType">
<sec:name>AS400Realm</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:user-lockout-manager>
<sec:lockout-enabled>false</sec:lockout-enabled>
</sec:user-lockout-manager>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:security-dd-model>DDOnly</sec:security-dd-model>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}kyVB/9J9Fbvp11tAnYgn6grV6wQwNZZGHSh2JLQtesxS46Re+QCfIAttNE5JugllQvUHOhE+pz0AnEfYL2p5q2oeRsjqoQz2/1Lg8x+3WMoKic0xnRzw2RWoFjQo3F9x</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}4jkSbv5dMOl6cRpRa4QwB83XVavtq168cV4L+NSFDcI=</node-manager-password-encrypted>
<cross-domain-security-enabled>true</cross-domain-security-enabled>
</security-configuration>
<server>
<name>AdminServer</name>
<listen-address>localhost</listen-address>
<staging-mode>nostage</staging-mode>
</server>
<embedded-ldap>
<name>base_domain</name>
<credential-encrypted>{AES}9YeG1UFRNQzM0v6/j8cFvT9x9fkJUl1FJOWGInl5dax26FgMNEVwKNxOBHvW2opm</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.1.0</configuration-version>
this is the mbean xml (A400Realmmbean.xml):
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name = "AS400Realm" DisplayName = "AS400Realm"
Package = "co.com.claro.security"
Extends = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<MbeanAttribute Name = "ProviderClassName" Type = "java.lang.String"
Writeable = "false"
Default =
""co.com.claro.AS400Realm""
/>
<MBeanAttribute Name = "Description" Type = "java.lang.String"
Writeable = "false" Default = ""My Identity Assertion Provider""
/>
<MBeanAttribute Name = "Version" Type = "java.lang.String"
Writeable = "false" Default = ""1.0""
/>
</MBeanType>
and the runtime class:
AS400Realm.java:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import weblogic.management.security.ProviderMBean;
import weblogic.security.provider.PrincipalValidatorImpl;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.PrincipalValidator;
import weblogic.security.spi.SecurityServices;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public final class AS400Realm implements AuthenticationProviderV2
private String description;
// private SimpleSampleAuthenticatorDatabase database;
private LoginModuleControlFlag controlFlag;
// public String PARAM_JAAS_CONTEXT = "jaas-context";
// public String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
// public String DEFAULT_GROUP_NAME = "default";
public void initialize(ProviderMBean mbean, SecurityServices services)
System.out.println("AS400Realm.initialize");
AS400RealmMBean myMBean = (AS400RealmMBean)mbean;
description = myMBean.getDescription() + "\n" + myMBean.getVersion();
// database = new SimpleSampleAuthenticatorDatabase(myMBean);
String flag = myMBean.getControlFlag();
if (flag.equalsIgnoreCase("REQUIRED")) {
controlFlag = LoginModuleControlFlag.REQUIRED;
} else if (flag.equalsIgnoreCase("OPTIONAL")) {
controlFlag = LoginModuleControlFlag.OPTIONAL;
} else if (flag.equalsIgnoreCase("REQUISITE")) {
controlFlag = LoginModuleControlFlag.REQUISITE;
} else if (flag.equalsIgnoreCase("SUFFICIENT")) {
controlFlag = LoginModuleControlFlag.SUFFICIENT;
} else {
throw new IllegalArgumentException("invalid flag value" + flag);
public String getDescription()
return description;
public void shutdown()
System.out.println("AS400Realm.shutdown");
private AppConfigurationEntry getConfiguration(HashMap options)
options.put("PARAM_DATASOURCE_NAME", "jdbc/Oracle");
return new
AppConfigurationEntry(
"co.com.claro.security.AS400LoginModule",
controlFlag,
options
public AppConfigurationEntry getLoginModuleConfiguration()
HashMap options = new HashMap();
return getConfiguration(options);
public AppConfigurationEntry getAssertionModuleConfiguration()
HashMap options = new HashMap();
options.put("IdentityAssertion","true");
return getConfiguration(options);
public PrincipalValidator getPrincipalValidator()
return new PrincipalValidatorImpl();
public IdentityAsserterV2 getIdentityAsserter()
return null;
AS400LoginModule.java :
* To change this template, choose Tools | Templates
* and open the template in the editor.
package co.com.claro.security;
import com.ibm.as400.access.AS400;
import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.spi.LoginModule;
import javax.sql.DataSource;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
* @author dmunoz
final public class AS400LoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private String PARAM_DATASOURCE_NAME = "jdbc/Oracle";
private String DEFAULT_GROUP_NAME = "default";
// Determine whether this is a login or assert identity
private boolean isIdentityAssertion;
// Authentication status
private boolean loginSucceeded;
private boolean principalsInSubject;
private Vector principalsForSubject = new Vector();
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
// only called (once!) after the constructor and before login
System.out.println("SimpleSampleLoginModuleImpl.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
// Check for Identity Assertion option
isIdentityAssertion =
"true".equalsIgnoreCase((String) options.get("IdentityAssertion"));
private boolean authenticateAS400(String user, String passwd) throws Exception {
String host ="172.31.2.80";//Config.getProperty(Config.AS400_AUTHENTICATION_HOST);
AS400 as400System;
as400System = new AS400(host, user, passwd);
return as400System.validateSignon();
public boolean login() throws LoginException {
// only called (once!) after initialize
System.out.println("SimpleSampleLoginModuleImpl.login");
// loginSucceeded should be false
// principalsInSubject should be false
Callback[] callbacks = getCallbacks();
String userName = getUserName(callbacks);
if (userName.length() > 0) {
if (!isIdentityAssertion) {
String passwordHave = getPasswordHave(userName, callbacks);
try{
loginSucceeded = authenticateAS400(userName, passwordHave);
}catch(Exception e){
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.WARNING, null, e);
throw new LoginException(e.getMessage());
} else {
// anonymous login - let it through?
System.out.println("\tempty userName");
if (loginSucceeded) {
principalsForSubject.add(new WLSUserImpl(userName));
addGroupsForSubject(userName);
return loginSucceeded;
public boolean commit() throws LoginException {
// only called (once!) after login
// loginSucceeded should be true or false
// principalsInSubject should be false
// user should be null if !loginSucceeded, null or not-null otherwise
// group should be null if user == null, null or not-null otherwise
System.out.println("SimpleSampleLoginModule.commit");
if (loginSucceeded) {
subject.getPrincipals().addAll(principalsForSubject);
principalsInSubject = true;
return true;
} else {
return false;
public boolean abort() throws LoginException {
// The abort method is called to abort the authentication process. This is
// phase 2 of authentication when phase 1 fails. It is called if the
// LoginContext's overall authentication failed.
// loginSucceeded should be true or false
// user should be null if !loginSucceeded, otherwise null or not-null
// group should be null if user == null, otherwise null or not-null
// principalsInSubject should be false if user is null, otherwise true
// or false
System.out.println("SimpleSampleLoginModule.abort");
if (principalsInSubject) {
subject.getPrincipals().removeAll(principalsForSubject);
principalsInSubject = false;
return true;
public boolean logout() throws LoginException {
// should never be called
System.out.println("SimpleSampleLoginModule.logout");
return true;
private void throwLoginException(String msg) throws LoginException {
System.out.println("Throwing LoginException(" + msg + ")");
throw new LoginException(msg);
private void throwFailedLoginException(String msg) throws FailedLoginException {
System.out.println("Throwing FailedLoginException(" + msg + ")");
throw new FailedLoginException(msg);
private Callback[] getCallbacks() throws LoginException {
if (callbackHandler == null) {
throwLoginException("No CallbackHandler Specified");
Callback[] callbacks;
if (isIdentityAssertion) {
callbacks = new Callback[1];
} else {
callbacks = new Callback[2];
callbacks[1] = new PasswordCallback("password: ", false);
callbacks[0] = new NameCallback("username: ");
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throwLoginException(e.toString() + " " + e.getCallback().toString());
return callbacks;
private String getUserName(Callback[] callbacks) throws LoginException {
String userName = ((NameCallback) callbacks[0]).getName();
if (userName == null) {
throwLoginException("Username not supplied.");
System.out.println("\tuserName\t= " + userName);
return userName;
private void addGroupsForSubject(String userName) {
try {
for (Enumeration e = getGroupNamesAS400(userName);
e.hasMoreElements();) {
String groupName = (String) e.nextElement();
System.out.println("\tgroupName\t= " + groupName);
principalsForSubject.add(new WLSGroupImpl(groupName));
} catch (Exception ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
public Enumeration getGroupNamesAS400(String usuario)
throws Exception {
if(usuario == null) {
throw new Exception("Usuario no puede ser vacio");
Vector<String> grupos = new Vector<String>();
grupos.add(DEFAULT_GROUP_NAME);
Connection conn = null;
ResultSet rs = null;
PreparedStatement statement = null;
try {
Context c = new InitialContext();
DataSource dst = (DataSource) c.lookup(PARAM_DATASOURCE_NAME);
conn = dst.getConnection();
String query = "SELECT COD_ROL AS ROL " +
"FROM gestionnew.us_rol_perfil " +
"JOIN gestionnew.usuarios " +
"ON us_rol_perfil.id_perfil = usuarios.id_perfil " +
"WHERE upper(usuarios.usuariorr) = ?";
statement = conn.prepareStatement(query);
statement.setString(1, usuario.toUpperCase());
rs = statement.executeQuery();
while (rs.next()) {
grupos.add(rs.getString("ROL"));
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (NamingException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
} finally {
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (rs != null) {
try {
rs.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
if (statement != null) {
try {
statement.close();
} catch (SQLException ex) {
Logger.getLogger(AS400LoginModule.class.getName()).log(Level.SEVERE, null, ex);
return grupos.elements();
private String getPasswordHave(String userName, Callback[] callbacks) throws
LoginException {
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
char[] password = passwordCallback.getPassword();
passwordCallback.clearPassword();
if (password == null || password.length < 1) {
throwLoginException("Authentication Failed: User " + userName +
". Password not supplied");
String passwd = new String(password);
System.out.println("\tpasswordHave\t= " + passwd);
return passwd;
thanks -
Exception thrown when trying to save custom sec provider in console
Hi,
We have created a custom identity assertion provider in WLS 8.1. When we try to create a new instance in the admin console, we receive an exception (when clicking the 'Create' button). This problem only occurs in one certain test environment, and works well in our development environment. It seems to be a problem with the environment. This is the exception displayed in the console:
java.lang.ClassCastException: java.lang.NoClassDefFoundError
at javax.management.modelmbean.RequiredModelMBean.invoke(Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RequiredModelMBean.java:1166)
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljava.lang.Object;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:946)
at weblogic.management.console.utils.Security.createObject(Ljavax.management.ObjectName;Ljavax.management.ObjectName;Ljava.lang.String;)V(Security.java:767)
at weblogic.management.console.utils.Security.createProviderMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:905)
at weblogic.management.console.utils.Security.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:749)
at weblogic.management.console.utils.MBeans.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(MBeans.java:1353)
at weblogic.management.console.actions.mbean.DoCreateMBeanAction.perform(Lweblogic.management.console.actions.ActionContext;)Lweblogic.management.console.actions.Action;(DoCreateMBeanAction.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doAction(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doPost(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
--------------- nested within: ------------------
javax.management.RuntimeOperationsException: RuntimeException thrown by the invoke method of the Dynamic MBean
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljava.lang.Object;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1562)
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:946)
at weblogic.management.console.utils.Security.createObject(Ljavax.management.ObjectName;Ljavax.management.ObjectName;Ljava.lang.String;)V(Security.java:767)
at weblogic.management.console.utils.Security.createProviderMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:905)
at weblogic.management.console.utils.Security.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:749)
at weblogic.management.console.utils.MBeans.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(MBeans.java:1353)
at weblogic.management.console.actions.mbean.DoCreateMBeanAction.perform(Lweblogic.management.console.actions.ActionContext;)Lweblogic.management.console.actions.Action;(DoCreateMBeanAction.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doAction(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doPost(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
--------------- nested within: ------------------
weblogic.management.console.actions.ActionException: RuntimeException thrown by the invoke method of the Dynamic MBean - with nested exception:
[javax.management.RuntimeOperationsException: RuntimeException thrown by the invoke method of the Dynamic MBean]
at weblogic.management.console.actions.ErrorAction.(Ljava.lang.Throwable;)V(ErrorAction.java:38)
at weblogic.management.console.actions.mbean.DoCreateMBeanAction.perform(Lweblogic.management.console.actions.ActionContext;)Lweblogic.management.console.actions.Action;(DoCreateMBeanAction.java:230)
at weblogic.management.console.actions.internal.ActionServlet.doAction(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doPost(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
Do you have any idea of what the problem might be?
Cheers,
VidarHi,
We have created a custom identity assertion provider in WLS 8.1. When we try to create a new instance in the admin console, we receive an exception (when clicking the 'Create' button). This problem only occurs in one certain test environment, and works well in our development environment. It seems to be a problem with the environment. This is the exception displayed in the console:
java.lang.ClassCastException: java.lang.NoClassDefFoundError
at javax.management.modelmbean.RequiredModelMBean.invoke(Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RequiredModelMBean.java:1166)
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljava.lang.Object;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1560)
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:946)
at weblogic.management.console.utils.Security.createObject(Ljavax.management.ObjectName;Ljavax.management.ObjectName;Ljava.lang.String;)V(Security.java:767)
at weblogic.management.console.utils.Security.createProviderMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:905)
at weblogic.management.console.utils.Security.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:749)
at weblogic.management.console.utils.MBeans.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(MBeans.java:1353)
at weblogic.management.console.actions.mbean.DoCreateMBeanAction.perform(Lweblogic.management.console.actions.ActionContext;)Lweblogic.management.console.actions.Action;(DoCreateMBeanAction.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doAction(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doPost(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
--------------- nested within: ------------------
javax.management.RuntimeOperationsException: RuntimeException thrown by the invoke method of the Dynamic MBean
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljava.lang.Object;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1562)
at com.sun.management.jmx.MBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:1528)
at weblogic.management.internal.RemoteMBeanServerImpl.private_invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:988)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(RemoteMBeanServerImpl.java:946)
at weblogic.management.console.utils.Security.createObject(Ljavax.management.ObjectName;Ljavax.management.ObjectName;Ljava.lang.String;)V(Security.java:767)
at weblogic.management.console.utils.Security.createProviderMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:905)
at weblogic.management.console.utils.Security.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(Security.java:749)
at weblogic.management.console.utils.MBeans.createMBean(Ljava.lang.String;Ljava.lang.String;Ljavax.management.DynamicMBean;)Ljavax.management.DynamicMBean;(MBeans.java:1353)
at weblogic.management.console.actions.mbean.DoCreateMBeanAction.perform(Lweblogic.management.console.actions.ActionContext;)Lweblogic.management.console.actions.Action;(DoCreateMBeanAction.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doAction(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doPost(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
--------------- nested within: ------------------
weblogic.management.console.actions.ActionException: RuntimeException thrown by the invoke method of the Dynamic MBean - with nested exception:
[javax.management.RuntimeOperationsException: RuntimeException thrown by the invoke method of the Dynamic MBean]
at weblogic.management.console.actions.ErrorAction.(Ljava.lang.Throwable;)V(ErrorAction.java:38)
at weblogic.management.console.actions.mbean.DoCreateMBeanAction.perform(Lweblogic.management.console.actions.ActionContext;)Lweblogic.management.console.actions.Action;(DoCreateMBeanAction.java:230)
at weblogic.management.console.actions.internal.ActionServlet.doAction(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:173)
at weblogic.management.console.actions.internal.ActionServlet.doPost(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:1006)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6718)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3764)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
Do you have any idea of what the problem might be?
Cheers,
Vidar -
My custom identity asserter is ignored - what did I miss?
Hello -
My custom identity asserter's assertIdentity method is never called - even though I've verified that the correct token is added to the request header. I am hoping for some guidance as to what I am missing.
1. I downloaded this sample app which uses ADF security: http://jdevsamples.googlecode.com/files/ADFSecurityWL.zip
I changed the app to:
- add a filter to dump request headers to System.out so I could verify that the token is correctly added to the request headers
- changed the auth-method in web.xml from BASIC to CLIENT-CERT
2. I also downloaded the sample authentication providers (for WLS 9.1) from here: https://codesamples.samplecode.oracle.com/servlets/tracking?id=S224
and created a custom identity asserter based on the sample identity asserter provider in the app.
3. I created an EAR file for the app and an mbean jar for the custom identity assertion provider.
4. I added the mbean jar to the correct directory under weblogic, restarted weblogic, and created an instance of my provider in the security realm. I also reordered the providers so mine would be first (not sure if that matters). Then I restarted weblogic again. I verified that my provider was in the list of providers and that the chosen "Active Types" included my token type.
5. I deployed the app EAR file to weblogic.
6. I created a test program based on the test program in the sample providers download (above) and connected to the deployed app. I verified that the test program added the correct token to the request. My app's filter dumped the headers and I could see the token there.
7. My custom identity assertion provider has System.out.println calls in the initialize() and assertIdentity() methods. I can see that the initialize() method is called when I start weblogic. However, I never see the assertIdentity() method's calls to System.out.println when I try to reach the app and those calls are the 1st thing in the method.
8. I am using WebLogic Server version 10.3.3.0
So, is there some obvious step I missed? (I am new to using WLS so it wouldn't surprise me if I got something really obvious wrong...)
Thanks for reading my question,
-- ScottThanks Faisal.
When I compared my mbean declaration with yours I discovered that I had set the Extends attribute to "weblogic.management.security.authentication.Authenticator" instead of "weblogic.management.security.authentication.IdentityAsserter". Using the correct value fixed my problem. -
Setup SAML 2.0 Service Provider using WLST Offline
Is this possible http://weblogic.sys-con.com/node/1455841 to do using WLST offline?
I enabled "DebugSecurityAtn" as suggested - and "DebugHttpSessions" as well.
Unfortunately, I'm still not sure what's happening though.
Here are all my "Authentication Providers" in the order listed in the Console:
- DefaultAuthenticator : Control Flags=SUFFICIENT
- DefaultIdentityAsserter : No "Active Type"
- saml2IA (SAML 2.0 Identity Assertion Provider)
- samlauth (SAML Authentication Provider): SUFFICIENT
This is an except of the updated server log:
<SecuritySAMLAtn> <SAMLIALoginModule: commit(): SAML IA LoginModule Group Added>
<SecurityAtn> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate login succeeded and myuser was not previously locked out>
<SecurityAtn> <com.bea.common.security.internal.service.IdentityCacheServiceImpl.cachedIdentity(Subject: 3
Principal = class weblogic.security.principal.WLSUserImpl("myuser")
Principal = class weblogic.security.principal.WLSGroupImpl("grp_a")
Principal = class weblogic.security.principal.WLSGroupImpl("grp_b")
)>
<HttpSessions> <[HTTP Session:100046]Creating new session with ID: nVm... for Web application: /saml2.>
<SecuritySAML2Service> <Using redirect URL from request cache: 'https://localhost:1234/MyApp/secure/index.html'>
<SecuritySAML2Service> <Redirecting to URL: https://localhost:1234/MyApp/secure/index.html>
<HttpSessions> <[HTTP Session:100078]HTTPSession with id: "nVm..." is of size 84 bytes.>
<SecuritySAML2Service> <SAML2Filter: Processing request on URI '/MyApp/secure/index.html;jsessionid=nVm...'>
<SecuritySAML2Service> <getServiceTypeFromURI(): request URI is not a service URI>
<SecuritySAML2Service> <getServiceTypeFromURI(): returning service type 'SPinitiator'>
Thank you,
Patrick -
How to pass back Subject do Client app after authentication via identity assertion
I have developed an Identity Assertion Provider based on
SampleIdentityAsserterProviderImpl provided by BEA.
It seams that all works fine, but I don't now how to pass back authenticated
Subject to client application in order to call methods runAs(Subject,
PrivillegedAction). I have tried build Subject from
connection.getInputStream() but when I use Subject constructed in that way I
have received an error:
lava.lang.SecurityException: Invalid Subject: principals=[user, usergroup1,
usergroup1]
Thanks in advance for any suggestions.
Jerzy NawrotHi,
as per the below comment.
We want to change this and do this dynamic way so that the XCM configuration application can read these dynamic parameters and behave accordingly(like customers with different languages, client systems etc). This is the 1st part .
You have to use different scanrios to be set in XCM like (customer specific to language, and client), and that to be passed in
Where language specifications should maintained in XCM settings only. also to be noted that Product catalog for those should also maintain in that specific language.
"/init.do?scenario=value2;
The 2nd part leading this scenario is after the portal user successfully lands into ISA application, if the user needs to go back to the WDP java screen, would the JSP based ISA application be able to navigate back to the original WD Java iView Screen. ? or would it open in a new window ? (probably this can be set to be launched in same window)
I am not sure, but if you go back to WD from ISA , ISA Session will die.
Let me know if you have any further queries.
Regards,
Devender V -
How to protect an application running on Apache Tomcat app server with OAM 11gR2
Gurus,
We have an Apache Tomcat based application named "ABCD" here at client site that we want OAM 11gR2 PS1 to integrate with for SSO purposes. I have successfully configured OHS to reverse proxy requests to Apache Tomcat server whenever somebody tries to access the application URL but still, I am getting the application login page once I have successfully authenticated on OAM SSO login page. The Tomcat based application is authenticating users against a "UserDatabase realm".
I know in terms of weblogic application, there is an OAM identity asserter provider which then populates the User Principal for the java environment with the authenticated OAM user. But there is no such OAM identity provider for Tomcat.
So my question is, is there an provider (or Tomcat equivalent) which will entrust authentication to a header, that could be used to populate the Java User Principal from the OAM_REMOTE_USER header? Is the weblogic equivalent of authentication providers present in tomcat as well? Are those called valves?
Please advise to the earliest.
Thanks !!Aakash,
I did follow the 4 steps that you mentioned to me. Out of the 4 that you had mentioned, I already had the webgate in place on OHS server and I was already passing the remote_user http header in oam policy as action.
As part of Step #2: Install mod_jk plugin on OHS server that you mentioned
1.) I downloaded the tomcat connector - tomcat-connectors-1.2.37-src
2.) I had to run ./configure,make, make install on my OHS server which runs on RHEL 6. It created the mod_jk.so file. I pasted it in the needed folder.
3.) I then created the httpd.conf file and workers.properties file as said in the connector docs.
4.) Restarted OHS.
As part of Step #3: Configure tomcat's ajp connector that you mentioned and I went through all the links pasted below but didn't find actually what needs to be in place to configure tomcat's ajp connector. I do see in the server.xml of tomcat app server that the ajp 1.3 protocol is supported:
http://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html#s8
http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
http://www.mulesoft.com/understanding-tomcat-connectors
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Do we need to disable the HTTP protocol in Tomcat and keep only AJP connector enabled? If yes, how to do that?
I am trying to connect to the application from OHS server like so I am using the http protocal right? How should I use the ajp protocol to connect to tomcat application?
http://ohs-host:ohs-port/abcd
Thanks !!!!! -
SSO to a weblogic application via a header variable, possible?
Hi
Is it possible to provide single sign on to a weblogic application via a header variable?
We would like to follow a similar model to what's used with OC4J at:
http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/e10356/osso.htm#BJFJBCHB
Any feedback is appreciated.Yes this is possible via a custom Identity Assertion Provider if you are using Weblogic security. You can write the J2EE provider to extract the header and map the user to a LDAP user when you configure the authentication provider to use the same user store as OAM.
-
SSO to third party in EP 7.0 (SP-21)
Folks,
Could you please advise if we can do SSO to third party vendor using SAML/SAP logon Ticket in EP 7.0 (SP-21).
Let me explain a bit: We have EP 7.0 (SP-21), after initial logon to portal we can access backend SAP ECC6/BI applications (WebDynpro/ITS..). We would like to bring few third party vendor applications into Portal (content area) as single sign on using SAML/SAP logon Ticket
I had a chance to look into this presentation:
2009 SIM201 Next Generation SSO for SAP Applications with SAML 2.0
http://www.sdn.sap.com/irj/scn/shop?rid=/media/uuid/106df189-4d83-2c10-82a4-c0643a8bf57b
It talks about EP 7.2. Can you advsie if we can do SSO to third party vendor using SAML/SAP logon Ticket in EP 7.0 (SP-21).
Thanks in advance.
Moin.Hi Oliver,
You have the following options:
1. The user exists in NW 7.3 but has different user id than the one in the SAML2 assertion provided by the 3rd party system
For this check the following documentation link: [documentation about out-of-band account linking|http://help.sap.com/saphelp_nw73/helpdata/en/a9/e287475d544cdaa63e884180d6c23f/frameset.htm]
- if the email is available on both systems - the one that issues the assertion and NW 7.3 then try to use Email NameID format
- you may also maintain user mapping in NW 7.3 in additional user attribute
2. Same as #1 but you want that the user links both accounts when first logged in with SAML2
For this check the following documentation link: [documentation about interactive account linking|http://help.sap.com/saphelp_nw73/helpdata/en/97/4e80f86ccb43419a545c672a6bb2e3/frameset.htm]
3. The user has not account on NW 7.3 and such has to be created on the fly based on the information (assertion attributes) in the assertion (automatic account creation)
For this check the following documentation link: [documentation about automatic account creation|http://help.sap.com/saphelp_nw73/helpdata/en/97/4e80f86ccb43419a545c672a6bb2e3/frameset.htm]
4. Use temporary in-memory users
For this check the following documentation link: [documentation about identity federation with transient users|http://help.sap.com/saphelp_nw73/helpdata/en/fd/ecb2b33922414e8ad01763c84b3349/frameset.htm]
Could you provide more details about your scenario and which option seems to be relevant to it? Once we can identify which one is relevant we can discuss further details.
Regards,
Dimitar -
Custom MBean - Attribute Display Order & Documentation
Hi All,
I've implemented custom security providers for one of our customers. All Providers are working very well. However I've problems about displaying attributes of my MBeans in WLS console. Attributes of my custom mbean definitions are displayed in console in unsorted manner. They're not sorted as I put them in mbean definition file and as I know there is also no display order attribute specified in "commo.dtd". I also checked [MBean Definition|http://download.oracle.com/docs/cd/E15523_01/web.1111/e13718/mdf_ref.htm#i1035144] . Is there a way to specify display order of managed bean attributes that placed in mbean definition file ?
My second question is about generating description to display WLS console. I first tried to use "Description" attribute of MBeanAttribute element. It didn't worked. So I checked out out-of-the-box security providers to how they've done this before. I created "-doc.xml" files that uses "commodoc.dtd" schema and my attribute element's "Description" attributes as "See ...-doc.xml" in mbean definition file. It also didn't worked. I need to find a way to put my descriptions in WLS console . Any help would be appreciated.
I'm including sample mbean definition, mbean documentation definition and my mbean generation ant comments. By the way I'm trying all this by using WLS 10.3.2 environment with Sun JDK 1.6.0.18.
Thanks in advance.
ANT TASK
<java classname="weblogic.management.commo.WebLogicMBeanMaker" fork="true"
failonerror="true" >
<jvmarg line=" -DdoCheckDescription=true -Dfiles=${build_dir} -DMDFDIR=${build_dir} -DMJF=${build_dir}/${myproviderjar} -DtargetNameSpace=${namespace} -DcreateStubs=true -Dverbose=true"/>
</java>
MBEAN DEFINITION
<?xml version="1.0" encoding="windows-1252" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType Name="SpnegoCredentialMapper" DisplayName="SpnegoCredentialMapper"
Package="com.dflora.security.wls.cm.spnego" Extends="weblogic.management.security.credentials.CredentialMapper"
PersistPolicy="OnUpdate" Description="See SpnegoCredentialMapper-doc.xml.">
<!-- Standard values -->
<MBeanAttribute Name="ProviderClassName" Type="java.lang.String"
Writeable="false"
Preprocessor="weblogic.management.configuration.LegalHelper.checkClassName(value)"
Default=""com.dflora.security.wls.cm.spnego.SpnegoCredentialMapperProviderImpl""
Description="See SpnegoCredentialMapper-doc.xml." />
<MBeanAttribute Name="Description" Type="java.lang.String"
Writeable="false"
Default="" DFlora's Identity Assertion Provider for Spnego Tokens ""
Description="See SpnegoCredentialMapper-doc.xml." />
<MBeanAttribute Name="Version" Type="java.lang.String"
Writeable="false" Default=""1.0"" Description="See SpnegoCredentialMapper-doc.xml." />
<!-- Extended Attributes -->
<MBeanAttribute Name="Debug" Type="boolean" Writeable="true"
Default="false" Description="See SpnegoCredentialMapper-doc.xml." />
<MBeanAttribute Name="ForwardTicket" Type="boolean"
Writeable="true" Default="true" Description="See SpnegoCredentialMapper-doc.xml." />
</MBeanType>
MBEAN-DOC
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MBeanType SYSTEM "commodoc.dtd">
<?xml-stylesheet alternate="yes" href="commodoc.css" type="text/css"?>
<MBeanType Name="SpnegoCredentialMapper"
Package="com.dflora.security.wls.cm.spnego">
<Description>
<Lead>
<p>This MBean represents configuration information for the Spnego credential mapper.</p>
</Lead>
<Detail>
Deprecation of MBeanHome and Type-Safe Interfaces
<p>Additional description about mbean </p>
</Detail>
</Description>
<MBeanAttribute Name="Debug">
<Description>
<Lead>
<p>Enables Disables Debug</p>
</Lead>
<Detail>
<p>Detailed description of debug attribute.</p>
</Detail>
</Description>
</MBeanAttribute>
</MBeanType>Yes the description attribute doesnt work anymore the way it used to work in prev versions.
On further research it was found that the Mbean required for generating description was missing.
A bug was filed with the engineering the engineering team. I am not sure what happend after that.
Let me try to find out.
If the mean while if any one of u guys have a support contract, you can go ahead and open a case with Oracle.
As for the order on display in the console, it shows in the order in which its defined in the MDF, m not sure why its behaving differently in your case.
-Faisal
http://www.weblogic-wonders.com/weblogic/ -
Weblogic SSO with AD - My Try - What's wrong?
Dear All
I'm trying to setup Weblogic to Authenticate using AD and have SSO with a Windows workstation(joined to the domain).
I just setup an Active Directory(Win2K3), a Windows XP(SP2) and a Linux System(CentOS5) with Weblogic 10.3.
I'm wondering what is wrong with my configuration. I can only logon on Adminstration Console using weblogics local users, and even with entering username(those which created on AD) and password AD Authentication does not work.
Anyone has simliar experiance or any clue?
Appreciated
TIA
Cheers
Here is the setup:
The domain is: example.com and machines are: dc.example.com (AD), winclient.example.com (Windows XP joined to the example.com domain) and weblogic.example.com (CentOS with Weblogic 10.3 installed)
The hosts file on all three machines are filled with their FQDN, Machine Name and corresponding IP addresses. They all have ping working successfully between each two of them. Firewalls are checked to be off.
These are the steps I came through based on documentation I could found on the net:
h1. 0. Configuring Your Network Domain to Use Kerberos
In Linux Machine(Weblogic Server) edit Kerberos configuration file for appropriate values:
*/etc/krb5.conf*
\[logging\]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
\[libdefaults\]
default_realm = EXAMPLE.COM
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des_cbc_crc
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime =28800
forwardable = yes
\[realms\]
EXAMPLE.COM = {
kdc = 192.168.1.193:88
admin_server = dc
default_domain = EXAMPLE.COM
\[domain_realm\]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
\[kdc\]
profile = /var/kerberos/krb5kdc/kdc.conf
\[appdefaults\]
autologin = true
forward = true
forwardable = true
encrypt = true
pkinit = {
allow_pkinit = false
h1. 1. Create two users on AD: "New->User" with "User must change password at next logon" option cleared (not tidked)
weblogic (for weblogic service) (with password = "password1")
weblogicusr (the user which should access Weblogic Administration Console) ("password2")
* Note that group membership of these two users are left default.(Domain Users)
h1. 2. For "weblogic" & "weblogicusr" user set these Account Optiones:
- Use DES encryption types for this account (ticked)
- Do not require Kerberos preauthentication (cleared)
* then reset the password again for "weblogic" (with password = "password1") and "weblogicusr" (with "password2").
h1. 3. Create Service Principal Names for Weblogic Server and User on Win2K3 machine:
- >setspn -a host/weblogic.example.com weblogic
- >setspn -a HTTP/weblogic.example.com weblogic
here is the result
C:\Documents and Settings\Administrator.DC>setspn -L weblogic
Registered ServicePrincipalNames for CN=weblogic,CN=Users,DC=example,DC=com:
HTTP/weblogic
host/weblogic
HTTP/weblogic.example.com
host/weblogic.example.com
and
- >setspn -a HTTP/weblogic.example.com weblogicusr
and the result
C:\Documents and Settings\Administrator.DC>setspn -L weblogicusr
Registered ServicePrincipalNames for CN=Weblogic User,CN=Users,DC=example,DC=com:
HTTP/weblogicsrv.example.com
HTTP/weblogicsrv
h1. 4. Create the keytab file for Weblogic Server:
On AD machine issue:
(ktpass from MS Windows Support Tools)
>ktpass -princ host/[email protected] -pass password1 -mapuser weblogic -out c:\temp\weblogic.host.keytab
>ktpass -princ HTTP/[email protected] -pass password1 -mapuser weblogic -out c:\temp\weblogic.HTTP.keytab
(ktab from JRE 6)
>ktab -k c:\temp\weblogic.keytab -a [email protected]
Password for [email protected]:*password1*
Done!
Service key for [email protected] is saved in c:\temp\weblogic.keytab
** Note I could not kinit successfully merely with weblogic.host.keytab and/or weblogic.HTTP.keytab, I got this error +"Key table entry not found while getting initial credentials"+ how ever the keytab I created using ktab("weblogic.keytab") works fine in this case, so I decided to merge whole three of them into a keytab.
>\[root@weblogic keytabs\]# kinit -k -t weblogic.host.keytab [email protected]
>kinit(v5): Key table entry not found while getting initial credentials
h1. 5. Port and Merge keytabs
Then I ported these three files to the Linux Machine(weblogic.example.com): weblogic.host.keytab, weblogic.HTTP.keytab and weblogic.keytab
and merged into one keytab:
ktutil: "rkt weblogic.host.keytab"
ktutil: "rkt weblogic.HTTP.keytab"
ktutil: "rkt weblogic.keytab"
ktutil: "wkt weblogic-keytab"
ktutil: "q"
* then put the result keytab "weblogic-keytab" somewhere in Weblogic Path:
>/root/bea/user_projects/domains/base_domain/kerberos
h2. 5.1 Test the keytab and kerberos configuration
>\[root@weblogic keytabs\]# kinit -k -t weblogic-keytab [email protected]
>\[root@weblogic keytabs\]# klist
>Ticket cache: FILE:/tmp/krb5cc_0
>Default principal: [email protected]
>
>Valid starting Expires Service principal
>09/04/09 16:16:42 09/05/09 00:16:42 krbtgt/[email protected]
>
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
h1. 6. Creating a JAAS Login File
Create krb5Login.conf and put it in here: "/root/bea/user_projects/domains/base_domain/kerberos/"
krb5Login.conf
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
principal=*"[email protected]"* useKeyTab=true
keyTab=*/root/bea/user_projects/domains/base_domain/kerberos/weblogic-keytab* storeKey=true;
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
principal=*"[email protected]"* useKeyTab=true
keyTab=*/root/bea/user_projects/domains/base_domain/kerberos/weblogic-keytab* storeKey=true;
h1. 7. Modify startup options
add these option to "/root/bea/user_projects/domains/base_domain/bin/startWebLogic.sh"
h2. 7.1 Kerberos
-Djava.security.krb5.realm=EXAMPLE.COM
-Djava.security.krb5.kdc=dc.example.com
-zjava.security.auth.login.config=$PATHTOKRB/krb5Login.conf
-Djavax.security.auth.useSubjectCredsOnly=false
-Dweblogic.security.enableNegotiate=true h2. 7.2 Debug
-DDebugSecurityAdjudicator=true
-Dweblogic.debug.DebugSecurityAtn=true
-Dsun.security.krb5.debug=true
-Dweblogic.StdoutDebugEnabled=true";
-Dweblogic.log.StdoutSeverity=Debugh1. 8. Configuring the Identity Assertion Provider
In Weblogic Administration I created a Security Realm called "example.com" with everything default and made it default. Then restarted the Weblogic Server.
Again in Administation Console did this to example.com Security Realm:
h2. 8.1 -> Prividers: Add 3 Providers
Negotiate WebLogic Negotiate Identity Assertion provider 1.0
DIA WebLogic Identity Assertion provider 1.0
AD Provider that performs LDAP authentication 1.0 (Active Directory provider)
Default WebLogic Authentication Provider 1.0
h2. 8.2 -> Change the default parameters
h3. 8.2.1 Negotiate WebLogic Negotiate Identity Assertion provider
-> Base64 Decoding Required: false (No Change, but shouldn't it be true and how to change?)
-> Form Based Negotiation Enabled: Removed the tick
h3. 8.2.2 DIA WebLogic Identity Assertion provider (no changes)
(no changes)
h3. 8.2.3 AD Provider that performs LDAP authentication (Active Directory provider)
-> Control Flag: *SUFFICIENT*
-> User Name Attribute: *sAMAccountName*
-> Principal: *HTTP/[email protected]*
-> Host: *192.168.1.193*
-> User Base DN: *CN=Users,DC=example,dc=com*
-> Propagate Cause For Login Exception: *ticked*
-> Group Base DN: *CN=Users,DC=example,dc=com*
-> Credential: *password1*
* others left with their default values.
h1. 9. Configuring an Internet Explorer Browser
On Windows XP machine (winclient.example.com):
h2. 9.1 Configure Local Intranet Domains
- In Internet Explorer, Tools > Internet Options -> the Security tab -> Local intranet -> Sites:
> "Include all sites that bypass the proxy server" *ticked*
> "Include all local (intranet) sites not listed in other zones" *ticked*
- then in -> Advanced Dialog Box added this:
> weblogic.example.com
h2. 9.2 Configure Intranet Authentication
- In Internet Explorer, Tools > Internet Options -> the Security tab -> Local intranet -> Custome Level:
> In the Security Settings dialog box -> the User Authentication section.
> "Automatic logon only in Intranet zone" *ticked*
h2. 9.3 The Proxy Settings
No proxies are enabled
h2. 9.4 Enable Integrated Windows Authentication
- In Internet Explorer, Tools > Internet Options -> Advanced tab -> Security section:
> "Enable Integrated Windows Authentication" *ticked* by default
Edited by: Mehdi Sarmadi on Sep 4, 2009 5:51 AMI found something in Logfile:
<Sep 4, 2009 6:17:39 PM IRDT> <Debug> <SecurityAtn> <BEA-000000> <LDAP Atn Login username: weblogicusr>
<Sep 4, 2009 6:17:39 PM IRDT> <Debug> <SecurityAtn> <BEA-000000> <new LDAP connection to host 192.168.1.193 port 389 use local conne
ction is false>
<Sep 4, 2009 6:17:39 PM IRDT> <Debug> <SecurityAtn> <BEA-000000> <created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:
""}>
<Sep 4, 2009 6:17:39 PM IRDT> <Debug> <SecurityAtn> <BEA-000000> <connection failed netscape.ldap.LDAPException: error result (49);
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece^@>
<Sep 4, 2009 6:17:39 PM IRDT> <Debug> <SecurityAtn> <BEA-000000> <[Security:090294]could not get connection>
According to this post: Re: WL10.3 and SSO and Active Directory
a correct ldap connection should look like this:
<LDAP Atn Login username: Administrator>
<userExists? user:Administrator>
<new LDAP connection to host 10.10.0.254 port 389 use local connection is false>
<created new LDAP connection LDAPConnection { ldapVersion:2 bindDN:""}>
<connection succeeded>
*<getConnection return conn:LDAPConnection {ldaps://10.10.0.254:389 ldapVersion:3 bindDN:"HTTP/[email protected]"}>
<getDNForUser search("CN=Users,DC=DOMAIN,dc=local", "(&(&(cn=Administrator)(objectclass=user))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", base DN & below)>xist>*
Moreover, I turned AD's debug logging and this is what happens when I try to login with a AD user: Why "Anonymous Logon"?!
Event Type: Information
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 1535
Date: 9/4/2009
Time: 6:47:07 PM
User: NT AUTHORITY\*ANONYMOUS LOGON*
Computer: DC
Description:
Internal event: The LDAP server returned an error.
Additional Data
Error value:
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Any help would be greatly appreciated
Maybe you are looking for
-
I recently upgraded to Snow Leopard and was missing the drivers for my HP 5000 printer. I got the drivers from HP and downloaded them. When I unzipped the file, my computer went to the login page. I logged in but it stays on that page. Can't get to d
-
Discontinuation Material in MRP run
Hi, In our scenario, we are using Discontinued parts with (Discontinuation Ind - 1, Effectivity-out date - Nil) with follow-up material in MRP4 view of MM. It is observed that whenever there is no sufficient stock exist, dependant requirement is not
-
How to use the function module 'HR_ES_FEATURE_BACKFIELD'
Hi, How to use the function module 'HR_ES_FEATURE_BACKFIELD'? I need the usage from both technical as well as functional point of view. What is the use of this function module and technically how it is to be used to retrieve a feature for a particula
-
Booting stucked at 25% after Yosemite install.
Guys, i have this progress/booting bar and it is stucked at 25%. Tried to zap the pram. Rebooted several time and it is still stucked. it is a 2013 27" iMac so i dont have any cd and my time machine backup hd stopped working some days ago. what shoul
-
I Turn on my mac air 13" . I get : startup disk is full . I access the device, then the screen turns grey. What happened? what can I do?