LDAP, JAAS and iPlanet on WLS8.1
Hello,
I have implemented JAAS which authenticates against LDAP set up in iPlanet on WLS8.1. The authentication part works, and I get back the Subject via logincontext.getSubject(). I want to be able to get the User's firstname and surname from LDAP. Could someone please point me in the write direction. I am using the weblogic.security.auth.login.UsernamePasswordLoginModule to authenticate.
Thanks, Jackie.
Amitava Banerjea <[email protected]> writes:
We are trying to get a portlet running on Websphere Portal Server
5.1 to make an RMI/IIOP call on an EJB on WebLogic Server
8.1. Currently it is failing to even establish a connection and get
the initial context. Any ideas on configuring the two servers so
this communication can take place?There are some known issues in both WAS 5.1 and WLS 8.1, you should
try getting the latest service packs for these products before
attempting this.
You may also be falling foul of security issues, its worth trying to
turn off security to start with.
andy
Similar Messages
-
Urgent: mapping between OID and iplanet ldap
I am trying to configure the mapping between my iplanet ldap server (source) and OID (destination) . My iplanet dn is uid=sharam,ou=People,dc=xsj,dc=xilinx,dc=com and my OID dn is cn=sharam,cn=users,dc=xsj,dc=xilinx,dc=com
My mapping file looks like this:
DomainRules
dc=xilinx,dc=com:cn=users,dc=xsj,dc=xilinx,dc=com:cn=%,cn=users,dc=xsj,dc=xilinx
AttributeRules
givenname
facsimiletelephonenumber
departmentnumber
mail
uid::::cn
telephonenumber
pager
employeenumber
l
sn
title
When I load this using ldapUploadAgentFile.sh, I am getting the following error in ldap/odi/log/IPlanet.trc file. Any ideas what I am doing wrong??
Trace Log Started at Mon Jul 08 11:28:47 PDT 2002
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112903
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112917
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112933
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112948
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113003
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113018
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113033
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113048
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113103
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113118
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113133
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113148
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113203
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113217
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113233
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113248
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113303
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113317
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113333
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113348
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error EncounteredStart the odisrv with the debug flag set to 16. This should give you a more detailed trace which might help you sort this.
Hope this helps
Vinodh R. -
LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)
I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--SunitaHi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel -
How can i config WLS7 and iPlanet LDAP
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>Yos:
Series of steps to get WLS working with some external LDAP server follows:
I. create a new domain /mydomain
II. start server
III. open WebLogic console in a browser
IV. in left frame, go to
security->realms->myrealm->providers->AuthenticationProviders and click
V. in right frame, click on “Configure a new iPlanet Authenticator”
VI. In the new screen, under General, make sure the Control Flag is set to Required,
select a name for this authenticator, and click Create.
VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
these values reflect the settings for your LDAP server. (Note: the default
principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot). Click Apply.
VIII. Click on Credential: Change. At the new screen, enter the credential
associated with the Principal that you entered in step VII in both boxes. This will
be the password that is used to do a bind to your LDAP server with the principal.
Click Apply.
IX. Select Users tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the User Base DN property, from ou=people,o=example.com to
ou=people,o=myCompany.com. Click Apply.
X. Select Groups tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the Groups Base DN property, from ou=people,o=example.com to
ou=groups,o=myCompany.com. Click Apply.
XI. Now, the boot identity of your server absolutely must be a user that exists on
your LDAP server. You must also have an “Administrators” group on your LDAP server,
and the boot identity must be a user that exists in this “Administrators” group, or
the server will not start. So open your LDAP console (this will be a console that
is specific to the LDAP server you are using) and use the management tools to create
the “Administrators” group and a user that you place in the “Administrators” group
that is the boot identity that you use to start WebLogic.
XII. Make these changes and restart the server.
XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
should see a thread like:
“LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
[0x9e2f000..0x9e2fdbc]
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:86)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
- locked <3281d98> (a java.io.BufferedInputStream)
at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
where “localhost:389” is the server name and port of your LDAP
server. This means that your Authenticator has been set up correctly.
XIV. Now you can delete your default authenticator. Open the WebLogic console and
go to security->realms->myrealm->providers->AuthenticationProviders in the left
frame, and click
XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
the far right. Say “Yes” when it asks if you are sure, then click Continue.
XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
Everything is working correctly.
Please note that the "default authenticator" refers to the embedded LDAP server that
ships with WebLogic.
Hope this helps.
Joe Jerry
Yos wrote:
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
> -
EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility
Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
AndrewHard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub -
Using Weblogic LDAP JAAS credentials for 3rd party authentication
Hello to all!
I'm posting this question because I'm developing a software layer that will connect a weblogic based web application, with LDAP authentication, to a 3rd party application, also with LDAP authentication, and I'm having difficulties in getting a <b><i>javax.security.auth.Subject</i></b> object from the weblogic server.
I already have a way of doing it, but it requires that a username and a password exist in some sort of storage, in order to work (either hardcoded (which is to be avoided as much as possible) or stored in a file (which is to be avoided if possible, but if nothing better exists...)).
I'm using a Weblogic 11g server, with LDAP authentication (LDAP provider placed in last at the provider list, with flag SUFFICIENT) and I'm developing the software layer using Oracle's jDeveloper 11g Release 1.
Now, this 3rd party application requires a <b><i>javax.security.auth.Subject</i></b> object in order to perform authentication.
How do I get this from the weblogic server ?
Of the following approaches, can you tell me which are the most correct ones ?
<ul>
a)<b>
LoginContext lc = null;
try {
lc = new LoginContext("<JAAS instance name>");
lc.login();
} catch (LoginException e) {
e.printStackTrace();
javax.security.auth.Subject subject = lc.getSubject();
</b>
</ul>
<ul>
b)<b>
LoginContext lc = new LoginContext("<JAAS instance name>"
new MyClass.CallbackHandler(userid, password));
lc.login();
javax.security.auth.Subject subject = lc.getSubject();
javax.security.auth.Subject.doAs(subject, myClassObject);
</b>
</ul>
<ul>
c)<b>
javax.security.auth.Subject subjectA = weblogic.security.Security.getCurrentSubject();
subjectA.doAs(subjectA, myClassObject);
</b>
</ul>
Thanks in advance,
Nuno B.Here is a document on Monitoring and Reporting Tool Integration into Network Admission Control.
http://www.cisco.com/en/US/netsol/ns466/networking_solutions_white_paper0900aecd801dee49.shtml -
Oracle Portal for LDAP Authentication using Iplanet directory server
I have oracle portal on solaries machine and Iplanet directory server 5.1 on windows NT,
Can i user portal user authentication Iplanet LDAP.
Regards
srinivasYes You can. You have to provide the necessary info while running the ssoldap.sql.
Vinodh R. -
This might be a simple problem, but I'm new to this and want to verify this
concept. We are looking at using IPlanet Directory Server 5.0 (which has
Roles) as our LDAP server and Weblogic 6.0 as our Web/Application Server.
Our project consists of manuals (Web Applications consisting of JSPs and
HTMLs), some of which are restricted to a specific roles/groups. So if a
user tries to access a restricted manual, they are prompted for their
username/password, which will be authenticated and if that user is a member
of the proper role/group then they are granted access to the manual.
We are maintaining user accounts and roles/groups in LDAP. In the web.xml
file of the Web Application I can specify our LDAP Realm to authenticate the
user and I can restrict web-resources (manuals) to a specific roles.
Can I configure the web.xml/weblogic.xml files to validate that the user is
a member of the proper role/group? If so, how do I do it? It looks like I
can map a role name in the web.xml file to user names in the weblogic.xml
file, but there are alot of users in each group so I don't want to have to
do this for all the web applications.
This seems pretty common problem but I can't seem to find examples of this.
Thanks,
JonYou have to write your own Custom Security Realm. Take a look at the
example RDBMSrealm and tailor it to use your LDAP Server.
[att1.html] -
LDAP performance vs iPlanet LDAP?
We have 20,000 worklist users, and wonder if we should put them in the embedded
WLS LDAP, or the iPlanet LDAP. Is there performance benchmark numbers to compare
WLS LDAP with other 3rd party LDAP? Thanks.I researched a similar issue for several days. I finally found a fix by adjusting the following keep-alive params in the magnus.conf. Of course, you will want to monitor performance and adjust accoriding to your load:
KeepAliveQueryMeanTime 1
KeepAliveQueryMaxSleepTime 0
Check this doc for more details:
http://sunsolve6.sun.com/search/document.do?assetkey=1-9-68380-1&searchclause=web%20performance -
JAAS and relation of Subject - Principal
Can someone please explain to me the intended relation of Subject to Principal as they relate to JAAS?
For example, assume I have the actual credential information stored in LDAP but supplemental data kept in Oracle HR module. During JAAS authentication I perform the LDAP auth and then retrieve the data from Oracle.
I was assuming that I would then take the created Subject and add two Principals to it (one for the LDAP entry and one for the Oracle data). But if that is the case, then how does the container know which Principal to retrieve from the Subject (for example when EJBContext.getCallerPrincipal() is called)?
Or should data from both sources be meshed into a single Principal object,and it alone be added to the Subject? If this is the case, there hardly seems a need to be dealing with Subject in JAAS.
Thanks in advance.This is exactly my question. What I am finding out however (through reading tons and looking at how Tomcat does it vs. WebLogic) is that it is pretty much container specific. It boils down to the runtime type of the Principal objects in your Subject. In the case of WebLogic, the HttpServletRequest.getUserPrincipal() method looks for a Principal that implements the WLSUser interface. WebLogic specifies that your Subject can only have one such Principal.
In Tomcat4, looking at the JAASRealm, they have provided a way for you to specify the runtime type of the Principal object (actually the api allows you to specify many types...which is another point of confussion) that will be used to represent the user principal. Additionally, they have provided the same mechanism to specify the principal classes that will be added to the subject to represent roles...
I am sorry that your question was specific about EJBContext.getCallerPrincipal() but I answered in terms of HttpServletRequest.getUserPrincipal(). I suspect that the container will automatically propagate the subject to the EJB environment and then use the same mechanism that it uses in the servlet world...however, that point doesn't seem to be well defined.
I hope we can all get some answers here to enable us to write portable enterprise applications.
Good luck,
Troy -
Hi, I am using HP11 and iPlanet web server. When trying to upload files over HTTP using FORM ENCTYPE="multipart/form-data" that are bigger than a few Kilobytes i get a 408 error. (client timeout). It is as if the server has decided that the client has timed out during the file upload. The default setting is 30 seconds for AcceptTimeout in the magnus.conf file. This should be ample to get the file across, even increasing this to 2 minutes just produces the same error after 2 minutes. Any help appreciated. Apologies if this is not the correct forum for this, I couldn't see one for iPlanet and Web, many thanks, Kieran.
Hi,
You didnt mention which version of IWS. follow these steps.
(1)Goto Web Server Administration Server, select the server you want to manage.
(2)Select Preference >> Perfomance Tuning.
(3)set HTTP Persistent Connection Timeout to your choice (eg 180 sec for three minutes)
(4) Apply changes and restart the server.
*Setting the timeout to a lower value, however, may prevent the transfer of large files as timeout does not refer to the time that the connection has been idle. For example, if you are using a 2400 baud modem, and the request timeout is set to 180 seconds, then the maximum file size that can be transferred before the connection is closed is 432000 bits (2400 multiplied by 180)
Regards
T.Raghulan
[email protected] -
Hi there,
I'm using Weblogic 6.1 and working on the security aspect of a project.
What I want to do is to set up the app so that a user logs in and gets authenticated
using JAAS. I also want to secure the app so that all requests for urls must
be authenticated first i.e. They go through the login page first.
The easiest way I can see to do this is to use FORM based authentication using
j_security_check.
Is there a way then to set whatever j_security_check in the session, within the
JAAS part of the code? Rather than authenticating with JAAS and then sending
username and password to j_security_check.
Does anyone know what to set? I looked at previous messages but they seem to
deal with earlier versions and these do not work with 6.1
Any help would be appreciated,
Thanks,
IanFrank, thanks for comments.
Yes user info is in the sama database so I can get it from there, but I would like to call this DB function once after succesfull authentication. In addition we have kind of 2 level passwords in place, one application password and one internal db password for user to access database resources.
User does not know his/her db password, we have just api to get db password after authentication and existing application api (developed for forms client originaly) assumes user access db by his own connection, so in many api's oracle function user is stored in some tables.
So what I need is after authentication of user (with application password) I can get Oracle password and then make new DB connection to all application api, just would like to store Oracle password (or new user db connection )somewhere so I dont need to fetch it everytime I need to call application API.
ferdo -
Authentication & Authorization with SSO, JAAS and Database Tables mix
Hi,
I'm looking for how manage Authentication & Authorization in a J2EE ADF+Struts+JSP application.
I'm interested in use SSO for authentication (I just did it programatically & dynamically already), and now I would like to could define authorization using database tables with users, groups, profiles, individual permissions, ..., (maitanined dynamically by web application admin) throught JAZN (JAAS or however is said) but not statically defining roles, groups, users, ... in jazn xml files.
I saw that exists the possibility to create a custom DataSourceUserManager class to manage all this, and this gave me the idea that this could be possible to do (I was thinking in make a custom Authorization API over my application tables, without JAZN) but what is better that use and extended and consolidated aprox like JAZN.
Anybody could tell me if my idea could be possible, and realizable, and maybe give me some orientation to build this approach.
A lot of thanks in advanced.
And sorry, excuse my so bad english.
See you.Marcel,
Originally the idea was to create a post to only explain how to do authentication using a Servlet filter. However,
I have recently added code to the JHeadstart runtime and generators to enable both JAAS and 'Custom' authentication AND authorization in generated applications. Therefore, this post will be made after we have released the next patch release, as it will depend on these code changes.
We currently plan to have the patch release available sometime in the second half of May.
Kind regards,
Peter Ebell
JHeadstart Team -
Hi,
<p>
I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:
</p>
<i>com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.
</i>
<p>
It seems that this needs to be setup. How do I do this?
</p>
<p>
Some general notes on LDAP:
</p><p>
I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.
</p><p>
Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.
</p><p>
It would be interesting to read what Bea and other developer think about this.
</p><p>
Kind regards,
<p>
Kai
</p>Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178) -
I'm trying to use JAAS to log in a user on a JBOSS app, but am running into a problem. I'm able to successfully authenticate the user, and retrieve a Subject from my LoginContext. However, once that request is done (i.e. the browser displays the "log in complete" page), the application seems to forget that the user was logged in. How does JAAS and JBOSS keep track of the logged in user? Is this done by keeping a singleton of LoginContext around in some scope? Right now I'm creating a new instance of LoginContext, and using it to load a new instance of my CallbackHandler. Note, when I used JBOSS default form based authentication, it kept the user logged in. However, I can't use their default auth because I have some custom things I need to do.
Thanks in advance for any help you provide.Hi,
I tested this on OC4J for you and here - after setting jbo.security.enforce to Must, the user principal name and the roles are displayed.
So there are three possibilities why you don't see things working
- JBoss doesn't add the role principals to the Subject so they become available in the session
- You attempt accessing this information in a prepareSession() override without enforcing authentication to happen for the root page - URL pattern = /
- ADF BC security doesn't recognize the custom role principal
After briefly reviewing the security implementation code, it seems that ADF BC security is dependent on Oracle JAZN for authorization.
Frank
Maybe you are looking for
-
I have a 1st gen time capsule. can I view what devises are connected to my network? if so, how
i have a 1st gen time capsule. can I view what devises are connected to my network? if so, how
-
Java Reports. Shrink the font size of the texfield.
Hello, I am working with Jasper Reports. I want User Comments to come it to report. Problem is if the Comments are bigger then it take more vertical space. But I want that its font size should reduce to fit into that area. I hope you understand Pleas
-
I can't sync 515 calendar with Outlook
The Nokia 515 is one of the simplest phones on the market, but the most complex to use. I would like to be able to see my Calendar on my iPad, 515 and Laptop. Vodaphoe support told me that I could only synchronise the phone with a Microsoft Exchange
-
System Preferences Changing Without User Input
I have one user who has had random system preferences change without her input. She is a network user connecting to a Lion 10.7.5 Server via OD. Her desktop is Lion - 10.7.4 Example: Today her setting for Security and Privacy to require a password o
-
Reg: Including an expression in query
Hi All, i have a table with two fields like id and expr. id is unique. And expr contains expressions like FirstName||' '||MiddleName||' '||LastName etc .. My requirement is i have to write a query to fetch employee information from employee table alo