LDAP Security Integration to JSF
I would like to integrate a security system that we use to the JSF project I'm developing. The setting is as follows:
We have a centralized single signon authentication system (OBLIX) that present the user with a login screen. Once the user logs in successfully, the system will direct the user to a url of my choice. The login information, such as user id, will be stored in the request as parameters.
I'm new to JSF. So far I have not have to use any servlets in jsf. All I have done in my application with JSF are backing beans and control beans. The business logic resides in the control beans which invoke the backend model programs (which deals with database etc.).
The question is how to integrate this OBLIX security nicely into my application. Can I have OBLIX direct a successful login to a jsp that triggers a control bean automatically? I need to read off the request parameters to find out who the login user is.
Is this something that should be done with JSF listeners?
Thanks in advance. I hope to hear from you experts soon.
Hi Gary,
maybe get in contact with Scott Spendolini from Sumner Technologies (http://sumnertechnologies.com/), I think these guys have some experience integrating APEX with eBusiness Suite.
Patrick
My APEX Blog: http://inside-apex.blogspot.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/
Similar Messages
-
Webcenter dicussion forum - Ldap Group Integration with JSSO
Hi,
We want to implement LDAP Group integration for the authorization purposes in
webcenter Jive Disucussions deployed in our IAS 10.1.3.2 application server.
Though jive provides support for the same, yet the JIve documentation says
that we need to implement the JIve's LDAP User authentication steps in order
to leverage LDAP Groups integration. In case of Webcenter if we use Java SSO
for the authentication purpose, we need opt for the 'Default' in the Jive
Admin's authentication page instead of LDAP settings. Opting for 'Default'
scheme doesn't allow us to configure the LDAP group settings. We are not able
find any documentation for LDAP Group Integration along with Java SSO. Could
provide us the steps required for the same? Or has anyone tried the same?
Thanks and Regards,
ABhijitHi Abhijit,
You can ignore 'Default', and implement your own user authentication mechanism, which can include LDAP group settings. You will have to follow:
- OC4J security documentation for using Java SSO in your own implementation (I think this is the right link - confirm the version numbers - http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/javasso.htm#BABEJFDI)
- Jive documentation for implementing user authentication
Navneet. -
Siebel new LDAP adapter integration with BI Publisher
Hi All!!
We have configured our Siebel (8.1.1.3) security adapter with LDAP. BI Publisher is using Siebel security model.
We had to clone our AOM (fins_esn which is using the security adapter LDAP) to finsxx_esn because we are migrating the AD 2000 to 2008 (we are also changing the domain). The roll out will last 2 month, users will be migrated by branch, it wont be a big bang.
We have to generate a new LDAP security adapter to authenticate users who are logging to finsxx_esn to the AD 2008 (AD 2008 is on a diferent domain than AD 2000. This is working for application autehtication, no problems found here)
On a standalone environment report generation is working. But for a distributed environment (1 AOM, 1 NAOM, 1 Web Server) is not working.
Does anyone knows how to integrate to BI Publisher when you have two LDAP security adapters on Siebel Application? Or is there any authentication method to use instead of "Siebel Security" so as to achieve this?
RegardsWe actually ran into a similar problem where I work. I created a support web ticket for our issue and the response is that BIP 11G is not supported for integration with Siebel 8.1, or any other version for that matter. Oracle is currently working on a fix to integrated the latest version of Siebel with BIP.
There advice to me was to downgrade to BIP 10G for the time being. -
Internal error message configuring LDAP security options in CMC
After entering LDAP security information in Central Management Console - option authentication, when clicking 'Finish' an error message appears: "internal error in secLdap complement". How can I solve this problem ?
Hi,
Please check that whether you are following the proper steps while configuring the LDAP.
You can refer the BusinessObjects Admin guide for the configuration:
http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_bip_admin_en.pdf
And also, please check troubleshooting section for more information.
Regards,
Noor. -
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
user name and password. I want to be able to interface this connection to access
the LDAP and make changes to user information within in the ldap. Right now in
my code I make a connection to the LDAP and supply the same user name and password
set up in the LDAP security realm. I want to be able to rather then re-supply
the URL and user name and password in my code I want to be able to just get that
(or create a connection simil;ar to a jdbc connection pool) connection to the
LDAP that configured in the Security Realm. Is this possible? And how would I
go about it if so?
Thanks
Sjbthe LDAPConnection pool which is used WLS Realm is not accessible to public
for programming.
thanks
kiran
"Sjb" <[email protected]> wrote in message
news:3f5744c1$[email protected]..
>
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
user name and password. I want to be able to interface this connection toaccess
the LDAP and make changes to user information within in the ldap. Rightnow in
my code I make a connection to the LDAP and supply the same user name andpassword
set up in the LDAP security realm. I want to be able to rather thenre-supply
the URL and user name and password in my code I want to be able to justget that
(or create a connection simil;ar to a jdbc connection pool) connection tothe
LDAP that configured in the Security Realm. Is this possible? And howwould I
go about it if so?
Thanks
Sjb -
LDAP security provider and web service authentication
Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
Thanks in advance!
JuliaHi,
Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
@RolesAllowed({
@SecurityRole(role="test")
@Policy(
uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
attachToWsdl=true)
Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>test</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header> -
Using LDAP security in Oracle BI Publisher.
Hi,
We have newly set up BIP for an environment and we have enable Oracle BI Server security model and only Administrator and Super user has access to view all BIP reports.
Now some of the business users want to have access to BIP reports and folders. These Users are having access OBI dashboards through LDAP and Object level security is defined by webgroups coming from Siebel source, they are wishing to navigate from OBI to BIP through Products link.
In this case, we thought to enable LDAP security model in BIP, but how Administrator Access will work after we enable LDAP security model. There are some BIP reports embedded in OBI dashboards, will they work after enabling LDAP security.
Please advise.
Thanks
KrishnaPlease let me know if someone can help on this.
Thanks
Krishna -
Revision: 20680
Revision: 20680
Author: [email protected]
Date: 2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
Log Message:
Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
Modified Paths:
blazeds/trunk/modules/opt/build.xml
Added Paths:
blazeds/trunk/modules/opt/lib/catalina-708.jar
blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.javaRevision: 20680
Revision: 20680
Author: [email protected]
Date: 2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
Log Message:
Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
Modified Paths:
blazeds/trunk/modules/opt/build.xml
Added Paths:
blazeds/trunk/modules/opt/lib/catalina-708.jar
blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java -
Webcenter dicussion forum - Ldap Group Integration issue
Hi All,
I am trying to implement LDAP Group integration in our jive forums 5.1.0 installed in an Oracle IAS 10.1.3.2 server.
I have followed the steps mentioned in the LDAP documentation and setup the following system properties:
ldap.groupNameField cn
ldap.groupMemberField uniquemember
ldap.groupDescriptionField description
ldap.groupSearchFilter (cn={0})
I just restarted the server after setting up these , but the forums instance is not coming up in the server. Throwing the following error:
08/01/21 14:52:33.550 jiveforums: http://CompressingFilter/1.4.4 CompressingFilter has initialized
08/01/21 15:23:04.597 jiveforums: Servlet error
java.io.IOException: An established connection was aborted by the software in your host machine
at sun.nio.ch.SocketDispatcher.write0(Native Method)
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:33)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:104)
at sun.nio.ch.IOUtil.write(IOUtil.java:75)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:302)
at java.nio.channels.Channels.write(Channels.java:60)
at java.nio.channels.Channels.access$000(Channels.java:47)
at java.nio.channels.Channels$1.write(Channels.java:134)
at com.evermind.server.http.AJPOutputStream.endRequest(AJPOutputStream.java:117)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:309)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
08/01/21 15:25:59.956 jiveforums: Exception thrown during contextDestroyed
java.lang.ExceptionInInitializerError
at com.jivesoftware.forum.database.DbForumFactory.getAttachmentManager(DbForumFactory.java:798)
at com.jivesoftware.forum.database.DbForumFactory.destroy(DbForumFactory.java:410)
at com.jivesoftware.forum.database.DbForumFactory.shutdown(DbForumFactory.java:381)
at com.jivesoftware.forum.util.ForumsLifeCycleListener.contextDestroyed(ForumsLifeCycleListener.java:88)
at com.evermind.server.http.HttpApplication.destroyContextListeners(HttpApplication.java:5877)
at com.evermind.server.http.HttpApplication.destroy(HttpApplication.java:5843)
at com.evermind.server.http.HttpSite.destroy(HttpSite.java:877)
at com.evermind.server.http.HttpServer.destroy(HttpServer.java:548)
at com.evermind.server.ApplicationServer.destroy(ApplicationServer.java:2030)
at com.evermind.server.ApplicationServerShutdownHandler.run(ApplicationServerShutdownHandler.java:93)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.IllegalStateException: Timer already cancelled.
at java.util.Timer.sched(Timer.java:354)
at java.util.Timer.scheduleAtFixedRate(Timer.java:296)
at com.jivesoftware.util.TaskEngine.scheduleTask(TaskEngine.java:218)
at com.jivesoftware.util.TaskEngine.scheduleTask(TaskEngine.java:202)
at com.jivesoftware.forum.database.DbAttachmentManager.<init>(DbAttachmentManager.java:160)
at com.jivesoftware.forum.database.DbAttachmentManager.<clinit>(DbAttachmentManager.java:48)
Can anyone please throw a light?
Thanks and regards,
ABhijitHi Guneet,
We are using jive 5.5.9 instead of 5.1.0 that comes with webcenter.
Also we are just trying to validate the JIve's authorization scheme so didn't integrate the Java SSO part. Jive forum is just a standalone OC4J instance in the IAS server and we are using the LDAP configuration in the User,Groups Authentication page instead or default which is required for Java SSO.
Thanks,
ABhijit -
Is it possible to bind to J2ee Security methods in JSF pages, like request.getUserPrincipal() or request.isUserInRole("rolename)?
Hi,
actually you can use EL if you create a method in a managed bean to check for a specific role membership. Reference the method - which returns true or false - from EL. Note that EL cannot have arguments and for this reason you cannot directly pass in role names as argumens
Frank -
Steps for portal and Microsoft LDAP server integration
Hi,
Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
Thanks in advance.
Regards,
NirajPlease don't cross post in multiple forums..
-
Understanding LDAP Security Groups - Need assistance...
Hi,
Can someone walk me through a simple step-by-step outline of how to adjust LDAP security groups so that they work properly with report objects and folders. I've added a number of LDAP groups to our server and see the user accounts in them but am having difficulty understanding how to apply these groups to the right folders and have access behave correctly. As an example I have a couple groups where a few users are in LDAP under MKTDEPT and others are under SYSUSR. A few users are in both. I want to give MKTDEPT view rights to a folder whereas SYSUSR gets schedule rights. I'm having an issue with teh Everyone group in that I have to set it to at least 'view' for anyone to see anything. This is even though the MKTDEPT and SYSUSER user security is set lower. So what's the best approach to get this to work right? Any steps or documents that could help me out would be terrific.
Thanks,
DomDominic,
Most of the information you need is in the Administration Guide.
That said, here's how I would do it:
Lets say MKTDEPT has users A,B,C,D,E and SYSUSER has users B,C,D,H,J. Lets call the folder you want to assign rights to as (rather unimaginatively) FolderA.
For FolderA, set the following rights.
Everyone Group --> No Access
MKTDEPT --> View
SYSUSER --> Schedule
The problem now is dealing with users that belong to both group. For this, I would create a new (Enterprise) group called MKTSYS and add the common users to that group. This group would get Schedule rights to FolderA.
Also, as a practice, it is best to create Enterprise copies of your LDAP groups (especially since you have users that can belong to multiple LDAP groups). So, you would have
*MKTDEPTENT which contains users in the MKTDEPT LDAP group.
SYSUSERENT which contains users in the SYSUSER LDAP group.*
I would then add these groups to the list of groups with access to FolderA.
So, the list of groups with access to FolderA would be:
Everyone
MKTDEPTENT
SYSUSERENT
MKTSYS
and the rights would be:
Everyone Group --> No Access
MKTDEPTENT --> View
SYSUSERENT --> Schedule
MKTSYS --> Schedule
Please note that the Everyone Group does not need to have View access. That said, the Everyone Group does need to be in the access list for FolderA.
Also, while this method of replicating LDAP group structure in BO creates additional administrative work, I am of the opinion that it is a small price to pay to prevent unauthorized access.
Hope this helps,
Srinivas -
UCM 6.1 LDAP Directory Integration
What happen if I enable, and then disable the LDAP Directory Integration?
Do I loose all the users?
I ask because will see how many users there maybe will bee inactive.the new directory sync takes a copy of the directory into the server, so all the users will still be in the directory
you can find more here:
LDAP Directory Integration
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html
HTH
javalenc
if this helps, please rate -
Oracle ADF security integration with Oracle E-Business Suite SDK JAAS
I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
Error 401--Unauthorized
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.2 401 Unauthorized
Any thoughts on why that would be?
Thanks
DanThanks Juan.
With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I access the same page from my integrated weblogic server I see:
[JpsAuth] Check Permission
PolicyContext: [TestApp]
Resource/Target: [untitled1PageDef]
Action: [view]
Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
Result: [FAILED]
Evaluator: [ACC]
Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
Principals=total 2 of principals(
1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
When I review my EAR - I do see jazn-data.xml at:
/META-INF/jazn-data.xml
I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
Thanks.
-Dan -
Portal and Netscape LDAP server integration
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completed the following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Please note I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
during initialization. Exception:java.lang.SecurityException: Authentication for
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)Thanks a lot Scott. I followed your instructions and got it working to a certain
degree. I am pretty happy about the results.
There are still a few issues:
1. I had to create groups and users in my directory server in order to boot up
and logon to the server. This is expected, but is it possible to export these
user/group settings from the embedded LDAP server so that I can import them into
my directory server? Currently, the only way is manual and it's error prone. A
lot of trial and error has to happen to get there.
2. It seems that using Netscape LDAP server only allows read-only access. This
means we have to create new users/groups outside of the portal server and one
other side effect is self-registration is impossible, unless we use custom security
providers. Is this assessment correct? Since LDAP integration is so important,
wouldn't it be nice if BEA have that built-in and all we need to do is to switch
to and configure it?
3. I got duplicate users and groups in compatibility security. Obviously, one
set is from my LDAP server and the other is from the embedded one. I tried to
remove to embedded LDAP authenticator, but the duplicates are still there. How
can I get rid of the duplicates - I only want the ones from my LDAP server?
Thanks again Scott.
Weiguo
Scott Dunbar <[email protected]> wrote:
Weiguo,
WLP 7.0 uses a compatibility realm only and will not work with the
custom realm that you created for the Netscape directory server.
Configuring an LDAP compatibility realm isn't too bad and its
configuration is much like 4.0. However, it can be hard to configure
initially from the console. One way is to shut your server down and
modify config.xml directly - but make sure you make a backup copy first!
Then add something like:
<CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
Name="wlcsCachingRealm"/>
<CustomRealm
ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
user.dn=ou=people,dc=beasys,dc=com;
server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.host=somehost.beasys.com;
group.dn=ou=groups,dc=beasys,dc=com"
Name="myRealm" Password="your_password_here"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
will enable your LDAP server. After this is setup it will be much
easier to configure via the console. Obviously you'll need to update
the parameters above for your configuration.
Weiguo Wang wrote:
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completedthe following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
during initialization. Exception:java.lang.SecurityException: Authenticationfor
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic deniedat
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
scott dunbar bea systems,
inc.
[email protected] boulder, co
303 998 2125 usa
Maybe you are looking for
-
l have a credit of 25 dollars in my account. But when I tried to purchase an in app purchase of 24.99 dollars, insufficient remaining store credit was mentioned?
-
FTPS receiver side - Connection problem:connection timed out: connect
Hi experts, I must connect to an external server to send files with FTPS. I have created receiver CC with connection security: FTPS for control and data connection Command order: TLS, USER, PASS, PBSZ, PROT Connect mode: per file transfer port : 990
-
REP-1818: Unable to read data in image format.
I am using Report Builder 9.0.4.1.0 Oracle ORACLE PL/SQL V9.0.1.5.0 - Production Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 Operating system is Linux Redhat I have a run that produces a report from a table with blobs. I get error REP-1
-
Inbound Delivery not getting transferred to GTS
Hi Experts, We are presently implementing GTS 7.2 Customs Management in my company and we are experiencing this issue. Here are steps completed for the document transfer. 1. GTS plugis are activated for the Inbound Delvieries along with other documen
-
Installing Oracle 9i on Linux Red Hat 7.2
I got the following error when installing Oracle 9i on Linux Red Hat 7.2: Initializing Java Virtual Machine from /tmp/OraInstall/jre/bin/jre. Please wait... jre was not found in /tmp/OraInstall/jre/bin/../bin/i586/green_threads/jre Any ideas how to f