LDAP Security Integration to JSF

I would like to integrate a security system that we use to the JSF project I'm developing. The setting is as follows:
We have a centralized single signon authentication system (OBLIX) that present the user with a login screen. Once the user logs in successfully, the system will direct the user to a url of my choice. The login information, such as user id, will be stored in the request as parameters.
I'm new to JSF. So far I have not have to use any servlets in jsf. All I have done in my application with JSF are backing beans and control beans. The business logic resides in the control beans which invoke the backend model programs (which deals with database etc.).
The question is how to integrate this OBLIX security nicely into my application. Can I have OBLIX direct a successful login to a jsp that triggers a control bean automatically? I need to read off the request parameters to find out who the login user is.
Is this something that should be done with JSF listeners?
Thanks in advance. I hope to hear from you experts soon.

Hi Gary,
maybe get in contact with Scott Spendolini from Sumner Technologies (http://sumnertechnologies.com/), I think these guys have some experience integrating APEX with eBusiness Suite.
Patrick
My APEX Blog: http://inside-apex.blogspot.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

Similar Messages

  • Webcenter dicussion forum - Ldap Group Integration with JSSO

    Hi,
    We want to implement LDAP Group integration for the authorization purposes in
    webcenter Jive Disucussions deployed in our IAS 10.1.3.2 application server.
    Though jive provides support for the same, yet the JIve documentation says
    that we need to implement the JIve's LDAP User authentication steps in order
    to leverage LDAP Groups integration. In case of Webcenter if we use Java SSO
    for the authentication purpose, we need opt for the 'Default' in the Jive
    Admin's authentication page instead of LDAP settings. Opting for 'Default'
    scheme doesn't allow us to configure the LDAP group settings. We are not able
    find any documentation for LDAP Group Integration along with Java SSO. Could
    provide us the steps required for the same? Or has anyone tried the same?
    Thanks and Regards,
    ABhijit

    Hi Abhijit,
    You can ignore 'Default', and implement your own user authentication mechanism, which can include LDAP group settings. You will have to follow:
    - OC4J security documentation for using Java SSO in your own implementation (I think this is the right link - confirm the version numbers - http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/javasso.htm#BABEJFDI)
    - Jive documentation for implementing user authentication
    Navneet.

  • Siebel new LDAP adapter integration with BI Publisher

    Hi All!!
    We have configured our Siebel (8.1.1.3) security adapter with LDAP. BI Publisher is using Siebel security model.
    We had to clone our AOM (fins_esn which is using the security adapter LDAP) to finsxx_esn because we are migrating the AD 2000 to 2008 (we are also changing the domain). The roll out will last 2 month, users will be migrated by branch, it wont be a big bang.
    We have to generate a new LDAP security adapter to authenticate users who are logging to finsxx_esn to the AD 2008 (AD 2008 is on a diferent domain than AD 2000. This is working for application autehtication, no problems found here)
    On a standalone environment report generation is working. But for a distributed environment (1 AOM, 1 NAOM, 1 Web Server) is not working.
    Does anyone knows how to integrate to BI Publisher when you have two LDAP security adapters on Siebel Application? Or is there any authentication method to use instead of "Siebel Security" so as to achieve this?
    Regards

    We actually ran into a similar problem where I work. I created a support web ticket for our issue and the response is that BIP 11G is not supported for integration with Siebel 8.1, or any other version for that matter. Oracle is currently working on a fix to integrated the latest version of Siebel with BIP.
    There advice to me was to downgrade to BIP 10G for the time being.

  • Internal error message configuring LDAP security options in CMC

    After entering LDAP security information in Central Management Console - option authentication, when clicking 'Finish' an error message appears: "internal error in secLdap complement".  How can I solve this problem ?

    Hi,
    Please check that whether you are following the proper steps while configuring the LDAP.
    You can refer the BusinessObjects Admin guide for the configuration:
    http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_bip_admin_en.pdf
    And also, please check troubleshooting section for more information.
    Regards,
    Noor.

  • LDAP Security Realm

    Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
    user name and password. I want to be able to interface this connection to access
    the LDAP and make changes to user information within in the ldap. Right now in
    my code I make a connection to the LDAP and supply the same user name and password
    set up in the LDAP security realm. I want to be able to rather then re-supply
    the URL and user name and password in my code I want to be able to just get that
    (or create a connection simil;ar to a jdbc connection pool) connection to the
    LDAP that configured in the Security Realm. Is this possible? And how would I
    go about it if so?
    Thanks
    Sjb

    the LDAPConnection pool which is used WLS Realm is not accessible to public
    for programming.
    thanks
    kiran
    "Sjb" <[email protected]> wrote in message
    news:3f5744c1$[email protected]..
    >
    Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
    user name and password. I want to be able to interface this connection toaccess
    the LDAP and make changes to user information within in the ldap. Rightnow in
    my code I make a connection to the LDAP and supply the same user name andpassword
    set up in the LDAP security realm. I want to be able to rather thenre-supply
    the URL and user name and password in my code I want to be able to justget that
    (or create a connection simil;ar to a jdbc connection pool) connection tothe
    LDAP that configured in the Security Realm. Is this possible? And howwould I
    go about it if so?
    Thanks
    Sjb

  • LDAP security provider and web service authentication

    Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
    We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
    Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
    Thanks in advance!
    Julia

    Hi,
    Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
    @RolesAllowed({
    @SecurityRole(role="test")
    @Policy(
    uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
    attachToWsdl=true)
    Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken>
    <wsse:Username>test</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
    </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>

  • Using LDAP security in Oracle BI Publisher.

    Hi,
    We have newly set up BIP for an environment and we have enable Oracle BI Server security model and only Administrator and Super user has access to view all BIP reports.
    Now some of the business users want to have access to BIP reports and folders. These Users are having access OBI dashboards through LDAP and Object level security is defined by webgroups coming from Siebel source, they are wishing to navigate from OBI to BIP through Products link.
    In this case, we thought to enable LDAP security model in BIP, but how Administrator Access will work after we enable LDAP security model. There are some BIP reports embedded in OBI dashboards, will they work after enabling LDAP security.
    Please advise.
    Thanks
    Krishna

    Please let me know if someone can help on this.
    Thanks
    Krishna

  • [svn:bz-trunk] 20680: Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7 .

    Revision: 20680
    Revision: 20680
    Author:   [email protected]
    Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
    Log Message:
    Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
    Modified Paths:
        blazeds/trunk/modules/opt/build.xml
    Added Paths:
        blazeds/trunk/modules/opt/lib/catalina-708.jar
        blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

    Revision: 20680
    Revision: 20680
    Author:   [email protected]
    Date:     2011-03-08 08:23:30 -0800 (Tue, 08 Mar 2011)
    Log Message:
    Tomcat 7 Login Module work, due to the Tomcat 7 Security framework change we need to work out the security integration piece for tomcat 7. So far the ValveBase and tomcat Realm had API changes which will impact on the Login integration with Tomcat 7
    Modified Paths:
        blazeds/trunk/modules/opt/build.xml
    Added Paths:
        blazeds/trunk/modules/opt/lib/catalina-708.jar
        blazeds/trunk/modules/opt/src/tomcat/flex/messaging/security/TomcatValve708.java

  • Webcenter dicussion forum - Ldap Group Integration issue

    Hi All,
    I am trying to implement LDAP Group integration in our jive forums 5.1.0 installed in an Oracle IAS 10.1.3.2 server.
    I have followed the steps mentioned in the LDAP documentation and setup the following system properties:
    ldap.groupNameField cn
    ldap.groupMemberField uniquemember
    ldap.groupDescriptionField description
    ldap.groupSearchFilter (cn={0})
    I just restarted the server after setting up these , but the forums instance is not coming up in the server. Throwing the following error:
    08/01/21 14:52:33.550 jiveforums: http://CompressingFilter/1.4.4 CompressingFilter has initialized
    08/01/21 15:23:04.597 jiveforums: Servlet error
    java.io.IOException: An established connection was aborted by the software in your host machine
    at sun.nio.ch.SocketDispatcher.write0(Native Method)
    at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:33)
    at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:104)
    at sun.nio.ch.IOUtil.write(IOUtil.java:75)
    at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:302)
    at java.nio.channels.Channels.write(Channels.java:60)
    at java.nio.channels.Channels.access$000(Channels.java:47)
    at java.nio.channels.Channels$1.write(Channels.java:134)
    at com.evermind.server.http.AJPOutputStream.endRequest(AJPOutputStream.java:117)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:309)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:190)
    at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
    at java.lang.Thread.run(Thread.java:595)
    08/01/21 15:25:59.956 jiveforums: Exception thrown during contextDestroyed
    java.lang.ExceptionInInitializerError
    at com.jivesoftware.forum.database.DbForumFactory.getAttachmentManager(DbForumFactory.java:798)
    at com.jivesoftware.forum.database.DbForumFactory.destroy(DbForumFactory.java:410)
    at com.jivesoftware.forum.database.DbForumFactory.shutdown(DbForumFactory.java:381)
    at com.jivesoftware.forum.util.ForumsLifeCycleListener.contextDestroyed(ForumsLifeCycleListener.java:88)
    at com.evermind.server.http.HttpApplication.destroyContextListeners(HttpApplication.java:5877)
    at com.evermind.server.http.HttpApplication.destroy(HttpApplication.java:5843)
    at com.evermind.server.http.HttpSite.destroy(HttpSite.java:877)
    at com.evermind.server.http.HttpServer.destroy(HttpServer.java:548)
    at com.evermind.server.ApplicationServer.destroy(ApplicationServer.java:2030)
    at com.evermind.server.ApplicationServerShutdownHandler.run(ApplicationServerShutdownHandler.java:93)
    at java.lang.Thread.run(Thread.java:595)
    Caused by: java.lang.IllegalStateException: Timer already cancelled.
    at java.util.Timer.sched(Timer.java:354)
    at java.util.Timer.scheduleAtFixedRate(Timer.java:296)
    at com.jivesoftware.util.TaskEngine.scheduleTask(TaskEngine.java:218)
    at com.jivesoftware.util.TaskEngine.scheduleTask(TaskEngine.java:202)
    at com.jivesoftware.forum.database.DbAttachmentManager.<init>(DbAttachmentManager.java:160)
    at com.jivesoftware.forum.database.DbAttachmentManager.<clinit>(DbAttachmentManager.java:48)
    Can anyone please throw a light?
    Thanks and regards,
    ABhijit

    Hi Guneet,
    We are using jive 5.5.9 instead of 5.1.0 that comes with webcenter.
    Also we are just trying to validate the JIve's authorization scheme so didn't integrate the Java SSO part. Jive forum is just a standalone OC4J instance in the IAS server and we are using the LDAP configuration in the User,Groups Authentication page instead or default which is required for Java SSO.
    Thanks,
    ABhijit

  • J2ee Security methods in JSF

    Is it possible to bind to J2ee Security methods in JSF pages, like request.getUserPrincipal() or request.isUserInRole("rolename)?

    Hi,
    actually you can use EL if you create a method in a managed bean to check for a specific role membership. Reference the method - which returns true or false - from EL. Note that EL cannot have arguments and for this reason you cannot directly pass in role names as argumens
    Frank

  • Steps for portal and Microsoft LDAP server integration

    Hi,
    Could any one guide me steps for portal and Microsoft LDAP server integration. Need it urgently.
    Thanks in advance.
    Regards,
    Niraj

    Please don't cross post in multiple forums..

  • Understanding LDAP Security Groups - Need assistance...

    Hi,
    Can someone walk me through a simple step-by-step outline of how to adjust LDAP security groups so that they work properly with report objects and folders.  I've added a number of LDAP groups to our server and see the user accounts in them but am having difficulty understanding how to apply these groups to the right folders and have access behave correctly.  As an example I have a couple groups where a few users are in LDAP under MKTDEPT and others are under SYSUSR.  A few users are in both.  I want to give MKTDEPT view rights to a folder whereas SYSUSR gets schedule rights.  I'm having an issue with teh Everyone group in that I have to set it to at least 'view' for anyone to see anything.  This is even though the MKTDEPT and SYSUSER user security is set lower.  So what's the best approach to get this to work right?  Any steps or documents that could help me out would be terrific.
    Thanks,
    Dom

    Dominic,
    Most of the information you need is in the Administration Guide.
    That said, here's how I would do it:
    Lets say MKTDEPT has users A,B,C,D,E and SYSUSER has users B,C,D,H,J. Lets call the folder you want to assign rights to as (rather unimaginatively) FolderA.
    For FolderA, set the following rights.
    Everyone Group --> No Access
    MKTDEPT --> View
    SYSUSER --> Schedule
    The problem now is dealing with users that belong to both group. For this, I would create a new (Enterprise) group called MKTSYS and add the common users to that group. This group would get Schedule rights to FolderA.
    Also, as a practice, it is best to create Enterprise copies of your LDAP groups (especially since you have users that can belong to multiple LDAP groups). So, you would have
    *MKTDEPTENT which contains users in the MKTDEPT LDAP group.
    SYSUSERENT  which contains users in the SYSUSER LDAP group.*
    I would then add these groups to the list of groups with access to FolderA.
    So, the list of groups with access to FolderA would be:
    Everyone
    MKTDEPTENT
    SYSUSERENT 
    MKTSYS
    and the rights would be:
    Everyone Group --> No Access
    MKTDEPTENT --> View
    SYSUSERENT --> Schedule
    MKTSYS --> Schedule
    Please note that the Everyone Group does not need to have View access. That said, the Everyone Group does need to be in the access list for FolderA.
    Also, while this method of replicating LDAP group structure in BO creates additional administrative work, I am of the opinion that it is a small price to pay to prevent unauthorized access.
    Hope this helps,
    Srinivas

  • UCM 6.1 LDAP Directory Integration

    What happen if I enable, and then disable the LDAP Directory Integration?
    Do I loose all the users?
    I ask because will see how many users there maybe will bee inactive.

    the new directory sync takes a copy of the directory into the server, so all the users will still be in the directory
    you can find more here:
    LDAP Directory Integration
    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/directry.html
    HTH
    javalenc
    if this helps, please rate

  • Oracle ADF security integration with Oracle E-Business Suite SDK JAAS

    I have an Oracle ADF 11.1.2.2 application that is using ADF security for authentication and authorization.
    When we deploy this application to our JDeveloper integrated weblogic server, we utilize the security setting of "Custom" and use weblogic users and roles to map to the ADF application roles. In that environment our security is working properly.
    I have a Weblogic 10.3.5 standalone server that has the ADF runtime installed as well as the Oracle E-Business Suite SDK JAAS implementation installed.
    When I deploy the Oracle ADF application to the standalone weblogic server, I am directed to the JAAS login page when I attempt to access any JSF page (including those that I have granted View access through the anonymous-role. Does the Oracle ADF anonymous-role work (allow for anonymous page access) when JAAS security is handled by the Oracle E-Business Suite SDK JAAS implementation?
    Per the SDK instructions, when we install the Oracle ADF deployment on Weblogic we have selected "DD only" for our security setting. We have defined enterprise roles in the Oracle ADF security setup (jazn-data.xml) that are assigned the appropriate application roles. Those enterprise roles have the same name (i.e. UMX|YOURROLE) as the E-Business Suite roles that are assigned to our test users. When we login with an E-Business Suite user / password we are receiving an error:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    Any thoughts on why that would be?
    Thanks
    Dan

    Thanks Juan.
    With the debugging options enabled it appears the issue is not an issue with the user / role credentials - it seems like the resource grants from jazn-data.xml are not being reviewed in my standalone weblogic instance EAR deployment:
    [JpsAuth] Check Permission
    PolicyContext: [TestApp]
    Resource/Target: [untitled1PageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
    Result: [FAILED]
    Evaluator: [ACC]
    Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
    CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
    Principals=total 2 of principals(
    1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
    2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
    When I access the same page from my integrated weblogic server I see:
    [JpsAuth] Check Permission
    PolicyContext: [TestApp]
    Resource/Target: [untitled1PageDef]
    Action: [view]
    Permission Class: [oracle.adf.share.security.authorization.RegionPermission]
    Result: [FAILED]
    Evaluator: [ACC]
    Failed ProtectionDomain:ClassLoader=sun.misc.Launcher$AppClassLoader@13f5d07
    CodeSource=file:/app/oracle/product/Middleware/oracle_common/modules/oracle.adf.share_11.1.1/adf-share-support.jar
    Principals=total 2 of principals(
    1. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousUserImpl "anonymous" GUID=null DN=null
    2. JpsPrincipal: oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl "anonymous-role" GUID=null DN=null)
    When I review my EAR - I do see jazn-data.xml at:
    /META-INF/jazn-data.xml
    I will review the system-jazn-data.xml to see if the policy information has been migrated properly as part of the EAR deployment.
    Thanks.
    -Dan

  • Portal and Netscape LDAP server integration

    Hi,
    I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
    having lots of trouble doing that.
    I've followed the instructions in the developer guide and completed the following
    steps:
    1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
    and modified the entries to fit my environment.
    2. Deployed ldapprofile.jar and customized the env variables.
    After these two steps, nothing happened. Then I did the third step:
    3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
    default realm for the server.
    However, after step 3, I wasn't able to boot weblogic server. Please note I have
    create two users, system and weblogic in my LDAP server.
    I copied the stack trace below. Any suggestions will be greatly appreciated.
    Weiguo
    C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
    -Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
    -Dweblogic.Name=portalDemoServer
    -Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
    assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
    lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
    weblogic.Server
    <Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
    from user.>
    Enter username to boot WebLogic server:weblogic
    Enter password to boot WebLogic server:
    Starting WebLogic Server...
    <Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
    C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
    was found on server portalDemoServer for realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
    using realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
    during initialization. Exception:java.lang.SecurityException: Authentication for
    user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied at
    weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    >
    <Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
    in
    itialize the server: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    >
    The WebLogic Server did not start up properly.
    Exception raised:
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    Reason: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)

    Thanks a lot Scott. I followed your instructions and got it working to a certain
    degree. I am pretty happy about the results.
    There are still a few issues:
    1. I had to create groups and users in my directory server in order to boot up
    and logon to the server. This is expected, but is it possible to export these
    user/group settings from the embedded LDAP server so that I can import them into
    my directory server? Currently, the only way is manual and it's error prone. A
    lot of trial and error has to happen to get there.
    2. It seems that using Netscape LDAP server only allows read-only access. This
    means we have to create new users/groups outside of the portal server and one
    other side effect is self-registration is impossible, unless we use custom security
    providers. Is this assessment correct? Since LDAP integration is so important,
    wouldn't it be nice if BEA have that built-in and all we need to do is to switch
    to and configure it?
    3. I got duplicate users and groups in compatibility security. Obviously, one
    set is from my LDAP server and the other is from the embedded one. I tried to
    remove to embedded LDAP authenticator, but the duplicates are still there. How
    can I get rid of the duplicates - I only want the ones from my LDAP server?
    Thanks again Scott.
    Weiguo
    Scott Dunbar <[email protected]> wrote:
    Weiguo,
    WLP 7.0 uses a compatibility realm only and will not work with the
    custom realm that you created for the Netscape directory server.
    Configuring an LDAP compatibility realm isn't too bad and its
    configuration is much like 4.0. However, it can be hard to configure
    initially from the console. One way is to shut your server down and
    modify config.xml directly - but make sure you make a backup copy first!
    Then add something like:
    <CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
    Name="wlcsCachingRealm"/>
    <CustomRealm
    ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
    user.dn=ou=people,dc=beasys,dc=com;
    server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
    membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
    group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
    server.host=somehost.beasys.com;
    group.dn=ou=groups,dc=beasys,dc=com"
    Name="myRealm" Password="your_password_here"
    RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
    will enable your LDAP server. After this is setup it will be much
    easier to configure via the console. Obviously you'll need to update
    the parameters above for your configuration.
    Weiguo Wang wrote:
    Hi,
    I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
    having lots of trouble doing that.
    I've followed the instructions in the developer guide and completedthe following
    steps:
    1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
    and modified the entries to fit my environment.
    2. Deployed ldapprofile.jar and customized the env variables.
    After these two steps, nothing happened. Then I did the third step:
    3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
    default realm for the server.
    However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
    create two users, system and weblogic in my LDAP server.
    I copied the stack trace below. Any suggestions will be greatly appreciated.
    Weiguo
    C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
    -Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
    -Dweblogic.Name=portalDemoServer
    -Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
    assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
    lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
    weblogic.Server
    <Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
    from user.>
    Enter username to boot WebLogic server:weblogic
    Enter password to boot WebLogic server:
    Starting WebLogic Server...
    <Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
    C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
    was found on server portalDemoServer for realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
    using realm CompatibilityRealm.>
    <Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
    during initialization. Exception:java.lang.SecurityException: Authenticationfor
    user weblogic denied
    java.lang.SecurityException: Authentication for user weblogic deniedat
    weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    <Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
    in
    itialize the server: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    The WebLogic Server did not start up properly.
    Exception raised:
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    Reason: Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
    java.lang.SecurityException: Authentication for user weblogic denied
    at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
    SecurityServiceManager.java:1028)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
    erviceManager.java:1166)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
    at weblogic.Server.main(Server.java:32)
    scott dunbar bea systems,
    inc.
    [email protected] boulder, co
    303 998 2125 usa

Maybe you are looking for