License for implementation of Kerberos in Weblogic server

Hi All,
We have to implement Kerberos in our ADF application in oracle 11g release. I want to know if there is any additional licensing requirement to use Kerberos with Weblogic server?
Thanks
Tinto Chacko

Hello Tinto,
We configured Kerberos SSO for one of the client site, don't re collect that we had to do anything with licensing. It's always better to check with the Licensing teams/sales teams from oracle for this kind of questions. As the licensing terms varies.
Thanks,
Rajiv.

Similar Messages

  • Problems unwrapping SPNEGO token for Single Signon (SSO) in WebLogic Server

    First of all, a quick description of our issue. We’ve tried many different things, but cannot get WebLogic to unwrap the SPNEGO token so it authenticates using Kerberos. We received several errors while trying to debug, here’s the one we see most:
    KDC has no support for encryption type (14)
    But we doubt it has anything to do with the encryption type, as these are set correctly everywhere.
    We’ve tried following some of the instructions on the BEA website (which contain several errors).
    One of them was also adding a host/ SPN (in krb5login.conf) but then, when using HTTP/ SPN we get the following error (it seems with multiple SPN’s it only takes the first or last SPN that was set):
    Client not found in Kerberos database (6)
    Next try was using the host/ SPN but that results in the following error:
    Integrity check on decrypted field failed (31)
    We’ve tried changing the default_enctypes in KRB5.INI (We’ve removed the entries, and also tried only DESCBC_MD5 and DES_CBC_CRC) but that did not change the behaviour.
    We’ve tried adding the AllowTGTSessionKey registry key on client and server, but that didn’t change it either.
    We are not sure what details you need for this to debug, so here’s what we’ve done to install the environment (please note that ip-addresses, domain, client and server names are made up and are different in real-life),
    We have two domains:
    Domain1 (DOMAIN1.COM) contains:
    Domain Controller      “AD1”      with IP 192.168.0.1
    Domain Controller      “AD2”      with IP 192.168.1.1
    Client           “Client1”      with IP 192.168.2.1
    Domain2 (DOMAIN2.COM) contains:
    Domain Controller      “AD3”      with IP 10.0.0.1
    Server (WebLogic)     “Server1”      with IP 10.0.1.2
    Between Domain1 and Domain2 a firewall exists in which we’ve opened the relevant ports like LDAP (TCP 389), Kerberos (UDP 88), WebLogic (7001/7002).We do not see any firewall blocks on other ports…
    We’ve configured AD1 (Microsoft AD with KDC) as follows:
    1. Account “SSOAccountAD” created
    2. Password never expires
    3. DES encryption on
    4. Do not require Kerberos preauthentication off
    5. Password “Password” was reset several times
    6. ServicePrincipalName was set using this
        setspn -A HTTP/Server1.DOMAIN1.COM SSOAccountAD7. ServicePrincipalName on AD1 was checked (and found to be ok) using this command:
        setspn -L SSOAccountAD8. KTPass was executed:
    ktpass -princ HTTP/[email protected] -mapuser SSOAccountAD -pass Password9. User Logon name was checked, it's set to "HTTP/Server1"
    10. ServicePrincipalName on AD2 was checked (and found to be ok) using this command:
    setspn -L SSOAccountADWe’ve configured the WebLogic Server (Server1) as follows:
    1. LDAP authentication was activated and test ok
    2. Single Pass Negotiate Identity Asserter was created with Chosen Type “Authorization”
    3. KRB5.INI file was created and added to %windir% (and C:\WINNT folder to be able to test with Java ktab and kinit which do not look in the %windir% folder):
    [libdefaults]
    default_realm = DOMAIN1.COM
    dns_lookup_realm = false
    dns_lookup_kdc = false
    default_tkt_enctypes=DES-CBC-CRC
    default_tgs_enctypes=DES-CBC-CRC
    [realms]
    DOMAIN1.COM = {
    kdc = 192.168.0.1
    admin_server = 192.168.0.1
    default_domain = DOMAIN1.COM
    [domain_realm]
    .domain1.com = DOMAIN1.COM
    domain1.com = DOMAIN1.COM
    [appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true4. We’ve installed JDK 1.5.0.12: jdk-1_5_0_12-windows-i586-p.exe
    5. Keytab File was created (with password “Password”):
    ktab -k SSOKeyTabFile -a HTTP/[email protected]. Keytab File and Kerberos communication was tested using:
    kinit -k -t SSOKeyTabFile HTTP/[email protected]. Keytab File and Kerberos communication was tested using Java (incl. Debugging):
    java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit -k -t SSOKeyTabFile HTTP/[email protected]. Keytab was listed:
    java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Klist9. SSOKeyTabFile was copied to the WebLogic ProductionDomain folder
    10. The krb5login.conf file was created and copied to the WebLogic ProductionDomain folder:
    com.sun.security.jgss.initiate {
         com.sun.security.auth.module.Krb5LoginModule required
         principal="HTTP/[email protected]" useKeyTab=true
         keyTab=SSOKeyTabFile storeKey=true debug=true;
    com.sun.security.jgss.accept {
         com.sun.security.auth.module.Krb5LoginModule required
         principal=" HTTP/[email protected] " useKeyTab=true
         keyTab=SSOKeyTabFile storeKey=true debug=true;
    };11. WebLogic service and startWeblogic.cmd were modified with the following parameters:
    -Djava.security.krb5.realm=DOMAIN1.COM
    -Djava.security.krb5.kdc=192.168.0.1
    -Djava.security.auth.login.config=<ProductionFolder>\krb5login.conf
    -Djavax.security.auth.useSubjectCredsOnly=false
    -Dweblogic.security.enableNegotiate=true
    -DDebugSecurityAdjudicator=true
    -Dweblogic.debug.DebugSecurityAtn=true
    -Dweblogic.debug.DebugSecurityAtz=true
    -Dweblogic.Debug.DebugSecurityATN=true
    -Dweblogic.StdoutSeverityLevel=64
    -Dweblogic.StdoutDebugEnabled=true
    For the client pc (Client1) we’ve checked the browser settings:
         Automatic Logon only in Intranet Zone
         Enable Integrated Windows Authentication
    On the client we’ve used “kerbtray.exe” to see whether a kerberos token is created, and it is (although with the full domain name, HTTP/Server1.domain1.com).
    We’ve checked for Kerberos communication with Wireshark and see that the client does communicate, and passes the SPNEGO token to the WebLogic server, but we do not see any Kerberos communication on the WebLogic server. The server simply requests Authorisation again…
    If required we have the full wireshark traces of the WebLogic Server and the Client. We also have very detailed WebLogic tracing which I can provide.
    Any thoughts?
    Kind Regards,
    Nika.

    It turned out to be solved by removing the SSOAccount in AD and recreating it (including re-setting the password, which had already been done several times).
    Regards,
    Nika.

  • Does license for SOA Suite 11g include application server

    I am looking through the SOA 11g release information and it does not appear to include a license for the WebLogic server. Can anyone confirm that I need to license the appropriate WebLogic 11g base to run SOA Suite 11g on separately. I wish I could find a definitive statement about this on the Oracle web site or in documentation.

    Good point. There used to be some (licensing) clarity in the sense that Oracle's middleware applications (i.e. things higher in the middleware food chain) required the underlying Oracle stack and thus the embedded license scenario.
    Perhaps (and somewhat ironically) the situation gets more cloudy now that OFM is really and truly "hot pluggable" (i.e. in the sense you can run on other vendor or OSS containers for instance).
    Architecturally, I respect Oracle's Hot Pluggable stance and think it's the right thing to do, but practically-speaking I always advise use of Oracle's container etc. because that is naturally where the development and most intense QA and support occurs. This is not to say that Oracle doesn't support other hosting options well, only that the laws of physics (still) apply.
    Todd

  • Problem to deploy to a WebService interface for ADF Business Components to Weblogic Server

    Hi,
      I'm trying to deploy a custom application ,in which i have exposed ADF Business Components through a WebService interface, to a standalone weblogic server.
    Application Module is configured with a Service Interface for ordinary ViewObjects.
    Now I want to create a EAR file of this application to deploy it on the weblogic server.
    But I got an error while deploying it.The error i am getting is shown below.
    ERROR: No Java EE modules detected in EAR archive. Deployment aborted. == (oracle.jdevimpl.deploy.ear.WeblogicAssembler)
    I have followed the steps mention in the below link :
    http://technology.amis.nl/2010/12/29/quickly-creating-reploying-and-testing-a-webservice-interface-for-adf-business-components/
    I'm using Jdeveloper 11.1.2.4 on windows.
    Please suggest what i could be doing wrong.
    Regards,
    Himanshu

    Does the deployment profile include Java EE modules?
    Refer
    Java EE Developer: ERROR: No j2ee modules detected in EAR archive. Deployment aborted. == (oracle.jdeveloper.deploy.Veto…

  • How to add support for new JDBC Drivers in WebLogic Server?

    Hi!
    I am using WebLogic Server 10.
    As we know,WebLogic Server contains some jdbc drivers itself,but if we want to use another drivers besides them,what can we do?(I am using Oracle 11g,but WebLogic Server 10 doesn't contain JDBC support for it.)
    Just copy the .jar files of the drivers to the directoty "WL_HOME/server/lib" or need to configure something else?
    Thanks!
    Huang

    Hi!
    I am using WebLogic Server 10.
    As we know,WebLogic Server contains some jdbc drivers itself,but if we want to use another drivers besides them,what can we do?(I am using Oracle 11g,but WebLogic Server 10 doesn't contain JDBC support for it.)
    Just copy the .jar files of the drivers to the directoty "WL_HOME/server/lib" or need to configure something else?
    Thanks!
    Huang

  • Security tools for audit and penetration testing weblogic server 10.3.5.0 and other

    hi all
    is it possible please introduce me the best softwares for auditing and penetration testing on weblogic server 10.3.5 (scan the machine for finding vulnerabilities and unsecured configuration in web logic server)
    thanks for your attention
    good luck

    This is a good one
    IBM developerWorks : Download : IBM Security AppScan V8.8

  • License for XE Client and non-XE server

    Hi,
    I want to use the XE Client to access a non-XE server. The license agreement states:
    Any use of the Oracle Database Express Edition is subject to the following limitations;
    1. Express Edition is limited to a single instance on any server;
    2. Express Edition may be installed on a multiple CPU server, but may only be executed on one processor in any server;
    3. Express Edition may only be used to support up to 4GB of user data (not including Express Edition system data);
    4. Express Edition may use up to 1 GB RAM of available memory.
    Does that mean that I cannot use the XE Client for accessing a non-XE database?
    Or can I freely distribute the XE Client together with my application?
    Thanks,
    Nils-Olof Wilske

    Here's the way I'd read it:
    The XE client is freely distributable, but the intentions are that you're using that with the XE-server.
    If your non-XE server is licensed by the processor, I don't think Oracle cares which kind of client you use with it. If your non-XE server is licensed by the named user, you would still need to have licenses for those connections, no matter which client they were using, whether it be XE, Instant, Standard, etc.
    You can't use the XE client to get around named user licensing requirements.
    Was that the intended question, or was it strictly a question about distributing the client with your applications?
    ~Jer

  • How can i set a path for my deployment files in weblogic server 10.3

    Hi
    How can i set the path for my WAR ,JAR files while deploying.i am using the wls10.3 version.
    is there any scripts for this ,please provide me.
    my Application is ADF 11g application.

    By "path", I assume you mean "classpath".
    The simplest way is simply to include the jars you need inside the web application or web module's WEB-INF/lib directory, EJB module's META-INF/lib directory, or EAR lib directory.
    If that's not practical, if you use NodeManager to start your servers, you can go to the "Server Start" tab in the server definition in the WebLogic console and edit the "Classpath" field, which defaults to no value. You can specify a classpath value there. Note that if you specify a value there, it REPLACES the default classpath for the server, it doesn't add to it. If you need to just add to it (a much more likely scenario), if the value references the value "$CLASSPATH" in it, that will reference the original classpath value that the server would have had.
    So, for instance, if you wanted to include the MQ jars in the server classpath, you could set a value like this:
    /usr/java/mq/lib/mq.jar:/usr/java/mq/lib/mqstuff.jar:$CLASSPATH

  • Licensing for Forms Application (Database and Application Server)

    I was going to give Oracle a call, but I wanted to run this buy you guys before I did so.
    I am a developer trying to find a niche creating a custom software application. I have two ideas (partially developed), but before I continue, I want to determine the costs to my target customer/audience.
    The application is Forms and Reports based (Oracle 6i). I can deploy the application as the 6i runtime clients, or I can migrate the application to Oracle Forms 10g. In both of those deployments, what would be the cost to me? From what I understand, please correct me if I am wrong, but it appears that I will have the following costs:
    Product (quantity) = Cost / ALS
    Oracle Developer license (1) = $460 / $102
    Oracle Database - standard edition one (5 users) = $900 / $200
    If web deployment:
    Oracle Application Server - standard edition one (5 users) = $900 / $200
    So $2260 for web deployment (5 users) and $1360 for client/server (5 user) application - Is that correct? I am trying to write customized applications for the mom and pop shops in my area. There is no way they will even consider paying that kind of money for my application (the above prices does not include any profit for me, either - ugh!).
    What options do I have (if any)?
    Thanks in advance for your feedback,
    Mike
    Edited by: user639843 on Oct 27, 2008 12:56 PM

    Hi Mike,
    Please call up the Oracle Embedded Business Unit or the associated rep in your area. They will help you with the right licensing options.
    If you let me know which country you are in, I can point you to the right person too.
    Regards
    BALAJI T

  • SPLA licensing for Virtual Machines & Microsoft Hyper-V Server 2012 R2 ( Free Edition )

    How to report Virtual machines running on Microsoft Hyper-V Server 2012 R2 ( Free Edition ). Please see the below details.
    I have Server with Xeon E5450 (1 Socket , 4 Cores & 4 Logical Processors)and running Microsoft Hyper-V Server 2012 R2( Free Edition) on it Now I have created some VPS with different config
    including virtual processors. My question is how many licence i have to report and core os is free. 
    Akshay Pate

    Hi Akshay Pate,
    Hyper-V Server 2012 is a FREE (yes, completely free!) purpose-built product that includes the core of Windows Server 2012 and Hyper-V. 
    The result is a streamlined Type-1 hypervisor that is optimized for remote management and provides the same virtualization scalability and high availability features as the Hyper-V role in the full version of Windows Server - including up to 320 logical
    processors per Hyper-V host, up to 4TB of physical memory, Live Migration, Storage Migration, Virtual Machine Replication, Clustering and more!
    More detail information please refer the following article:
    Building a Private Cloud VM Compute Foundation with the FREE Hyper-V Server 2012
    http://blogs.technet.com/b/keithmayer/archive/2013/04/05/getting-started-with-hyper-v-server-2012-hyperv-virtualization-itpro.aspx
    I’m glad to be of help to you!
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • License for multi-core CPU on SQL Server Express

    I would like to know is it Legal to use SQL Server Express 2008 R2 / 2012
    on a machine using 6 cores CPU(e.g.Xeon E5-2440).
    Thank you.

    SQL Express 2012 will USE a maximum of 4 cores, but there's nothing preventing you running on a server with more cores than that, it simply won't use those additional 2 cores.
    For the limitations of the different versions of SQL Server 2012 see
    http://msdn.microsoft.com/en-us/library/cc645993(v=SQL.110).aspx#CrossBoxScale
    I can't remember the exact situation with 2008 R2 unfortunately. From
    http://msdn.microsoft.com/en-us/library/cc645993(v=sql.105).aspx#Scalability you'll see it's listed simply as being limited to 1 CPU with no mention of cores, so it MIGHT be the case that it will use all of that one physical CPU, but can't remember if that's
    definitely the case or not.

  • Weblogic server giving error , at the time of implementing log4j

    i have implemented log4j logging in weblogic server 11 g release , when i am copying log4j.jar in DOMAIN_HOME/lib folder server is not getting started instead its throwing following error
    [6:57:44 PM] Girish A Patil: <Aug 7, 2012 6:56:02 PM IST> <Critical> <WebLogicServer> <BEA-000386> <Server su
    bsystem failed. Reason: java.lang.NoSuchMethodError: com.bea.logging.LogBufferHa
    ndler.getServerLogBufferHandler()Lcom/bea/logging/LogBufferHandler;
    java.lang.NoSuchMethodError: com.bea.logging.LogBufferHandler.getServerLogBuffer
    Handler()Lcom/bea/logging/LogBufferHandler;
    at weblogic.logging.log4j.JDKLog4jAdapterFactory.createAndInitializeServ
    erLogger(JDKLog4jAdapterFactory.java:82)
    at weblogic.logging.ServerLoggingInitializer.initializeServerLogging(Ser
    verLoggingInitializer.java:50)
    at weblogic.diagnostics.lifecycle.ServerLoggingLifecycleImpl.initialize(
    ServerLoggingLifecycleImpl.java:43)
    at weblogic.diagnostics.lifecycle.DiagnosticFoundationService.start(Diag
    nosticFoundationService.java:108)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    Truncated. see log file for complete stacktrace
    The WebLogic Server encountered a critical failure
    Reason: Assertion violated
    Exception in thread "main" java.lang.NoClassDefFoundError: Could not initialize
    class weblogic.protocol.ServerIdentityManager$Initializer
    at weblogic.protocol.ServerIdentityManager.findServerIdentity(ServerIden
    tityManager.java:64)
    at weblogic.protocol.URLManager.findAdministrationURL(URLManager.java:17
    3)
    at weblogic.server.ServerLifeCycleRuntime.getLifeCycleOperationsRemote(S
    erverLifeCycleRuntime.java:1078)
    at weblogic.t3.srvr.ServerRuntime.sendStateToAdminServer(ServerRuntime.j
    ava:429)
    at weblogic.t3.srvr.ServerRuntime.updateRunState(ServerRuntime.java:415)
    at weblogic.t3.srvr.T3Srvr.setState(T3Srvr.java:206)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:482)
    at weblogic.Server.main(Server.java:71)
    please specify how to get rid of this error
    Regards
    Mayur Mitkari

    [Transfer SQL Server Objects Task] Error: Execution failed with the following error: "Invalid filegroup
    'SFG_1_Application' specified.".
    Hello Niraj,
    Seems in the source database a filegroup is used, which is not available in the Destination database.
    Olaf Helper
    [ Blog] [ Xing] [ MVP]

  • How to increase the time for threadstuck jdeveloper weblogic server

    Hi,
    This is a requirement for increasing the time for threastuck detection in jdeveloper weblogic server.
    Few of my threads take a longer time than the default value for threastuck detection.
    Could you please share the suggestions on how to do it?
    i have tried by creating workmanager from the administration console but not aware of how to apply it to application(in web.xml).
    Share inputs on this.
    Thanks,
    Devender

    You are posting this on the wrong forum. All this in one of the server forums.
    Timo

  • Need Sample Request for Proposal(RFP) for Weblogic Server

    Hi,
    I need Request for Proposal (RFP) document of Weblogic server 11g preferably. please guide.
    Regards,
    Noman

    I encourage you to contact your local account team. Depending on your location, you should be able to find out that is by using the support sales number.
    http://www.oracle.com/us/corporate/contact/index.htm

  • Weblogic server for caldera

    how can I access weblogic server download for caldera ?

    Hi,
    Oracle WebLogic Server Downloads can be found at http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html
    I believe Oracle WebLogic Server is not certified yet on Windows 7 64-bit, and this explains why you cannot find installation files to download. More details about the product certification can be found at:
    Oracle Certification Matrix
    http://www.oracle.com/technology/support/metalink/index.html
    Regards,
    Hussein

Maybe you are looking for

  • Resolution problems with LR4 and Blurb

    I am using RAW files and trying to make a Blurb book with full bleed pages. The warning indicator keeps prompting me that the resolution is less than the 200ppi minimum needed for the full size page.  I thought with RAW files I would have plenty of d

  • Formatting a string with time stamp and double precision numbers

    %s\t%f\r%f This is a format string that I have in old code that I've decided to change.  Problem is I cannot make sense of the string codes in my own old code! Let me explain what I want, and hopefully someone can explain how to do it. I am using the

  • Best fit line

    regarding a graph made from spreadsheet data... how do i make a best fit line to a set of points? also, is there a way to find the slope and intercept of this line? Thank you!

  • Iphone pics to website

    How do I upload pics from my iPhone after changing the pixels in Photoshop so that the picture doesn't squash when uploaded to the website? I have no problem using the same method with my SLR pics. What do I have to do different for iPhone pics?

  • Problems downloading an ebook

    Hi! I have a problem downloading a ebook on my device. I bought a book from an online bookstore and I have it on my adobe digital editions shelf but it does not let me copy it to my device. When I try to do so, it tells me the pc is not authorized to