Providing datasource for authentication in weblogic
Hi, I am facing a problem of authentication of user from weblogic when weblogic have mulitple datasources
My weblogic server have two data sources one is pmr and second is hr I have created two authentication providers one is using hr as data source and second is using pmr as datasource.
Now i have two applications one is pmrApp and second is hrApp.
Now I want to apply security on both application in such a way that hrApp user should be authenticated from hr datasource and pmrApp user from pmr datasource
because there will be a chance that both datasources contains two users with same user names. In this conditions weblogic should know that which user should be authenticated from which database
Please help me
Edited by: Rao on May 8, 2012 12:25 PM
apply security on both application in such a way that hrApp user should be authenticated from hr datasource and pmrApp user from pmr datasourceIt is not possible in WebLogic. The whole WLS security realm is common for all the deployed applications, so you cannot configure some application to use only some of the authentication providers. Even if you configure 2 different security realms, only one of them will be active. The only option you have is to create 2 separate WebLogic domains :(
Dimitar
Similar Messages
-
Add gridlink datasource to Multi Datasource for failover in weblogic
We have a RAC installation for which I have configured a Gridlink datasource. Also we have a single node DB which is used as a failover database in case RAC is down.
Now I want to configure a Multi Datasource so that I can add the Gridlink datasource as well as the Generic Datasource in the Multi Datasource and configure it for failover. But when I create the Multi Datasource, I do not see the option to add Gridlink datasource to Multidatasource.
Can you please suggest what can be done to add the gridlink datasource to multidatasource? If this is not possible, then how can the Generic single node data source be configured as a failover datasource in case the Gridlink Datasource is down.
Thanks in advanceWhat is the problem you are trying to address? Is the issue the availability/non-availability of your RAC database? It may make sense to focus on this first.
The normal use case for Multi Data Source is failover or load balancing between nodes of a highly available database, such as RAC which keeps data synchronised.
I am not sure if using a Multi Data Source across Oracle RAC and a non RAC database is supported. If the intention is to provide a HA solution, you will need to have a data synchronisation solution as well. As this is what Oracle RAC does, we come back to my opening question.........
I assume that Multi Data Sources cannot include Gridlink and non-Gridlink sources for these reasons and also because Gridlink is intended as a replacement for Multi Data Sources, providing better failover, load balancing and performance.
Hope this is helpful
Mark -
Issue in configuring Datasource for Oracle DB 7 in weblogic 10.3 ( Urgent )
Hi Gurus,
We are trying to connect to a oracle db 7 instance from the oracle 11g SOA suite .
I am not able to create a datasource for this DB instance .fails when getting invoked .
<Apr 13, 2011 2:34:49 PM BST> <Error> <Console> <BEA-240003> <Console encountered the following error java.lang.NullPointerException
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1101)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:303)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:640)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:205)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:35)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:554)
at com.bea.console.utils.jdbc.JDBCUtils.testConnection(JDBCUtils.java:505)
at com.bea.console.actions.jdbc.datasources.createjdbcdatasource.CreateJDBCDataSource.testConnectionConfiguration(Cre
ateJDBCDataSource.java:458)
Any clues to fix the issue.
I added the ojdbc14.jar to the file and modified the weblogic.xml to use the
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>
</container-descriptor>
but getting the exception :
<S:Body>
<S:Fault xmlns:ns4="http://www.w3.org/2003/05/soap-envelope">
<faultcode>S:Server</faultcode>
<faultstring>oracle/i18n/text/converter/CharacterConverterOGS.getInstance(I)Loracle/sql/converter/CharacterConverters;</faultstring>
<detail>
<ns2:exception xmlns:ns2="http://jax-ws.dev.java.net/" class="java.lang.NoSuchMethodError" note="To disable this feature, set com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace system property to false">
<message>oracle/i18n/text/converter/CharacterConverterOGS.getInstance(I)Loracle/sql/converter/CharacterConverters;</message>
<ns2:stackTrace>
Added the orai18n-*.jar files got the following Exception :
ORA-01010:Invalid OCI operation
Any help.....
Rgds
Vamsi
Edited by: Kewlntrendy on 13-Apr-2011 08:34
Edited by: Kewlntrendy on 13-Apr-2011 09:27I doubt that Oracle 7 DB is not supported. You may consider raising a SR with support.
Regards,
Anuj -
Does Weblogic server 9.2 provide support for CRL checking
Does Weblogic server 9.2 provide support for CRL checking?
No, but you can create a custom CertPath provider for your own implementation.
Mike
Weblogic/J2EE Security Blog: http://monduke.com -
How to find table name which provide data for the DataSource
Hi friends,
How to find the Table name which providing data for the Business content DataSources (Master Data). Is there any table or Transation which give datasource and Table name at once.
Thanks&Regards
RevathiHi Revathi...........
1)If the datasource is extracting data from any table.................open the datasource using RSO2..........there u will get the table name......
2) If the datasource is extracting data from any view.............go to RSA2..........copy the view name..........go to SE11 >> give the view name >> and check..........
3) If Datasource is Function module based............then u hav to check in RSA2 >> give the datasource name >> execute >> there u will find the Extract structure name......Copy the Extract Structure name >> Go to SE11 >> in the Data Element field give the Extract structure name >> Display >> From the Entry Help/Check tab u can get the Table name............
If u double click on the Extractor..............u will get the Function Module..............from there also u can check that the FM extracting data from which tables............
For Other datasources also...........u can get the structure name from here........
4) If the Datasources r LO datasources............then u can get the table name in LBWE.............LO extractor - goto transaction LBWE.................... Select the maintenance link for your datasource............
here in the right hand pane.........in the drop down box, you can see the structures associated with this extractor ........ just remove the MC for the structure names to get the base table names. e.g. EKKO for MCEKKO.
5) There is a pattern for the Extract structure name for LO datasources.............for an example..........
DataSource 2LIS_11_VAITM ......Extract structure name is MC11VA0ITM
2LIS_11_VAHDR >> MC11VA0HDR
Hope this helps.........
Regards,
Debjani....... -
XE Datasource for Weblogic 10.3?
Am attempting to create a XE JDBC datasource for WebLogic 10.3.
Where do I find the driver for this database?
Are there any 'tricks' to configuring this datasource?
THANKS - CaseyThe Oracle JDBC drivers supplied with WebLogic 10.3 are for Oracle 11 and compatible with Oracle 10. Oracle XE is a stripped down Oracle 10.2. Therefore no need to install the Oracle XE specific JDBC drivers.
--olaf -
Hooking LDAP with Weblogic for Authentication
I have a lot of users in an LDAP-Directory and I would like to map this directory to a Website on my Weblogic instance.
Now, I've added LDAP into my Security Realm in Weblogic, what do i add to the web.xml ? Is this sufficient?
Do I need to change anyting else in my Weblogic configuration than adding OpenLDAP Support in Authentication?
Thanks!HI Tim,
Yes LDAP can be used trough SAP BP CMS (BO authentication).
That's means all the users has to be imported into CMS and after that BPC is using for authentication BO certificate to authenticate to CMS.
So you have also SSO.
You don't need Active directory in this case.
Any way BPC is still working also with Microsoft Active directory without CMS but you have to decide what kind of authentication satisfy better customer requirements.
You can use or Microsoft Active Directory or CMS but you cannot use both in the same time.
Kind Regards
Sorin Radulescu -
LDAP security authentication in weblogic sp4 (URGENT)
We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
1. Created a Realm
2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
a. filter attributes = cn=$subj.cn
b. username attribute = cn
c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
4. created a new Weblogic Default Authorizer...
5. created a new Weblogic Default Role Mapper...
6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
7. I made this realm as the DEFAULT realm and started the server
I get the following exception.
Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
at weblogic.Server.main(Server.java:32)
>
####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
Waiting for response.
thanks in advance
kiranHi Christoper,
Based on your description, this seems to be more of a security related question than a workshop one.
Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
with information on service pack installed
Thanks
Raj -
Setting up LDAP for authentication to portal:default property set named "ldap
Hi
I am trying to implement the LDAP authentication to WebLogic Portal .Iam went
thru the docmentation ( http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
mentions using the default property set named "ldap" and deploying ldapprofile.jar.My
quenstion is:
-Is there a way to look into the property using EBCC
- Apart from deploying,configuring the ldapprofile.jar,do I have to do any additional
steps in order to make my portal(say,stockportal) authenticate users from LDAP?
-If a create my own portal,should I create a similar "ldap" property set?If so,how.
Any suggestions/help is appreciated.Thanks
- MikeThanks Dave.
"David Anderson" <[email protected]> wrote:
You should be able to view the property set for LDAP through the EBCC
if you
have the propertysetws.jar installed in your Portal domain. This provides
the ability for the EBCC to retrieve property set information from your
server.
Dave
"mike" <[email protected]> wrote in message
news:[email protected]...
Hi Adrian
Thank you for the pointers.Much appreciate it.However,one questionstill
persists.
What is the significance of the property set "ldap" mentioned in the
document(http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).Where
does this property set feature vis-a-vis setting up LDAP securityrealm;does it
mater prior to/after the setting up as mentioned in the document pointeryou just
gave .
Is it sufficinet that i follow the procedure to set up the LDAP oris
there more
to post setting,like creating a property set (similar to "ldap" orcloning
it)
apaprt frpom deploying ldapprofile.jar.
Thanks.
- Mike
"Adrian Fletcher" <[email protected]> wrote:
Mike,
The documentation that covers LDAP authentication is listed under
Weblogic
Server rather than Weblogic Portal.
See Configuring the LDAP Security Realm in Managing Security
(http://e-docs.bea.com/wls/docs61////adminguide/cnfgsec.html#1071872)
Also take a look at the FAQ - Why can't I boot WebLogic Server whenusing
the LDAP Security Realm?
(http://e-docs.bea.com/wls/docs61//faq/security.html#25833)
Hope this helps,
Sincerely,
Adrian.
Adrian Fletcher.
Senior Software Engineer,
BEA Systems, Inc.
Boulder, CO.
email: [email protected]
"mike" <[email protected]> wrote in message
news:[email protected]...
Hi
I am trying to implement the LDAP authentication to WebLogic Portal.Iam
went
thru the docmentation
http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
mentions using the default property set named "ldap" and deployingldapprofile.jar.My
quenstion is:
-Is there a way to look into the property using EBCC
- Apart from deploying,configuring the ldapprofile.jar,do I have
to
do any
additional
steps in order to make my portal(say,stockportal) authenticate usersfrom
LDAP?
-If a create my own portal,should I create a similar "ldap" propertyset?If so,how.
Any suggestions/help is appreciated.Thanks
- Mike -
RDBMS Authentication in Weblogic Portal console 8.1 (SP5)
HI,
I have configured RDBMSBased authentication for oracle in Weblogic portal console 8.1.For Authenticating thru code,do i need to write any custom authentication for RDBMS or Is there any default authenticator?
Regards,
SenthilHi subha,
Thanks for ur reply.
U meant to say that i need to create RDBMSBeased Authentication provider for oracle in the existing myRealm. This RDBMS authenticator is one of the authenticator in the Authenticator list.Am i correct?
I have certain issues regarding this type of config:
1)If i create a user thru program,where does it go? either embaddedLDAP or oracle database
2)Since point base not used in production,we have to use oracle for Authentication as well as Autherization server.
In the default configuration, user preferences are stored in point base database but it should go to oracle.
Is it possible to redirect to oracle?
What i had done that I have created new Realm where i configured RDBMSBased authenticator. Using this config, can i do Authentication as well as Authorization?
Pls suggest.
Regards,
Senthil -
SSL Authentication in weblogic 5.1
Hi
I am using SSL in my weblogic application. So that it asks for the username and
password while startup. But now i want to mention the username and password in
weblogic.properties file itself. So that the client need not have to provide the
username and password. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
sivaHi Michael
I am using SSL in my application. So that it asks for the certificate username
and password while startup. But now i want to mention the username and password
in weblogic.properties file itself. So that the client need not have to provide
the username and password everytime. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva
Michael Young <[email protected]> wrote:
Hi.
It's not 100% clear to me what you are asking for. Do you want authentication
turned off for
your application? That will certainly turn off prompting for authentication
information. You
can set your ACL for your application (in your properties file) to allow
everyone to execute
it. Something like:
weblogic.allow.execute.<myApplication>=everyone
But maybe you want some kind of silent authentication so that not everyone
can execute your
app? I suppose you could pass authentication info in a cookie. I really
don't know enough
about your application, though.
I suggest you post this question in weblogic.developer.interest.security
- you have a better
chance of getting an answer there for security related questions.
Hope this helps.
Michael
siva wrote:
Hi all,
I have the following requirements. I have an application which asksfor the authentication
information like username and password at first. The application isrunning in
weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
the username and password so that the application will not ask forin the browser.
please help. It's urgent.
with regds
siva--
Developer Relations Engineer
BEA Support -
Authentication in weblogic 5.1
Hi all,
I have the following requirements. I have an application which asks for the authentication
information like username and password at first. The application is running in
weblogic5.1 server. Is there a way where in weblogic.properties file, i mention
the username and password so that the application will not ask for in the browser.
please help. It's urgent.
with regds
sivaHi Michael
I am using SSL in my application. So that it asks for the certificate username
and password while startup. But now i want to mention the username and password
in weblogic.properties file itself. So that the client need not have to provide
the username and password everytime. I am using weblogic server 5.1 version.
How do i do this?
Hope my question is clear. Please help.
with regds
siva
Michael Young <[email protected]> wrote:
Hi.
It's not 100% clear to me what you are asking for. Do you want authentication
turned off for
your application? That will certainly turn off prompting for authentication
information. You
can set your ACL for your application (in your properties file) to allow
everyone to execute
it. Something like:
weblogic.allow.execute.<myApplication>=everyone
But maybe you want some kind of silent authentication so that not everyone
can execute your
app? I suppose you could pass authentication info in a cookie. I really
don't know enough
about your application, though.
I suggest you post this question in weblogic.developer.interest.security
- you have a better
chance of getting an answer there for security related questions.
Hope this helps.
Michael
siva wrote:
Hi all,
I have the following requirements. I have an application which asksfor the authentication
information like username and password at first. The application isrunning in
weblogic5.1 server. Is there a way where in weblogic.properties file,i mention
the username and password so that the application will not ask forin the browser.
please help. It's urgent.
with regds
siva--
Developer Relations Engineer
BEA Support -
Active Directory Authentication in Weblogic 8.1
Hi,
We want to do authentication from Microsoft Active Directory using weblogic 8.1.
I have created a Active directory and
configured weblogic from console to use it. But it is still not working. Your
help with these question would be highly
appreciated.
1. Is there anyone in group who have tried this before. Please let me know how
to proceed.
2. Is there any tool by which I can get to know the different attribute asked
for configuration in Weblogic?
3. I am not able to login to my application after configuration. Is there any
other way to come to know whether it is working
or not?
There could be plethora of reason but nothing which can come to my mind. Everything
seems to be configured correctly. Here is
portion of my config.xml related with authentication:
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Security GuestDisabled="false" Name="vendavo-dev"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
=myrealmADAuthenticator"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.pk.DefaultKeyStore
Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
DisplayName="ADAuthenticator" FollowReferrals="false"
GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
Name="Security:Name=myrealmADAuthenticator"
Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
</Security>
First, of all is it possible to use Active Directory authentication in Weblogic
without writing any custom code. If yes, how?
Thanks in advance,
Amit TyagiAmit,
We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
and downs though.
|
|
1) First, make sure you are sending right LDAP queries to AD. To verify this,
we used free 3rd party LDAP browser from Softerra. There is also java based free
browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
Play with your LDAP settings using this and make sure AD is returning the right
data.
|
2) AD has some default settings that makes it return only the top 1000 users.
Use ntdsutil.exe to modify these default settings
|
3) AD needs to have the right set of users and groups. To configure this, refer
to WLS docs. This is very well documented in WLS docs. Also refer to this article
http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
reference
|
4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
another product AD/AM (AD in Application Mode) in combination with MIIS server.
But if you are using sp2, you shouldn't be worry about this.
|
5) In your providers, you might want to get rid of the DefaultAuthentication provider,
once you are able to establish a connection with your ActiveDirectoryAuthentication
provider. The DefaultAuthentication provider causes some problems and does not
let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
investgated the root of this prob. When we deleted DefaultAuthentication provider,
everything worked normally - so we didn't really care that much :-)
|
6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
your are able to authenticate talk to your AD.
|
These are the ones I could think of. Hope this helps..
Regards,
Anant
"Amit" <[email protected]> wrote:
>
Hi,
We want to do authentication from Microsoft Active Directory using weblogic
8.1.
I have created a Active directory and
configured weblogic from console to use it. But it is still not working.
Your
help with these question would be highly
appreciated.
1. Is there anyone in group who have tried this before. Please let me
know how
to proceed.
2. Is there any tool by which I can get to know the different attribute
asked
for configuration in Weblogic?
3. I am not able to login to my application after configuration. Is there
any
other way to come to know whether it is working
or not?
There could be plethora of reason but nothing which can come to my mind.
Everything
seems to be configured correctly. Here is
portion of my config.xml related with authentication:
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<Security GuestDisabled="false" Name="vendavo-dev"
PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true">
<weblogic.security.providers.authentication.DefaultAuthenticator
ControlFlag="SUFFICIENT"
Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.DefaultIdentityAsserter
ActiveTypes="AuthenticatedUser"
Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultRoleMapper
Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAuthorizer
Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authorization.DefaultAdjudicator
Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.credentials.DefaultCredentialMapper
Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
<weblogic.management.security.authentication.UserLockoutManager
Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
<weblogic.management.security.Realm
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
=myrealmADAuthenticator"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true" DisplayName="myrealm"
Name="Security:Name=myrealm"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
<weblogic.security.providers.pk.DefaultKeyStore
Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
DisplayName="ADAuthenticator" FollowReferrals="false"
GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
Name="Security:Name=myrealmADAuthenticator"
Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
</Security>
First, of all is it possible to use Active Directory authentication in
Weblogic
without writing any custom code. If yes, how?
Thanks in advance,
Amit Tyagi -
Authentication in weblogic portal server 8.1 sp2 using external LDAP
Hi,
I am trying to use external LDAP for authentication.
I have configured the ActiveDirectoryAuthenticator giving the necessary
values
( and added
"-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
ator" in startWeblgoic.cmd )
and can see the users and the groups from my LDAP provider in the admin
console and in the admin portal's "users and groups".
A set of users are given permission to access the restricted site and those
users are visible in the global role with the permission.
The web.xml is configured for BASIC auth-method, and the role is
<externally-defined/> in weblogic.xml.
Now when I access a restricted page, I am shown a dialog prompt to key in
the username and password.
Even when I key in the valid credentials, the restricted page is not shown
and an "Unauthorized xxx" 401 access error is thrown.
Any clue, on what i am missing.?
Please let me know if any suggestion / idea.
Regards,
Arun.Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
Brad -
DataSource for Replicated Database
Hi, first, of all, I don't know if this forum is the right place to post my question, so sorry for bothering you!
I'm working in a project where I'm thinking about using two Oracle databases one replicating the other. I read somewhere that this using Multimaster Replication is a good way to obtain more availability. But I don't know how to create a DataSource in OC4J that can use both databases and choose the one that's not down. If I were using Weblogic, I could create a connection pool for each database, and then create a MultiPool that uses the already created pools.
I don't know if I miss something in the documentation of Multimaster Replication, but I don't see how to create a single point of access for the Replicated databases, and neither how to create a DataSource for OC4J that can access more than one database. I'm totally new in Oracle world! Perhaps it isn't the better way to obtain more availabilty, perhaps I need to use a third component to provide a single point of access for the databases. I really don't know!
Thanks in advance,
RGBRoberto,
Multi-master replication is for distributed datbase. The best thing to have a better database availability is 9i Real Application Cluster.
Please follow http://otn.oracle.com/products/oracle9i/content.html to read more about RAC.
regards
Debu
Maybe you are looking for
-
Creating a Macro with Adobe Acrobat X v.10.0.0 HELP!
Hello, I am new to Adobe and was wondering if there is a way to create a macro for my situation. I am recording voting decisions from a pdf into an excel spreadsheet. I need to go through multiple pdf files and find the pages where votes have taken p
-
Garageband has detected a midi timeout
Garageband takes a long, long time to open and then when it does, I get this error message about midi timeout. Garageband eventually does open, but it says that there are no Apple loops installed. What's going on?
-
Block direct logon to satellite system
Dear friends, I am working with Sol Man 4.0 SP12. I have connected R/3 with Sol Man. The user ID has been created in Sol Man As well as in R/3. (In both the systems the user ID is same) Now the user can logon to R/3 system via Sol Man (T-RFC role
-
Hi, I have implemented ESS & MSS in EP6.0. I have modified some ESS services in R/3 SAP4.7 and created IACs in Portal and it is working fine.For MSS services i implemented the std services and hence no customization needed.I know BSP programming and
-
Hi; Do we have any solution for Nokia E51, (S60) Thanks Anand