Reorder weblogic authentication providers

Similar Messages

• Wbelogic 12c Server - wlst script to reorder Authentication Providers

  Does anyone know the jython commands  to set/reorder to Authentication Providers?

  Example script:
        edit()
        startEdit()
        # if needed create your authentication provider first
        cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm')
        cmo.createAuthenticationProvider('XYZ_Authenticator', 'com.xyz.providers.authentication.XYZ_Authenticator')
         # configure if needed
        cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/XYZ_Authenticator')
        set('Debug','true')
        set('ControlFlag','SUFFICIENT')
        # reorder
        cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm')
        set('AuthenticationProviders',jarray.array([ObjectName('Security:Name=myrealmXYZ_Authenticator'), ObjectName('Security:Name=myrealmDefaultAuthenticator'), ObjectName('Security:Name=myrealmDefaultIdentityAsserter')], ObjectName))
        save()
        activate()
  See also:  Advanced WebLogic Server Automation: Administration and Monitoring with WLST and JMX
  Advanced WebLogic Server Automation: Administration and Monitoring with WLST and JMX (Oracle In-Focus Series) (Volume 46…

• OBIEE 11g -  Weblogic Authentication Denied

  Hello All,
  I did install OBIEE 11g 11.1.1.3.3 in my personal PC which has windows XP SP3 and I did choose "Enterprise Installation" as an option.
  Before installing this I did install the Loop Back Adapter and also set the IP address in the Host file ( 10.10.10.10 Mycomputername mycompany.com).
  Installation went through very much fine no errors at all. Analytics page was opened after the installation and When I gave the weblogic Credentials it was Unable to sign in.
  When I tried to login to Weblogic Console it says "Authentication Denied".
  Checked the services Weblogic Node manager started but Oracle Process Manager(instance1) did not start (1053 the service couldn't start in a timely fashion).
  Then I tried to StartBIServices from Start-> Allprograms->Oracle Business Intelligence gave Weblogic Credentials .... 2 cmd prompts were opened and all services are started and also the anlaytics page was opened and gave the credentials again same error "Unable to sign in" and agin tried to login to weblogic the same error "Authentication Denied". This is really strange....
  I thought this is something to do with rebooting the system after installation. So I restarted the system and started the services Weblogic Node Manager and Oracle Process Manager (instance1).
  This time both of them were started.
  Again tried to start the BI services Start-> Allprograms->Oracle Business Intelligence , gave the credentials ... this time only one cmd prompt was opened and it says weblogic authentication denied and its forcefully shut down and Other cmd prompt stopped at WLS.alive...
  Here is the Detail Log from Adminserver.log:
  <Apr 18, 2011 12:34:57 AM PDT> <Critical> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097109> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
  weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
       at weblogic.security.SecurityService.start(SecurityService.java:141)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
       at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
       at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
       at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy22.login(Unknown Source)
       at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:91)
       at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
       at $Proxy40.authenticate(Unknown Source)
       at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
       at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
       at weblogic.security.SecurityService.start(SecurityService.java:141)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  >
  ####<Apr 18, 2011 12:34:57 AM PDT> <Notice> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097156> <BEA-000365> <Server state changed to FAILED>
  ####<Apr 18, 2011 12:34:57 AM PDT> <Error> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097156> <BEA-000383> <A critical service failed. The server will shut itself down>
  ####<Apr 18, 2011 12:34:57 AM PDT> <Notice> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097156> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  ####<Apr 18, 2011 12:34:57 AM PDT> <Info> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097172> <BEA-000236> <Stopping execute threads.>
  Checked the Opmnctl Status through cmd prmpt:
  coreapplication-obiccs1 - Alive
  coreapplication-obisch1 - Alive
  coreapplication-obijh1 - Alive
  coreapplication-obips1 - Alive
  coreapplication-obis1 - Alive
  I dont know if the weblogic user or password got corrupted ............???
  So I tried to reset the password by adding the Boot.properties file in the following path:
  C:\OBIEE11gfmw\user_projects\domains\bifoundation_domain\servers\AdminServer\security
  giving username=weblogic
  password =password123 in the file but no use still the same error.
  Did anybody got the same error ?
  Please help me.....
  Thanks in Advance...
  Regards
  Kanna
  Edited by: Kanna on Apr 18, 2011 1:14 AM
  Edited by: Kanna on Apr 18, 2011 10:45 AM

  Yes, but my username and password was simple and straight its weblogic/password123...
  Do you guys know how to reset the weblogic Admin password ?
  I want to try to debug this error first...... If I couldn't get any help anyhow I am going to Deinstall...
  but this shouldn't be the case evrytime.... because we are facing the same problem in our company ...Where we installed 11g in one of our DEV environments...
  There should be a some solution for this problem...
  Is there anything that I am doing wrong?
  Do I need to provide more information from Logs to understand the problem?
  Thanks
  Kanna

• Portal Admin Tool & order of Authentication Providers

  For our app, we use two LDAP authentication providers that point to different LDAP
  repositories.
  Both of them have been configured to have the JAAS flag - OPTIONAL. When the order
  is ProviderA and ProviderB (in WLS Console), the authentication works in Portal
  Admin Tool. But when the order is reversed to ProviderB and ProviderA, it throws
  profileNotFound error and the Portal Admin Tool bombs.
  Since both of the providers have been configured to OPTIONAL, shouldn't the order
  of the providers be immaterial?
  Is this a problem with the Portal Administration Tool?
  Thanks,
  James

  Is this a different problem, then? The ProfileNotFound exception comes only
  after
  authentication succeeds. If you are on SP2, it makes me wonder if the
  credentials
  for weblogic are in both providers and are different (different password)?
  Also, can you tell me which authorizer and role mapper providers you are
  using?
  -Phil
  "James Spencer" <[email protected]> wrote in message
  news:[email protected]...
  >
  Phil,
  We are on SP2. The problem I am having is, the weblogic admin user -weblogic
  - is not able to authenticate in Portal Admin Tool depending upon theorder of
  the providers.
  I thought the authentication for Multiple providers should work in SP2,irrespective
  of the order.
  I read about the users/groups page works only for the first auth provider.
  James
  "Phil Griffin" <BEA> wrote:
  You're right, the order should be immaterial. The problem is the
  portal admin tools (and runtime profile location) rely on a
  userExists() call succeeding against a single (default) ATN provider.
  There is a number of ways to specify which provider this is - see Javadoc
  for getProviderMBean for a description.
  http://edocs.bea.com/wlp/docs81/javadoc/com/bea/p13n/usermgmt/RealmHelper.h
  tml#getProviderMBean
  >>
  Better yet, SP2 includes a fix which automatically allows all providers
  to
  be
  checked. The Portal Admin tools still only operate against a singledefault
  provider
  (to edit users/groups), until SP3.
  -Phil
  "James Spencer" <[email protected]> wrote in message
  news:[email protected]...
  For our app, we use two LDAP authentication providers that point todifferent LDAP
  repositories.
  Both of them have been configured to have the JAAS flag - OPTIONAL.When
  the order
  is ProviderA and ProviderB (in WLS Console), the authentication worksin
  Portal
  Admin Tool. But when the order is reversed to ProviderB and ProviderA,it
  throws
  profileNotFound error and the Portal Admin Tool bombs.
  Since both of the providers have been configured to OPTIONAL, shouldn'tthe order
  of the providers be immaterial?
  Is this a problem with the Portal Administration Tool?
  Thanks,
  James

• Multiple authentication providers for the same identity store?

  We are on WebLogic Server 11g PS5 and in the middle of configuring the authentication providers.
  Turns out we an Active Directory instance where we have two distinct User Base DNs we would like to use, without overlap, but they share the Group Base DN.
  What is the best practice to configure this? I think we could use the parent DN, but that would basically include the whole of the directory for users and groups, will that impact performance?

  Hi Alexandre,
  You might find this helpful - http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32420/v2authen.htm#BABJCHEJ. The text "suppose the user requests a resource that is protected by a form-based authentication scheme that redirects the user to a form with several options for logging in. When the user selects a login method on the form, he or she is again redirected, this time to a form containing a certificate-based authentication scheme." suggests that what you want to achieve is possible. If you do get this configured and working the way you want, can you please share with the forum?
  -Vinod

• Weblogic Authentication problems

  I successfully configured security on weblogic but when ever I try to login weblogic authenticate the user and redirect on the welcome page but with an exception like
  <JpsIdentityManagementProvider> <getIdmUserList> WARN_NO_USERS_PATTERN
  oracle.security.idm.ObjectNotFoundException: No User found matching the criteria
  at oracle.security.idm.providers.stdldap.util.DirectSearchResponse.initSearch(DirectSearchResponse.java:174)
  at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:52)
  at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:43)
  at oracle.security.idm.providers.stdldap.util.LDAPRealm.searchUsers(LDAPRealm.java:489)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.search(LDIdentityStore.java:274)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUsers(LDIdentityStore.java:367)
  at oracle.adf.share.security.providers.jps.JpsIdentityManagementProvider.getIdmUserList(JpsIdentityManagementProvider.java:505)
  at oracle.adf.share.security.providers.jps.JpsIdentityManagementProvider.getUserProfileList(JpsIdentityManagementProvider.java:386)
  at oracle.adf.share.security.identitymanagement.UserManager.getUserProfileList(UserManager.java:314)
  at oracle.adf.share.security.identitymanagement.UserProfile.initialize(UserProfile.java:91)
  at oracle.adf.share.security.identitymanagement.UserProfile.<init>(UserProfile.java:81)
  at oracle.adf.share.security.providers.jps.JpsSecurityContext.getUserProfile(JpsSecurityContext.java:115)
  at oracle.adf.share.ADFContext.getEnterpriseId(ADFContext.java:850)
  at oracle.adfinternal.controller.util.LogUtils.getApplicationName(LogUtils.java:392)
  at oracle.adfinternal.controller.util.LogUtils.gotApplicationName(LogUtils.java:384)
  at oracle.adfinternal.controller.util.LogUtils.getTimer(LogUtils.java:161)
  at oracle.adfinternal.controller.util.LogUtils.getTimer(LogUtils.java:209)
  at oracle.adfinternal.controller.metadata.MetadataServiceImpl.initializePageFlow(MetadataServiceImpl.java:374)
  at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getPerUserCache(MetadataServiceImpl.java:355)
  at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getPerUserCache(MetadataServiceImpl.java:324)
  at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getAdfPageFlow(MetadataServiceImpl.java:180)
  at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getPageFlow(MetadataServiceImpl.java:434)
  at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getActivity(MetadataServiceImpl.java:169)
  at oracle.adfinternal.controller.state.ViewPortContextImpl.getPhysicalURI(ViewPortContextImpl.java:1097)
  at oracle.adfinternal.controller.application.AdfcPageResolver.getPhysicalURI(AdfcPageResolver.java:75)
  at oracle.adf.controller.faces.lifecycle.Utils.getPagePathFromViewId(Utils.java:44)
  at oracle.adfinternal.controller.application.model.UpdateBindingListener.setBindingELVariable(UpdateBindingListener.java:108)
  at oracle.adfinternal.controller.application.model.UpdateBindingListener.beforePhase(UpdateBindingListener.java:61)
  at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.beforePhase(ADFLifecycleImpl.java:550)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchBeforeEvent(LifecycleImpl.java:100)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchBeforePagePhaseEvent(LifecycleImpl.java:147)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchBeforePagePhaseEvent(ADFPhaseListener.java:119)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.beforePhase(ADFPhaseListener.java:63)
  at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.beforePhase(ADFLifecyclePhaseListener.java:44)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:319)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:204)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:173)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:121)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
  at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
  at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  what is this and why this exception occur and how can i solve this problem

  In my opinion you can ignore the message (if your application works correctly). I have seen similar messages in the log of one of our applications, although the application continued working properly. I think that this message might appear only if you have used some non-LDAP authentication provider. I think that the JPS Identity Store service is trying to get the user's profile but as far as this service may work only against LDAP-based authentication providers, it is not able to find the authenticated user in its store (because the user's account is not stored in an LDAP store).
  You may have a look also at this thread: {thread:id=2161110}
  Dimitar

• Login Modules-Authentication Providers

  Are LoginModules embedded in Authentication
  Providers for Weblogic 8.1 ga or do we require to write one ?

  Siddhartha <[email protected]> wrote:
  Are LoginModules embedded in Authentication
  Providers for Weblogic 8.1 ga or do we require to write one ?If you're extending AuthenticationProvider you need to implement the method
  public AppConfigurationEntry getLoginModuleConfiguration()
  Where the AppConfigurationEntry constructor takes the following parameters:
  <YourLoginModule>.class.getName(),
  AppConfigurationEntry.LoginModuleControlFlag.(REQUIRED|SUFFICIENT etc)
  java.util.Map
  The docs at:
  http://edocs.bea.com/wls/docs81/dvspisec/index.html
  and
  http://edocs.bea.com/wls/docs81/dvspisec/atn.html#1182704
  The latter has code examples for LoginModules as well as the implementation of
  AuthenticationProvider.
  Hope this helps!
  You don't happen to know how to deploy an EJB to the Weblogic Server Console -
  ie: my AuthenticationProvider relies on an EJB - do you?
  Best wishes,
  Michael

• Authentication Providers

  Please let me know whether Authentication Providers which are in security -> realm of weblogic 8.1 contain LoginModules embedded in them or we have to write one ?

  Please let me know whether Authentication Providers which are in security -> realm of weblogic 8.1 contain LoginModules embedded in them or we have to write one ?

• How to get the identity claim encoding types of windows and forms authentication providers using API?

  Hi,
  We have to get all the claims providers associated with a web application and its identity claim encoding type using API.
  For example:
  If the identity claim of windows authentication is user name and the user name is a string, then we should get
  "i:0#.w".
  If the identity claim of forms authentication is
  email and the provider name is "fba" , then we should get "i:0!.f|fba|".
  The below link shows us to get all claims providers associated with a web application, but how do we get the identity claim encoding type of each provider?
  http://msdn.microsoft.com/en-us/library/gg650432(v=office.14).aspx#SP_WCP_Tip3
  using (SPSite theSite = new SPSite("http://someContosoUrl"))
  // Get the web application.
      SPWebApplication wa = theSite.WebApplication;
      // Get the zone for the site.
      SPUrlZone theZone = theSite.Zone;
      // Get the settings that are associated with the zone.
      SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
      // Get the list of authentication providers that are associated with the zone.
      foreach (SPAuthenticationProvider prov in
          theSettings.ClaimsAuthenticationProviders)
      {   // Need to get the identity claims encoding type using the SPAuthenticationProvider
  Is windows authentication's identity claim encoding type always i.0#.w or the identity claim is always the user name?
  Thanks & Regards,
  Kalai.

  If the requirement is to be able to convert claim identities to windows identities that can be used with other LOB/legacy application that still relies on NTLM/Windows Auth, then I would recommend to explore C2WTS.
  Here are some references:
  http://msdn.microsoft.com/en-us/library/office/ee539739(v=office.14).aspx
  http://blah.winsmarts.com/2013-11-Use_C2WTS_to_get_a_classic_windows_identity_from_a_claims_identity.aspx
  http://henrymcclain.blogspot.in/2013/05/claims-to-windows-token-service-c2wts.html
  http://blogs.msdn.com/b/rodneyviana/archive/2011/02/20/claims-to-windows-token-service-c2wts-may-not-start-automatically-when-you-reboot-your-server-don-t-blame-sharepoint-for-that.aspx
  http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx
  Thanks!
  These postings are provided "AS IS" with no warranties, and confers no rights.

• OWSM 11g : Authentication Providers for X.509 and SAML policies

  Hi All,
  I am currently trying to implement the X.509 and SAML policies. As per the documentation for these polices I need to configure an authentication provider(or Identity Assertion provider) that can handle perimeter authentication via the NameCallback. I had configured an authentication provider(default authentication provider) that handled the namecallback and passwordcallback. What I can't figure out is how do these two authentication providers differs. And, incase one has to configure for the X.509 and SAML policies how to do the same.
  Any pointers will be useful. Especially, from anyone who has worked and implemented the above policies.
  Thanks in advance.
  Edited by: Shomit Sahdev on ८ अप्रैल, २०१० १२:२५ पूर्वाह्न

  After research by Oracle Support it actually turns out that this problem was a combination of factors:
  1) some clients were effectively using an invalid certificate so it is corrrect they got an error and everything worked fine when they started using the right certificate
  2) it does, however, turn out that, in the case of an error the error handling has been obfuscated in WLS 10.3.6 as compared to WLS 10.3.4 which gives a more descriptive error stating the nature of the problem (missing certificate, invalid certificate, unknown user, ...). Apparently this was deemed a security issue and has thus been replaced by a generic "internal server error". It is however possible to re-activate this older behaviour using a couple of JAVA_OPTS that you pass during server startup:
  -Dweblogic.wsee.security.debug=true -Dweblogic.wsee.security.verbose=true
  The above reintroduced the behaviour we had in WLS 10.3.4 and thus solves our problem!

• Weblogic Authentication Pop-up issue

  Hi,
  I have a problem with one of our application.
  We have the portal application deployed on weblogic which is authenticated by OAM/OIM.
  During the authentication process(after Putting the username and password) if the user click some where in the page weblogic authentication pop up window is thrown,
  The Http header shows
  WWW-Authenticate: Basic realm="WebLogic Server"
  And user need to clear the session cookies and relogin to access the application
  Had disabled the enforce-valid-basic-auth-credentials in weblogic security configuration, but that doesnt help
  <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
  Any suggestion on this

  The Pop up window appears during the login phase if the user clicks the back button or stop button or clicking some links on portal
  Thanks

• Consume 3rd party authentication (providers) in SP13

  I have a situation where I should have multiple authentications for my SP13 farm.
  1. Since Claims is dominant in SP13, how can I integrate different (multiple) authentications? I am not clear on how claims works internally :(
  2. How users from different authentication types can be grouped into SharePoint specific groups?
  - GEM

  Hi GEM,
  1.Claims-based authentication is more general authentication mechanism that allows users to authenticate on external systems that provide asking system with claims about user. For how claims-based authentication works, you can have a look at the blog:
  http://www.c-sharpcorner.com/UploadFile/Ashush/authentication-methods-in-sharepoint-2013/
  For integrating multiple authentication methods in claims based web application, you can refer to the blog:
  http://www.dotnetspark.com/kb/2845-configuring-multiple-authentication-providers.aspx
  2.For adding users from diffferent authentication types into SharePoint groups, there is no special steps. Because with claims-based identities, a user obtains a digitally signed security token from a commonly trusted identity provider. The token contains
  a set of claims. Each claim represents a specific item of data about a user such as his or her name, group memberships, and role on the network. Claims-based authentication is user authentication that uses claims-based identity technologies and infrastructure.
  Applications that support claims-based authentication obtain a security token from a user, rather than credentials, and use the information within the claims to determine access to resources.
  Reference:
  http://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Authentication providers for TACACS+ and RADIUS

  Does anyone supply WLS 8.1 authentication providers for TACACS+ and/or
  RADIUS?
  Ben

  So in the ACS network config you add 2 NASes (or should that be NASi?)
  One is of type TACACS+, enter the device ip and secret. The other is RADIUS - unless you need to use some vendor specific trickery you could stick with IETF RADIUS to keep it simple. Again enter the IP and the secret.
  Assuming you a have at least 1 user in say, the default group (acs group 0) you then need to do some basic setup. In ACS a single group can have both RADIUS and TACACS+ config :-)
  RADIUS will pretty much default to PPP anyway, but you should still set the Service-Type to Framed and set session timeouts etc.
  With T+ you tick the boxes for the services that are allowed. For SSH login you might have to define a custom service first (under interface config)
  Suggest you first take time to scan through the ACS docs.

• Using SqlProvider and Weblogic authenticator in my own login page

  Hi All,
  I want to use SqlProvider of weblogic server for authentication of users. For the said purpose I have made necessary steps in weblogic server console. now i want to use it in my own login page and authenticate user based on sqlProvider and wls.
  Can u suggest me what to do? or where do I move next ?

  Add ADF Security to your application.
  - Add the groups (the ones in your WLS) to 'Enterprise roles' (use the same name).
  - Define your 'Application Roles' (the roles you want to use in your application) and add the corresponding Enterprise roles to it.
  - Set the resource grants
  That should be it.

• How to use LanguageMap attribute for Authentication Providers?

  Hi all,
  I couldn't find a BEA MBean-specific forum, so I'll post this here and hope you can point me to the correct people to talk to.
  We're developing an Authentication provider for WebLogic 8.1. We would like to have our Authentication Provider MBean support multiple languages. I've experimented with the LanguageMap attribute but with no success. Has anybody been able to get these to work?
  The spec states that the path should be fully qualified, which I take to mean that it needs to be an absolute path. I found this to be a bit unreasonable but tried it nonetheless. Unfortunately, it did not work.
  I've also tried specifying the path in Java-style resource bundle form (eg// com.mycompany.mypackage.myresources) and relative paths but, again, with no success.
  I pack the resource file with the authentication mbean jar.
  Some examples of what I've done:
  (absolute path case, where I just copied my resources file to somewhere on my comp):
  <MBeanAttribute
  Name = "BDOption"
  LanguageMap = "c:/dev/BDResources.properties"
  DisplayName = "option.bdoption"
  Type = "java.lang.String"
  Writeable = "true"
  Default = ""Default Value""
  />
  (java resource bundle case):
  <MBeanAttribute
  Name = "BDOption"
  LanguageMap = "com.mycompany.mypackage.BDResources"
  DisplayName = "option.bdoption"
  Type = "java.lang.String"
  Writeable = "true"
  Default = ""Default Value""
  />
  My resource file has only the following entry:
  option.bdoption=Brian's Option
  But the option will always appear as "BDOption" rather than "Brian's Option"
  Any help would be appreciated,
  Brian

  refer the following links
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/092dddc6-0701-0010-268e-fd61f2035fdd
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2a56861-0601-0010-bba1-e37eb5d8d4a9
  please let me know if u dont find relevant information