Reorder weblogic authentication providers
I have a properties file containing a list of weblogic authentication providers in a certain order.
example properties file :
### realm components ###
AuthenticationProvider=DefaultAuthenticator,DefaultIdentityAsserter,IPlanetAuthenticator,WaliSAMLAuthenticator,UmoeAuthenticator,MooseAuthenticator
and a wlst jython script who uses this properties file as an argument to create and reorders the authentication providers in the security realm.
wlst code to create AuthenticationProviders :
# realm config #
for a in AuthenticationProvider:
print 'Config AuthenticationProvider ' + a
if a == "IDMx509IdentityAsserter":
print 'Creating AuthenticationProvider IDMx509IdentityAsserter'
createIDMx509IdentityAsserter()
elif a == "SAMLIdentityAsserterV2":
print 'Creating AuthenticationProvider SAMLIdentityAsserterV2'
createSAMLIdentityAsserterV2()
elif a == "IDMSamlAuthenticationProvider":
print 'Creating AuthenticationProvider IDMSamlAuthenticationProvider'
createIDMSamlAuthenticationProvider()
elif a == "WaliSAMLAuthenticator":
print 'Creating AuthenticationProvider WaliSAMLAuthenticator'
createWaliSAMLAuthenticator()
elif a == "UAMPepRoleMapper":
print 'Creating AuthenticationProvider UAMPepRoleMapper'
providerUrl = prop.get(a + '.ProviderUrl')
createUAMPepRoleMapper(providerUrl)
else:
print '!Problem creating AuthenticationProvider , don\'t know how to create ' + a
setOrderAuthenticationProvider(AuthenticationProvider,domainName)
the methode to set the order:
def setOrderAuthenticationProvider(listAuthenticationProvider,domainname):
try:
cd('/SecurityConfiguration/' + domainname + '/DefaultRealm/myrealm/')
arrayAuthenticationProviders = get('AuthenticationProviders')
lengt = len(arrayAuthenticationProviders)+1
for x in xrange(1,lengt):
arrayAuthenticationProviders.pop(len(arrayAuthenticationProviders)-1)
except:
print '!Problem while trying to cleanup arrayAuthenticationProviders'
try:
for a in listAuthenticationProvider:
print 'add ' + a + ' to authenticatorArray'
cd('/SecurityConfiguration/' + domainname + '/DefaultRealm/myrealm/AuthenticationProviders/' + a )
currentAuthenticator = cmo
arrayAuthenticationProviders.append(currentAuthenticator)
except:
print '!Problem while trying to construct list of autehticators'
dumpStackRollback()
try:
cd('/SecurityConfiguration/' + domainname + '/Realms/myrealm')
set('AuthenticationProviders',arrayAuthenticationProviders)
except:
print '!Problem while setting order AuthenticatoionProviders'
dumpStackRollback()
The problem is when I call the methode i get an exception saying arrayAuthenticatorionProvider has not the correct type.
a correct example to set the order correct is this:
set('AuthenticationProviders',jarray.array([ObjectName('Security:Name=myrealmDefaultIdentityAsserter'), ObjectName('Security:Name=myrealmDefaultAuthenticator'), ObjectName('Security:Name=myrealmMooseAuthenticator'), ObjectName('Security:Name=myrealmIDMx509IdentityAsserter'), ObjectName('Security:Name=myrealmSAMLIdentityAsserterV2'), ObjectName('Security:Name=myrealmIDMSamlAuthenticationProvider'), ObjectName('Security:Name=myrealmWaliSAMLAuthenticator'), ObjectName('Security:Name=myrealmUmoeAuthenticator'), ObjectName('Security:Name=myrealmIPlanetAuthenticator')], ObjectName))
Can somme one tell me how i can adopt my code to create a correct jarray with ObjectName type objects.
Hi Nishith,
Thanks very much for your informaiton.
The link provided by you tells the policy migraiton from file system(System-jazn) to LDAP(OID or OVD) in Domain Policy store.
What we need is "Upon installing a new patch update to the Domain, the weblogic Authenctication providers getting deleted. Perticularly the one which we configured for External authentication(OVD Authenticator).
In our User interface we have one functionality for creating a External authenticaiotn provider(External authentication). it will create the Authentication provider in Weblogic as well as OVD. when we are updating our application with patch in the domain, the weblogic provider getting deleted.
As of now we are creating that Authentication provider manully in Weblogic. My quesiton is, is there any script(wlst) or workaroud to persist or recreate the provider?
I Hope you understand my problem.
Thank you
Similar Messages
-
Wbelogic 12c Server - wlst script to reorder Authentication Providers
Does anyone know the jython commands to set/reorder to Authentication Providers?
Example script:
edit()
startEdit()
# if needed create your authentication provider first
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm')
cmo.createAuthenticationProvider('XYZ_Authenticator', 'com.xyz.providers.authentication.XYZ_Authenticator')
# configure if needed
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm/AuthenticationProviders/XYZ_Authenticator')
set('Debug','true')
set('ControlFlag','SUFFICIENT')
# reorder
cd('/SecurityConfiguration/'+domainName+'/Realms/myrealm')
set('AuthenticationProviders',jarray.array([ObjectName('Security:Name=myrealmXYZ_Authenticator'), ObjectName('Security:Name=myrealmDefaultAuthenticator'), ObjectName('Security:Name=myrealmDefaultIdentityAsserter')], ObjectName))
save()
activate()
See also: Advanced WebLogic Server Automation: Administration and Monitoring with WLST and JMX
Advanced WebLogic Server Automation: Administration and Monitoring with WLST and JMX (Oracle In-Focus Series) (Volume 46… -
OBIEE 11g - Weblogic Authentication Denied
Hello All,
I did install OBIEE 11g 11.1.1.3.3 in my personal PC which has windows XP SP3 and I did choose "Enterprise Installation" as an option.
Before installing this I did install the Loop Back Adapter and also set the IP address in the Host file ( 10.10.10.10 Mycomputername mycompany.com).
Installation went through very much fine no errors at all. Analytics page was opened after the installation and When I gave the weblogic Credentials it was Unable to sign in.
When I tried to login to Weblogic Console it says "Authentication Denied".
Checked the services Weblogic Node manager started but Oracle Process Manager(instance1) did not start (1053 the service couldn't start in a timely fashion).
Then I tried to StartBIServices from Start-> Allprograms->Oracle Business Intelligence gave Weblogic Credentials .... 2 cmd prompts were opened and all services are started and also the anlaytics page was opened and gave the credentials again same error "Unable to sign in" and agin tried to login to weblogic the same error "Authentication Denied". This is really strange....
I thought this is something to do with rebooting the system after installation. So I restarted the system and started the services Weblogic Node Manager and Oracle Process Manager (instance1).
This time both of them were started.
Again tried to start the BI services Start-> Allprograms->Oracle Business Intelligence , gave the credentials ... this time only one cmd prompt was opened and it says weblogic authentication denied and its forcefully shut down and Other cmd prompt stopped at WLS.alive...
Here is the Detail Log from Adminserver.log:
<Apr 18, 2011 12:34:57 AM PDT> <Critical> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097109> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:965)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User weblogic javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:250)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy22.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:91)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy40.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:348)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:929)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1050)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:875)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Apr 18, 2011 12:34:57 AM PDT> <Notice> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097156> <BEA-000365> <Server state changed to FAILED>
####<Apr 18, 2011 12:34:57 AM PDT> <Error> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097156> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Apr 18, 2011 12:34:57 AM PDT> <Notice> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097156> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Apr 18, 2011 12:34:57 AM PDT> <Info> <WebLogicServer> <kanna> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1303112097172> <BEA-000236> <Stopping execute threads.>
Checked the Opmnctl Status through cmd prmpt:
coreapplication-obiccs1 - Alive
coreapplication-obisch1 - Alive
coreapplication-obijh1 - Alive
coreapplication-obips1 - Alive
coreapplication-obis1 - Alive
I dont know if the weblogic user or password got corrupted ............???
So I tried to reset the password by adding the Boot.properties file in the following path:
C:\OBIEE11gfmw\user_projects\domains\bifoundation_domain\servers\AdminServer\security
giving username=weblogic
password =password123 in the file but no use still the same error.
Did anybody got the same error ?
Please help me.....
Thanks in Advance...
Regards
Kanna
Edited by: Kanna on Apr 18, 2011 1:14 AM
Edited by: Kanna on Apr 18, 2011 10:45 AMYes, but my username and password was simple and straight its weblogic/password123...
Do you guys know how to reset the weblogic Admin password ?
I want to try to debug this error first...... If I couldn't get any help anyhow I am going to Deinstall...
but this shouldn't be the case evrytime.... because we are facing the same problem in our company ...Where we installed 11g in one of our DEV environments...
There should be a some solution for this problem...
Is there anything that I am doing wrong?
Do I need to provide more information from Logs to understand the problem?
Thanks
Kanna -
Portal Admin Tool & order of Authentication Providers
For our app, we use two LDAP authentication providers that point to different LDAP
repositories.
Both of them have been configured to have the JAAS flag - OPTIONAL. When the order
is ProviderA and ProviderB (in WLS Console), the authentication works in Portal
Admin Tool. But when the order is reversed to ProviderB and ProviderA, it throws
profileNotFound error and the Portal Admin Tool bombs.
Since both of the providers have been configured to OPTIONAL, shouldn't the order
of the providers be immaterial?
Is this a problem with the Portal Administration Tool?
Thanks,
JamesIs this a different problem, then? The ProfileNotFound exception comes only
after
authentication succeeds. If you are on SP2, it makes me wonder if the
credentials
for weblogic are in both providers and are different (different password)?
Also, can you tell me which authorizer and role mapper providers you are
using?
-Phil
"James Spencer" <[email protected]> wrote in message
news:[email protected]...
>
Phil,
We are on SP2. The problem I am having is, the weblogic admin user -weblogic
- is not able to authenticate in Portal Admin Tool depending upon theorder of
the providers.
I thought the authentication for Multiple providers should work in SP2,irrespective
of the order.
I read about the users/groups page works only for the first auth provider.
James
"Phil Griffin" <BEA> wrote:
You're right, the order should be immaterial. The problem is the
portal admin tools (and runtime profile location) rely on a
userExists() call succeeding against a single (default) ATN provider.
There is a number of ways to specify which provider this is - see Javadoc
for getProviderMBean for a description.
http://edocs.bea.com/wlp/docs81/javadoc/com/bea/p13n/usermgmt/RealmHelper.h
tml#getProviderMBean
>>
Better yet, SP2 includes a fix which automatically allows all providers
to
be
checked. The Portal Admin tools still only operate against a singledefault
provider
(to edit users/groups), until SP3.
-Phil
"James Spencer" <[email protected]> wrote in message
news:[email protected]...
For our app, we use two LDAP authentication providers that point todifferent LDAP
repositories.
Both of them have been configured to have the JAAS flag - OPTIONAL.When
the order
is ProviderA and ProviderB (in WLS Console), the authentication worksin
Portal
Admin Tool. But when the order is reversed to ProviderB and ProviderA,it
throws
profileNotFound error and the Portal Admin Tool bombs.
Since both of the providers have been configured to OPTIONAL, shouldn'tthe order
of the providers be immaterial?
Is this a problem with the Portal Administration Tool?
Thanks,
James -
Multiple authentication providers for the same identity store?
We are on WebLogic Server 11g PS5 and in the middle of configuring the authentication providers.
Turns out we an Active Directory instance where we have two distinct User Base DNs we would like to use, without overlap, but they share the Group Base DN.
What is the best practice to configure this? I think we could use the parent DN, but that would basically include the whole of the directory for users and groups, will that impact performance?Hi Alexandre,
You might find this helpful - http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32420/v2authen.htm#BABJCHEJ. The text "suppose the user requests a resource that is protected by a form-based authentication scheme that redirects the user to a form with several options for logging in. When the user selects a login method on the form, he or she is again redirected, this time to a form containing a certificate-based authentication scheme." suggests that what you want to achieve is possible. If you do get this configured and working the way you want, can you please share with the forum?
-Vinod -
Weblogic Authentication problems
I successfully configured security on weblogic but when ever I try to login weblogic authenticate the user and redirect on the welcome page but with an exception like
<JpsIdentityManagementProvider> <getIdmUserList> WARN_NO_USERS_PATTERN
oracle.security.idm.ObjectNotFoundException: No User found matching the criteria
at oracle.security.idm.providers.stdldap.util.DirectSearchResponse.initSearch(DirectSearchResponse.java:174)
at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:52)
at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:43)
at oracle.security.idm.providers.stdldap.util.LDAPRealm.searchUsers(LDAPRealm.java:489)
at oracle.security.idm.providers.stdldap.LDIdentityStore.search(LDIdentityStore.java:274)
at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUsers(LDIdentityStore.java:367)
at oracle.adf.share.security.providers.jps.JpsIdentityManagementProvider.getIdmUserList(JpsIdentityManagementProvider.java:505)
at oracle.adf.share.security.providers.jps.JpsIdentityManagementProvider.getUserProfileList(JpsIdentityManagementProvider.java:386)
at oracle.adf.share.security.identitymanagement.UserManager.getUserProfileList(UserManager.java:314)
at oracle.adf.share.security.identitymanagement.UserProfile.initialize(UserProfile.java:91)
at oracle.adf.share.security.identitymanagement.UserProfile.<init>(UserProfile.java:81)
at oracle.adf.share.security.providers.jps.JpsSecurityContext.getUserProfile(JpsSecurityContext.java:115)
at oracle.adf.share.ADFContext.getEnterpriseId(ADFContext.java:850)
at oracle.adfinternal.controller.util.LogUtils.getApplicationName(LogUtils.java:392)
at oracle.adfinternal.controller.util.LogUtils.gotApplicationName(LogUtils.java:384)
at oracle.adfinternal.controller.util.LogUtils.getTimer(LogUtils.java:161)
at oracle.adfinternal.controller.util.LogUtils.getTimer(LogUtils.java:209)
at oracle.adfinternal.controller.metadata.MetadataServiceImpl.initializePageFlow(MetadataServiceImpl.java:374)
at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getPerUserCache(MetadataServiceImpl.java:355)
at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getPerUserCache(MetadataServiceImpl.java:324)
at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getAdfPageFlow(MetadataServiceImpl.java:180)
at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getPageFlow(MetadataServiceImpl.java:434)
at oracle.adfinternal.controller.metadata.MetadataServiceImpl.getActivity(MetadataServiceImpl.java:169)
at oracle.adfinternal.controller.state.ViewPortContextImpl.getPhysicalURI(ViewPortContextImpl.java:1097)
at oracle.adfinternal.controller.application.AdfcPageResolver.getPhysicalURI(AdfcPageResolver.java:75)
at oracle.adf.controller.faces.lifecycle.Utils.getPagePathFromViewId(Utils.java:44)
at oracle.adfinternal.controller.application.model.UpdateBindingListener.setBindingELVariable(UpdateBindingListener.java:108)
at oracle.adfinternal.controller.application.model.UpdateBindingListener.beforePhase(UpdateBindingListener.java:61)
at oracle.adfinternal.controller.lifecycle.ADFLifecycleImpl$PagePhaseListenerWrapper.beforePhase(ADFLifecycleImpl.java:550)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.internalDispatchBeforeEvent(LifecycleImpl.java:100)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.dispatchBeforePagePhaseEvent(LifecycleImpl.java:147)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$PhaseInvokerImpl.dispatchBeforePagePhaseEvent(ADFPhaseListener.java:119)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.beforePhase(ADFPhaseListener.java:63)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.beforePhase(ADFLifecyclePhaseListener.java:44)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:319)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:204)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:173)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:121)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:468)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:293)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:199)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
what is this and why this exception occur and how can i solve this problemIn my opinion you can ignore the message (if your application works correctly). I have seen similar messages in the log of one of our applications, although the application continued working properly. I think that this message might appear only if you have used some non-LDAP authentication provider. I think that the JPS Identity Store service is trying to get the user's profile but as far as this service may work only against LDAP-based authentication providers, it is not able to find the authenticated user in its store (because the user's account is not stored in an LDAP store).
You may have a look also at this thread: {thread:id=2161110}
Dimitar -
Login Modules-Authentication Providers
Are LoginModules embedded in Authentication
Providers for Weblogic 8.1 ga or do we require to write one ?Siddhartha <[email protected]> wrote:
Are LoginModules embedded in Authentication
Providers for Weblogic 8.1 ga or do we require to write one ?If you're extending AuthenticationProvider you need to implement the method
public AppConfigurationEntry getLoginModuleConfiguration()
Where the AppConfigurationEntry constructor takes the following parameters:
<YourLoginModule>.class.getName(),
AppConfigurationEntry.LoginModuleControlFlag.(REQUIRED|SUFFICIENT etc)
java.util.Map
The docs at:
http://edocs.bea.com/wls/docs81/dvspisec/index.html
and
http://edocs.bea.com/wls/docs81/dvspisec/atn.html#1182704
The latter has code examples for LoginModules as well as the implementation of
AuthenticationProvider.
Hope this helps!
You don't happen to know how to deploy an EJB to the Weblogic Server Console -
ie: my AuthenticationProvider relies on an EJB - do you?
Best wishes,
Michael -
Please let me know whether Authentication Providers which are in security -> realm of weblogic 8.1 contain LoginModules embedded in them or we have to write one ?
Please let me know whether Authentication Providers which are in security -> realm of weblogic 8.1 contain LoginModules embedded in them or we have to write one ?
-
Hi,
We have to get all the claims providers associated with a web application and its identity claim encoding type using API.
For example:
If the identity claim of windows authentication is user name and the user name is a string, then we should get
"i:0#.w".
If the identity claim of forms authentication is
email and the provider name is "fba" , then we should get "i:0!.f|fba|".
The below link shows us to get all claims providers associated with a web application, but how do we get the identity claim encoding type of each provider?
http://msdn.microsoft.com/en-us/library/gg650432(v=office.14).aspx#SP_WCP_Tip3
using (SPSite theSite = new SPSite("http://someContosoUrl"))
// Get the web application.
SPWebApplication wa = theSite.WebApplication;
// Get the zone for the site.
SPUrlZone theZone = theSite.Zone;
// Get the settings that are associated with the zone.
SPIisSettings theSettings = wa.GetIisSettingsWithFallback(theZone);
// Get the list of authentication providers that are associated with the zone.
foreach (SPAuthenticationProvider prov in
theSettings.ClaimsAuthenticationProviders)
{ // Need to get the identity claims encoding type using the SPAuthenticationProvider
Is windows authentication's identity claim encoding type always i.0#.w or the identity claim is always the user name?
Thanks & Regards,
Kalai.If the requirement is to be able to convert claim identities to windows identities that can be used with other LOB/legacy application that still relies on NTLM/Windows Auth, then I would recommend to explore C2WTS.
Here are some references:
http://msdn.microsoft.com/en-us/library/office/ee539739(v=office.14).aspx
http://blah.winsmarts.com/2013-11-Use_C2WTS_to_get_a_classic_windows_identity_from_a_claims_identity.aspx
http://henrymcclain.blogspot.in/2013/05/claims-to-windows-token-service-c2wts.html
http://blogs.msdn.com/b/rodneyviana/archive/2011/02/20/claims-to-windows-token-service-c2wts-may-not-start-automatically-when-you-reboot-your-server-don-t-blame-sharepoint-for-that.aspx
http://blogs.msdn.com/b/russmax/archive/2010/05/27/understanding-sharepoint-2010-claims-authentication.aspx
Thanks!
These postings are provided "AS IS" with no warranties, and confers no rights. -
OWSM 11g : Authentication Providers for X.509 and SAML policies
Hi All,
I am currently trying to implement the X.509 and SAML policies. As per the documentation for these polices I need to configure an authentication provider(or Identity Assertion provider) that can handle perimeter authentication via the NameCallback. I had configured an authentication provider(default authentication provider) that handled the namecallback and passwordcallback. What I can't figure out is how do these two authentication providers differs. And, incase one has to configure for the X.509 and SAML policies how to do the same.
Any pointers will be useful. Especially, from anyone who has worked and implemented the above policies.
Thanks in advance.
Edited by: Shomit Sahdev on ८ अप्रैल, २०१० १२:२५ पूर्वाह्नAfter research by Oracle Support it actually turns out that this problem was a combination of factors:
1) some clients were effectively using an invalid certificate so it is corrrect they got an error and everything worked fine when they started using the right certificate
2) it does, however, turn out that, in the case of an error the error handling has been obfuscated in WLS 10.3.6 as compared to WLS 10.3.4 which gives a more descriptive error stating the nature of the problem (missing certificate, invalid certificate, unknown user, ...). Apparently this was deemed a security issue and has thus been replaced by a generic "internal server error". It is however possible to re-activate this older behaviour using a couple of JAVA_OPTS that you pass during server startup:
-Dweblogic.wsee.security.debug=true -Dweblogic.wsee.security.verbose=true
The above reintroduced the behaviour we had in WLS 10.3.4 and thus solves our problem! -
Weblogic Authentication Pop-up issue
Hi,
I have a problem with one of our application.
We have the portal application deployed on weblogic which is authenticated by OAM/OIM.
During the authentication process(after Putting the username and password) if the user click some where in the page weblogic authentication pop up window is thrown,
The Http header shows
WWW-Authenticate: Basic realm="WebLogic Server"
And user need to clear the session cookies and relogin to access the application
Had disabled the enforce-valid-basic-auth-credentials in weblogic security configuration, but that doesnt help
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
Any suggestion on thisThe Pop up window appears during the login phase if the user clicks the back button or stop button or clicking some links on portal
Thanks -
Consume 3rd party authentication (providers) in SP13
I have a situation where I should have multiple authentications for my SP13 farm.
1. Since Claims is dominant in SP13, how can I integrate different (multiple) authentications? I am not clear on how claims works internally :(
2. How users from different authentication types can be grouped into SharePoint specific groups?
- GEMHi GEM,
1.Claims-based authentication is more general authentication mechanism that allows users to authenticate on external systems that provide asking system with claims about user. For how claims-based authentication works, you can have a look at the blog:
http://www.c-sharpcorner.com/UploadFile/Ashush/authentication-methods-in-sharepoint-2013/
For integrating multiple authentication methods in claims based web application, you can refer to the blog:
http://www.dotnetspark.com/kb/2845-configuring-multiple-authentication-providers.aspx
2.For adding users from diffferent authentication types into SharePoint groups, there is no special steps. Because with claims-based identities, a user obtains a digitally signed security token from a commonly trusted identity provider. The token contains
a set of claims. Each claim represents a specific item of data about a user such as his or her name, group memberships, and role on the network. Claims-based authentication is user authentication that uses claims-based identity technologies and infrastructure.
Applications that support claims-based authentication obtain a security token from a user, rather than credentials, and use the information within the claims to determine access to resources.
Reference:
http://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx
Best Regards,
Eric
Eric Tao
TechNet Community Support -
Authentication providers for TACACS+ and RADIUS
Does anyone supply WLS 8.1 authentication providers for TACACS+ and/or
RADIUS?
BenSo in the ACS network config you add 2 NASes (or should that be NASi?)
One is of type TACACS+, enter the device ip and secret. The other is RADIUS - unless you need to use some vendor specific trickery you could stick with IETF RADIUS to keep it simple. Again enter the IP and the secret.
Assuming you a have at least 1 user in say, the default group (acs group 0) you then need to do some basic setup. In ACS a single group can have both RADIUS and TACACS+ config :-)
RADIUS will pretty much default to PPP anyway, but you should still set the Service-Type to Framed and set session timeouts etc.
With T+ you tick the boxes for the services that are allowed. For SSH login you might have to define a custom service first (under interface config)
Suggest you first take time to scan through the ACS docs. -
Using SqlProvider and Weblogic authenticator in my own login page
Hi All,
I want to use SqlProvider of weblogic server for authentication of users. For the said purpose I have made necessary steps in weblogic server console. now i want to use it in my own login page and authenticate user based on sqlProvider and wls.
Can u suggest me what to do? or where do I move next ?Add ADF Security to your application.
- Add the groups (the ones in your WLS) to 'Enterprise roles' (use the same name).
- Define your 'Application Roles' (the roles you want to use in your application) and add the corresponding Enterprise roles to it.
- Set the resource grants
That should be it. -
How to use LanguageMap attribute for Authentication Providers?
Hi all,
I couldn't find a BEA MBean-specific forum, so I'll post this here and hope you can point me to the correct people to talk to.
We're developing an Authentication provider for WebLogic 8.1. We would like to have our Authentication Provider MBean support multiple languages. I've experimented with the LanguageMap attribute but with no success. Has anybody been able to get these to work?
The spec states that the path should be fully qualified, which I take to mean that it needs to be an absolute path. I found this to be a bit unreasonable but tried it nonetheless. Unfortunately, it did not work.
I've also tried specifying the path in Java-style resource bundle form (eg// com.mycompany.mypackage.myresources) and relative paths but, again, with no success.
I pack the resource file with the authentication mbean jar.
Some examples of what I've done:
(absolute path case, where I just copied my resources file to somewhere on my comp):
<MBeanAttribute
Name = "BDOption"
LanguageMap = "c:/dev/BDResources.properties"
DisplayName = "option.bdoption"
Type = "java.lang.String"
Writeable = "true"
Default = ""Default Value""
/>
(java resource bundle case):
<MBeanAttribute
Name = "BDOption"
LanguageMap = "com.mycompany.mypackage.BDResources"
DisplayName = "option.bdoption"
Type = "java.lang.String"
Writeable = "true"
Default = ""Default Value""
/>
My resource file has only the following entry:
option.bdoption=Brian's Option
But the option will always appear as "BDOption" rather than "Brian's Option"
Any help would be appreciated,
Brianrefer the following links
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/092dddc6-0701-0010-268e-fd61f2035fdd
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2a56861-0601-0010-bba1-e37eb5d8d4a9
please let me know if u dont find relevant information
Maybe you are looking for
-
How can i remove cydia from my phone
How can i remove cydia from my iPhone 4
-
Hi Folks! I have created a simple popup window which takes some data from the form. What I would like is to be able to submit the popup window and the automatically close it. To achieve this I have created a Submit button and the a branch process whi
-
Is it possible to HomeShare on 3rd party Apple TV?
I have set up HomeShare between my Mac and my Apple TV. However, I was wondering whether it was possible to HomeShare between my Mac and a 3rd party's Apple TV so I can show my photos on their TV?
-
Why do I get timeout when deploying SQL Server data source in Weblogic Admin Console?
Hi all I'm attempting connectivity between WLS 10.3.6.0 and SQL Server 2008R. I've downloaded sqljdbc4.jar and added to the end of the Weblogic Classpath in commEnv.cmd. Then I set up a data source in Admin Console and pressed the Test Data Source bu
-
When do I get the refund as the subscription will ...
I had used all my minutes for the current month subscription for Pakistan. The subscription is to renew in September. However mistakenly I paid another amount of 4.99$ in my account for the subscription which I then cancelled immediately without any