Weblogic 81 sp6 and siteminder authentication

I am running into a puzzling issue after upgrding to weblogic8.1 sp6. I am not sure if any experienced this and how to remedy the problem.
1- background : I had weblogic8.1 sp5 installed and I had a deployed web application on a managed server. There is a siteminder protection for the anything under the context root of this web application. The siteminder plugin is installed on Iplanet( SUN WEB Server 6.1sp3). When a user tries to access this webapplication though the webserver. Siteminder interrupt the request and authenticate the user. if the user is authorized to access the application, siteminder will change the headers and add other header variables and redirect it again to the application. All was working fine and no changes were needed.
Once I upgraded to weblogic 8.1 sp6. User gets authenticated by sinteminder but the weblogic server tries to authenticate the user again using its own form. If siteminder is disabled, then the user can access the application fine without weblogic authentication. There are no configuration changes at all in this upgrade. I only reference the new JDK and new weblogic 8.1sp6 files to restart the servers.
If you have any idea, please reply to this post.
thank you.

after opening a support ticket, it's been resolved for me.
Patch CR287255 has been created and allow you to add a new parameter in the config.xml of your domain: EnforceValidBasicAuthCredentials = "False".
Hope this helps.

Similar Messages

  • SiteMinder Authentication Realm has NOT been correctly configured and...

    Hi All,
    When I set the realm (associated with the authentication provider) as UNPROTECTED, I see the following in my AUWebAgent.log (authentication web agent log):
    [31 Aug 2006 16:19:07,050] [main] [INFO] Configuration: Support for TP cookies is : ENABLED.
    [31 Aug 2006 16:19:07,050] [main] [INFO] Configuration: DefaultAgentName: bppttest.micron.com.
    [31 Aug 2006 16:19:07,051] [main] [INFO] Configuration: FilterDomainName: DISABLED
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Creating caches ..
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Cache Timeout specified. Default is 600 seconds
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Resource Cache Size specified. Default is: 0
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Authentication Cache Size specified. Default is: 0
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: No Authorization Cache size specified. Default is: 0
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: Auditing is DISABLED
    [31 Aug 2006 16:19:07,051] [main] [DEBUG] Configuration: Caching for anonymous users is DISABLED
    [31 Aug 2006 16:19:07,053] [main] [DEBUG] The SiteMinder Resource Manager is checking if resource "/smauthenticationrealm" is Protected.
    [31 Aug 2006 16:19:07,129] [main] [INFO] Resource "/smauthenticationrealm" is NOT Protected.
    [31 Aug 2006 16:19:07,129] [main] [ERROR] The SiteMinder Authentication Realm has NOT been correctly configured and is unavailable.
    Additional info:
    Using SiteMinder 5.5 on WebLogic 8.1 sp5
    When & if I set all my realms as protected then I am unable to startup my servers and get the folowing error:
    We are trying to setup (as in intergrate SiteMinder with Savvion) SiteMinder v2 with weblogic 8.1 sp 5. We have appropriately included the references to variours siteminder related jars as per Netegrity's ASA document. We aren't using any webserver, instead wewould be using launching page (which be a protected resource). The following is the installation, configuration, and testing information related to various siteminder components:
    SiteMinder Identity Asserter (IA) - installed, configured & tested successfully.
    SiteMinder Authentication Provider - installed, configured & test result -> Unsuccessful.
    SiteMinder Authorziation provider - installed, configured & test result -> Unsuccessful.
    Has anyone seen anything similar to the following? My guess on the above is that it looks like it is trying initialise siteminder stuff every time we start each of the servers(admin, ejb and portal). Since the initialisation happens for the 1st time) when the admin server is started, an error is thrown complaining about not being to initialise when we start either portal or ejb after that. If this is true then is there a way around this problem?
    The Admin Server starts fine. But when we try to start either of the ejb or portal server, we get the following error:
    <Aug 16, 2006 4:03:01 PM MDT> <Critical> <WebLogicServer> <BEA-000364> <Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String ;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String ;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:225)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:283)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java :581)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm (SecurityServiceManagerDelegateImpl.java:700)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize (SecurityServiceManagerDelegateImpl.java:876)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:821)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:669)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:343)
    at weblogic.Server.main(Server.java:32)
    >
    <Aug 16, 2006 4:03:01 PM MDT> <Emergency> <WebLogicServer> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException : failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9 ]>
    The WebLogic Server did not start up properly.
    weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String ;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:225)
    at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:283)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java :581)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm (SecurityServiceManagerDelegateImpl.java:700)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
    at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize (SecurityServiceManagerDelegateImpl.java:876)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
    at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:821)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:669)
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:343)
    at weblogic.Server.main(Server.java:32)
    Reason: weblogic.security.service.SecurityServiceRuntimeException : [Security:090371]Problem instantiating Authentication Provider weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception - with nested exception:
    [java.rmi.MarshalException: failed to marshal invoke(Ljavax.management.ObjectName ;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;); nested exception is:
            java.io.NotSerializableException: com.netegrity.siteminder.weblogic.sspi.auth.a9]
    Any help would be appreciated.
    Regards,
    Prashant

    but it just says it cannot repair due to another program being installed.
    I'd like to have a closer look at that error message please.
    Generate the error message again. While the error message box is open, hold down the Alt key and hit the PrtSc key. Paste the screenshot into an image file (using a program like Paint), and save the file.
    Start a reply here and click the wee camera icon at the top of the reply window. Click "Choose file", browse to the image file, select the file and click "Open". Now click "Insert file" to insert the screenshot into the reply.

  • WebLogic 10gR3 and Windows Integrated Authentication

    Hi:
    I have an intranet web application running on WebLogic 10gR3 and would like to make use of the Windows Integrated Authentication (SSO, SPNEGO, Active Directory) so that the intranet users don't have to log in to access the web application.
    In weblogic, I've managed to create an ActiveDirectoryAuthenticator and can see all the users and groups from Active Directly. Also created a NegotiateIdentityAsserter with both WWW-Authenticate.Negotiate and Authorization.Negotiate options.
    When I set the web.xml login-config to BASIC, the browser shows the login dialog and authentication happens through AD. I've changed the login-config to CLIENT_CERT as suggested by the documentation:
    <login-config>
         <auth-method>CLIENT-CERT</auth-method>
    </login-config>but I'm getting the following error:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    The request requires user authentication. The response MUST include a
    WWW-Authenticate header field (section 14.46) containing a challenge
    applicable to the requested resource. The client MAY repeat the request
    with a suitable Authorization header field (section 14.8). If the request
    already included Authorization credentials, then the 401 response indicates
    that authorization has been refused for those credentials. If the 401
    response contains the same challenge as the prior response, and the user
    agent has already attempted authentication at least once, then the user
    SHOULD be presented the entity that was given in the response, since
    that entity MAY include relevant diagnostic information. HTTP access
    authentication is explained in section 11.Help is highly appreciated
    Albert
    Edited by: albertattard on Jul 13, 2009 3:40 PM
    Edited by: albertattard on Jul 13, 2009 3:42 PM

    Hi:
    I have an intranet web application running on WebLogic 10gR3 and would like to make use of the Windows Integrated Authentication (SSO, SPNEGO, Active Directory) so that the intranet users don't have to log in to access the web application.
    In weblogic, I've managed to create an ActiveDirectoryAuthenticator and can see all the users and groups from Active Directly. Also created a NegotiateIdentityAsserter with both WWW-Authenticate.Negotiate and Authorization.Negotiate options.
    When I set the web.xml login-config to BASIC, the browser shows the login dialog and authentication happens through AD. I've changed the login-config to CLIENT_CERT as suggested by the documentation:
    <login-config>
         <auth-method>CLIENT-CERT</auth-method>
    </login-config>but I'm getting the following error:
    Error 401--Unauthorized
    From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
    10.4.2 401 Unauthorized
    The request requires user authentication. The response MUST include a
    WWW-Authenticate header field (section 14.46) containing a challenge
    applicable to the requested resource. The client MAY repeat the request
    with a suitable Authorization header field (section 14.8). If the request
    already included Authorization credentials, then the 401 response indicates
    that authorization has been refused for those credentials. If the 401
    response contains the same challenge as the prior response, and the user
    agent has already attempted authentication at least once, then the user
    SHOULD be presented the entity that was given in the response, since
    that entity MAY include relevant diagnostic information. HTTP access
    authentication is explained in section 11.Help is highly appreciated
    Albert
    Edited by: albertattard on Jul 13, 2009 3:40 PM
    Edited by: albertattard on Jul 13, 2009 3:42 PM

  • ADF and SiteMinder not working

    Hi,
    I'm working on a project where the CA SiteMinder Authenticator and IdentityAsserter have been configured in a clustered environment alongside the Default Authenticator and IdentityAsserter. An ADF app using a combination basic J2EE security (isUserInGroup/Role type calls to show/hide tabs depending on user's role) and ADF Security roles and policies (used to lock down task flows to specific roles/groups/users).
    The J2EE security call works fine, proving that SiteMinder has populated the security Subject with the correct Principals and authorised correctly.
    However, ADF Security does not work at all, even though I can see the groups that originated in the SiteMinder Authenticator in the Enterprise Manager security config screens.
    I have mapped the ADF Application Roles to J2EE groups successfully, but when I access the application having successfully logged in as a user who is a member of that group, the taskflows don't show up...
    When I run this in a non-clustered WLS environment with only DefaultAuthenticator/IdentityAsserter, all is well, TaskFlows show/hide as expected.
    This falls neatly between Oracle and CA in terms of problem solving, can't get much help from either at the moment.
    Any thoughts or possible lines of enquiry are welcome.
    Edited by: 893022 on 27-Oct-2011 04:23

    Hi Frank,
    I'm just trying that now - reducing the variables seems like a good plan.
    A couple of things we're unsure of:
    1. Does ADF support Siteminder R12? My feeling is that the two are probably not related as ADF accesses the security realm via OPSS and the SiteMinder app server agent is an implementation of the WLS SSPIs, which would never be directly accessed from ADF (as far as I can tell).
    2. I've seen an example on redstack where an ADF application is deployed into an environment that is configured to use an Acitive Directory provider. There is a step includes that involves editing jps-config.xml on the server to include username.attr and user.login.attr properties to the idstore.ldap service instance. Is there similar any FMW-level config I'd need to do for SiteMinder?
    3. When JDeveloper builds the ADF app, it changes the class uses Groups and Users from:
    oracle.seurity.jps.internal.core.principals.JpsXmlEnterpriseroleImpl
    to:
    weblogic.security.principal.WLSUserImpl
    We did some debugging on on our app and saw that the SiteMinder 'Groups' that are fed into WLS by the SSPI are actually of a different class althoghether:
    com.netegrity.siteminder.weblogic.sspi.auth.SmWLSGroupImpl
    I'm building my ADF app with Maven so have used XMLTask to make this change to jazn-data.xml on deploy, but still no joy. ADF just doesn't appear to be able to 'see' the users and groups that have come from SiteMinder providers.

  • SP6 and NTRealm

    Hi All,
    I've just installed SP6 on WLS 5.1.0 (NT 4.0) and hit an NTRealm problem. I
    installed the new wlntrealm.dll file and removed the ntrealm.properties file
    as per the SP6 release notes. Note that I didn't install SP6 to fix any
    NTRealm problems but had to install the new wlntrealm.dll file as I'm using
    NTRealm. If I don't use the new wlntrealm.dll I get a
    java.lang.NoSuchFieldError when starting WLS. So, with the new
    wlntrealm.dll, when starting WLS, I hit the following:
    U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
    java.lang.SecurityException: Unable to assert all required
    priviledges
    at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
    at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:162)
    at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:62)
    at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:39)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:79)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    java.lang.SecurityException: Unable to assert all required priviledges --
    bad do
    main name
    at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:168)
    at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:62)
    at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:39)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:79)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    The WebLogic Server did not start up properly.
    Exception raised: java.lang.reflect.InvocationTargetException
    java.lang.reflect.InvocationTargetException: java.lang.IllegalAccessError:
    java.
    lang.SecurityException: Unable to assert all required priviledges -- bad
    domain
    name
    at weblogic.security.acl.Realm.getRealm(Realm.java:86)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
    all
    required priviledges -- bad domain name
    at weblogic.security.acl.Realm.getRealm(Realm.java:86)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    WebLogic Server terminated with an abnormal condition of 1
    Hit return to continue...>>>>>>>>>Regards, Garry Baird.

    No idea. i couldn't reproduce it here.
    Post it in security newsgroup.
    Kumar
    Garry Baird wrote:
    Hi Kumar,
    Thanks for the reply. We've always run WLS from the command line with
    NTRealm and it works fine (I tried it after seeing a comment to that
    effect somewhere in one of the newsgroups). The problem is that when I
    run it using SP2 it works fine, but I hit this problem with SP6 and the
    new wlntrealm.dll file.
    My NT priviliges haven't changed between SP2 and SP6.
    Any ideas?
    Thanks, Garry.
    Kumar Allamraju wrote:
    Our security expert says
    """" As you read through the stack trace, you notice that the person running WLS
    does not have the
    correct privileges on NT to run NTRealm. This should be doc'd better, Yes, but
    it's not an error
    or bug.""""
    Also the doc is not correct. You can run it on the command line. You just have to
    give yourself the
    correct privileges in the NT System.
    Kumar
    Kumar Allamraju wrote:
    Are you sure that you are running WLS as an NT Service?
    The docs clearly states
    """" To use NTRealm , you must run WLS as an NT service on a computer in the
    Windows NT domain.
    If you run WLS from the command line, NTRealm authentication will not
    succeed""""
    Kumar
    Garry Baird wrote:
    Hi All,
    I've just installed SP6 on WLS 5.1.0 (NT 4.0) and hit an NTRealm problem. I
    installed the new wlntrealm.dll file and removed the ntrealm.properties file
    as per the SP6 release notes. Note that I didn't install SP6 to fix any
    NTRealm problems but had to install the new wlntrealm.dll file as I'm using
    NTRealm. If I don't use the new wlntrealm.dll I get a
    java.lang.NoSuchFieldError when starting WLS. So, with the new
    wlntrealm.dll, when starting WLS, I hit the following:
    U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
    java.lang.SecurityException: Unable to assert all required
    priviledges
    at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
    at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:162)
    at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:62)
    at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:39)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:79)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    java.lang.SecurityException: Unable to assert all required priviledges --
    bad do
    main name
    at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:168)
    at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:62)
    at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:39)
    at java.lang.Class.newInstance0(Native Method)
    at java.lang.Class.newInstance(Class.java:241)
    at weblogic.security.acl.Realm.getRealm(Realm.java:79)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    The WebLogic Server did not start up properly.
    Exception raised: java.lang.reflect.InvocationTargetException
    java.lang.reflect.InvocationTargetException: java.lang.IllegalAccessError:
    java.
    lang.SecurityException: Unable to assert all required priviledges -- bad
    domain
    name
    at weblogic.security.acl.Realm.getRealm(Realm.java:86)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
    all
    required priviledges -- bad domain name
    at weblogic.security.acl.Realm.getRealm(Realm.java:86)
    at weblogic.security.acl.Realm.getRealm(Realm.java:57)
    at weblogic.t3.srvr.T3Srvr.initializeSecurity(T3Srvr.java:1747)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    WebLogic Server terminated with an abnormal condition of 1
    Hit return to continue...>>>>>>>>>Regards, Garry Baird.

  • Graphics builder and os authentication

    I'm running on NT 4 sp6. I'm trying to get OS authentication working with graphics. It works great for forms and reports, but I cannot get graphics builder or the graphics runtime to work with os authentication. I've tried it with developer 2000 r2 and 6i release 2. Thanks is advance.
    null

    Is the state of OCCI and OS Authentication still the same? Or has it changed in the 2.5 years since this question was first asked and answered?
    I've yet to find any indication that it is now supported, but could I confirmation of that fact?
    If it is not, what is the Oracle recommended method for accomplishing this?

  • Weblogic Admin and Managed Server start using boot.properties and LDAP Acc.

    Hello - Can any one please tell me if Weblogic 10.3.x can be started using boot.properties file and by using a user account from the External LDAP (OID) server?
    I have configured the Weblogic server and have added a LDAP authenticator.
    The Group in OID is mapped to the Admin role in Weblogic so that the user can start and stop the server.
    LDAP users can successfully authenticate and access WLS console.
    We would like to remove Default Authenticator (Embeded LDAP) from the list of available providers for our security releam.
    Thank you.

    Tested and got it worked.

  • WebCenter and SiteMinder

    Hello,
    we have latest webcenter and weblogic installed. we have siteminder installed. we will be creating webcenter
    application and want to integrate siteminder with our application for security (authenticate / authorize etc)
    we have limited know how to integrate siteminder with application ...pl any help appreciated.
    thx.

    Hi.
    If you have access to MoS (My Oracle Support) read Certification of CA SiteMinder with Oracle WebCenter 11g (Doc ID 1485179.1)
    Basically it requires to install the CA Siteminder WebLogic Agent and configure the Identity Providers for Siteminder in WebLogic.
    If you require further support on this the correct forum is WebLogic Server - General
    I hope this helps
    Regards.

  • Siteminder authentication on j2ee Dialog Instances only but not on C.I

    I am doing an Siteminder external authentication implementation on SAP
    Enterprise Portal 6.40 SP16.I have a configuration that want somehow to
    validate.
    The issue is that the J2EE Dialog Instances should be protected by SM
    Agent (they are the load-balanced nodes with the Apache web agent) but
    the Central Instance (which will run on a separate node) protected just
    with the default basic authentication supported by SAP and not with the
    SM Agent. The idea is to be able to access the CI without going through
    the Front Web Instances for troubleshooting purposes.
    Can we support them on this & in what form of configuration?
    I appreciate your comments on this.
    Thanks
    Tagore

    ok I will try to add BasicPasswordLoginModule and check it out .after that as you said when I access url http://server:50000/irj -> it should directly go to portal  with default authentication (not siteminder).
    I'm still wondering without customizing authscheme.xml how the siteminder is doing authentication  as per your scenario explained in ur previous mail.
    we have customized the in httpd.conf file in   apache server like  below..
    <VirtualHost server:80>
        ServerName xxxxxx
    Alias /siteminderagent/pwcgi/ /usr/netegrity/webagent/pw/
        <Directory /usr/netegrity/webagent/pw/>
            Options Indexes MultiViews ExecCGI
            AllowOverride None
            Order allow,deny
            Allow from all
        </Directory>
    xxxxxx
    xxxxx
         ProxyPass       /irj/  http://server:50000/irj/
         ProxyPassReverse /irj/ http://server:50000/irj/
    </VirtualHost>
    APACHE deafult port 80 will listen ur portal url access http://server/irj -> pass this resource request to webagent and  check if or not resource proteced in siteminder policy server and does authentication .Once its autheticatated sitmeinder provide  user id  in the form header to j2ee.
    if you try to  access  the  portal by giving following url http://server:50000/irj will not work .
    could you tell me the 
    Note: in our scenario whe have installed both webserver (IBM HTTP APACHE 6.X)and web agent & ERP AGENT & PORTAL SERVER  installed on same box.
    Can you send me  doc how you custmozed ur webserver for proxy & reverse proxy  to my e-mail id :[email protected]
    anyhow may I know your e-mail id ?
    Thanks
    Tagore

  • Define Reverse Proxy and Deffered Authentication Schema

    Hi Experts,
    Can some one help me with the Definition for "*Reverse Proxy in OAM*" and "Deffered Authentication Schema (*DAS*) in Directory server". And please quote one example for understanding.......
    Thanks in Advance.
    Sandy
    Edited by: sandyb4u on Oct 11, 2010 1:34 AM

    Hello Markus,
    1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
    2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
    Regards
    Gregor

  • Portal Drive Single Sign On and Kerberos Authentication

    Hi,
    We are using NW2004s SP10 Portal and we have successfully configured Kerberos authentication with Windows Active Directory 2003. To access the KM Content in windows explorer format, we are using Portal Drive but Portal Drive still asks for authentication i.e. SSO is not working for Portal Drive. I have understood from the forums and sap help site that SSO from portal drive will work only for NTLM authentication and client certificates. Can you please help regarding below questions.
    1. Can Kerberos and NTLM authentication be configured together.
    2. If yes, what are the steps to configure NTLM authentication for NW2004s SAP Portal and Active Directory 2003.
    3. Any other approach to make Portal Drive SSO work.
    Helpful answers will be rewarded.
    Regards,
    Chandra

    Hi Gregor,
    I did two things:
    first i made a change in the portalapp.xml in the PAR file "com.sap.km.cm.par". In the section authentication scheme for "docs" I changed the authentication scheme to "default" to make sure that documents are opened using the default authentication scheme (SPNego) instead of basic authentication
    second, I used the SPNego wizard to configure SPNego. So I didn't adjust anything in the Visual Admin or the authentication template apart from adding the Template to the Ticket policy configuration.
    Again, this only worked after installing the latest vesion.
    Hope this helps
    Marcel

  • Remote users sending email - RBL and SMTP authentication

    I've read about the problem of using RBL's with remote Outlook IMAP/SMTP users who may be using dynamically assigned IP addresses. There is a good chance that they will be appear on the RBL and so not be able to send email via the GWIA.
    One work around is to have them send their email via their ISP's SMTP server, but this is a pain, because when they are back in the office, then need to switch their SMTP server back to the inhouse one.
    So on the GW 7.0.3 server running on SLES 10, I wondered if the one host could handle multiple GWIA's??
    1st existing GWIA:
    To handle the regular in/out email with RBL's protection on it.
    2nd new GWIA on a separate port but same IP address to handle just inbound email. This would be used by remote users and require authentication so no need for an RBL on it.
    Is this a sound approach?
    Any gotchas for setting up two gwia's on the one server and IP address besides separate ports?
    I am aware there is the option of using the Groupiwse client or webmail, but firstly these users don't want to change from 'LookOut" due to their address book synch with their mobile phones and secondly sometimes they like to use their smart phones for remote email synchronisation.

    Maybe I should simplify this a little...
    Can the one host handle multiple GWIA's??
    1st existing GWIA:
    To handle the regular in/out email with RBL's protection on it.
    2nd new GWIA on the same host and IP address, but on a separate port to handle just inbound email. This would be used by remote users and require authentication.

  • Can we provide UN and pwd Authentication 4r SMTP Mail Configuration

    Dear All,
    Previously we are able to send the mails from SAP to Outside World. After chaning the Mail Server to MS Exchange 2003
    We enabled the Port the 25.
    We are facing a problem While configuring a mail via SMTP for Exchange Server 2003.
    Throws an Error Message:
    Internal error: CL_SMTP_RESPONSE ESMTP error code is not known. 554 554 > : Recipient add
    As per network Team :
    Unless we provide a Username and password, the Send/Receive process does not happen.
    Is there any option in SAP - SMTP Mail Configuration to Provide user and password Authentication.
    I searched in SDN as well as in market place. but i could not succeed. Please guide me the process.
    Regards
    SNB.

    Hi we are configuring Google SMTP getting below error..
    No delivery to xxx.com, authentication required
    Message no. XS856
    Diagnosis
    The message was processed successfully in the SAP system. The mail server that is to receive the message for further processing requires authentication. Probably there is no logon data specified in the SAPconnect configuration.
    Information from external system (if available)
    smtp.gmail.com:587
    530 5.7.0 Must issue a STARTTLS command first. i91sm11178241qgd.25 - gsmtp
    Procedure
    Enter the logon data in the SAPconnect node.
    Using Gmail SMTP server using "smtp.gmail.com" with port 587
    Please advise.
    Regards,
    Sudarshan

  • Single Client Access Name for Weblogic Forms and Reports.

    I have a 2 node clustered system:
    Windows 2008 R2 64-bit
    Weblogic 10.3.3 (on each node)
    Weblogic Forms and Reports 11.1.1.3 (on each node)
    Database 11gR2 RAC 11.2.0.1 (on each node)
    The forms and reports are clustered and I can connect to each from each of the two servers and the cluster is working well.
    The database uses Single Client Access Name (SCAN) to present the database as if it were one server called dbserver1.
    I was wondering if there was a similar thing for Weblogic and what everyone else uses to present their application as a single name to the user.
    I tried using Windows Network Load Balancing, but this stops the database scan listeners from working.
    Thanks.

    Dear,
    Did you find an answer to your question back in 2009?
    We are facing the same installation architecture, but we do not find any concrete information regarding SCAN with Oracle Forms 11g
    Geert

  • Fusion Middleware 11g Weblogic, forms and Reports in Solaris  11 zone

    Hi,
    Any one Installed Fusion Middleware 11g Weblogic, forms and Reports on Solaris 11 zone ??
    So Pls Let me know Weblogic and Fusion Middleware 11g versions which are working
    I try
    Weblogic 10.3.3 Installed 64 Bit Went OK
    Fusion Middleware 11g 11.1.1.2.0 Errors While Relink few items like frmbldr etc
    Then Fusion Middleware 11g Patchset5 11.1.1.6 Still Same Errors Relink few items like frmbldr etc
    Then Cconfig.sh failed at create domain
    Regards

    Hi Deepak,
    Just config.sh or config.cmd file and try to change the JDK with in and try to configure new domain from there.
    Regards,
    Kal

Maybe you are looking for

  • Order of elements and events.

    INTRO Hi Oracle community. A while ago I started a thread here on the forum where I had put three different subjects to be treated. The user jsmith guided me saying that I was supposed to separate things, dividing each subject in a separate thread. T

  • Wired Guest Access

    Hi! I enabled Wired Guest Access to connect Wired Ethernet Users to WLC. It doesn't explained on user guide how WLC does? If WLC strips 802.3 frame and encapsultes it with 802.11 or not. Any way, I couldn't redirect the ethernet flux to WLC and then

  • BEx Application Error - ONGUIUNHANDLEDEXCEPTION

    Hi Experts, I have been having a VERY troublesome problem with BEx (Query Designer) that has severely impeded workflow. I'm in the process of creating several hundred Calculated Key Figures (CKF) that will be used to develop some reports. Yet after e

  • Trying to add items on iplayer

    Trying to add items on iplayer but it keeps coming up with this message add Adobe Reader to be installed which i have installed.  Any help would be good.

  • Adobe Flash for Windows x64

    Is their a genuine reason why this still isn't out.  I got thinking that if this was a Microsoft product Flash x64 would be out not long after Windows XP 64 bit came out but no years later we're still waiting on Adobe. I'm sure I can't be the only on