Weblogic identity assertion provider for apache

Similar Messages

• OAM Identity Asserter Provider Error:Unable to create the AccessGate entry

  Hi All,
  I have installed Oracle Access Manager and trying to protect an application deployed on weblogic application server.
  I have added the jar oamAuthnProvider in weblogic server lib mbeantypes and configured an OAM Identity Asserter Provider in myrealm. When I restart the weblogic server, I encounter the following error:
  <Error> <> <BEA-000000> <OAMAP-60516:Unableto create the AccessGate entry for identity assertion/authentication.>
  <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException
  : com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException.weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException
  When I remove the following section from config.xml, the server starts fine:
  <sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:oam-identity-asserterType">
  <n1:name xmlns:n1="http://www.bea.com/ns/weblogic/90/security">OAMID</n1:name>
  <n2:control-flag xmlns:n2="http://www.bea.com/ns/weblogic/90/security">REQUIRED</n2:control-flag>
  <ext:access-gate-name>MYAPP</ext:access-gate-name>
  <ext:primary-access-server>AccessServer</ext:primary-access-server>
  <ext:application-domain>MYDOMAIN.com</ext:application-domain>
  <ext:access-gate-password-encrypted>{AES}P3UIYbQpYupPs=</ext:access-gate-password-encrypted>
  </sec:authentication-provider>
  Has anyone come across this error before? Please suggest a workaround..
  Software versions being used:
  OAM 10.1.4.3
  Weblogic: 10.3.2
  Thanks
  Joe

  I am having the same problem on my WLS 10.3.4. running OSB 11g. I get the following error:
  tuning)'> <<WLS Kernel>> <> <> <1296595010528> <BEA-000000> <OAMAP-60516:Unable to create the AccessGate entry for identity assertion/authentication.>
  ####<Feb 1, 2011 1:16:50 PM PST> <Info> <Security> <WD-OR14P5A5W624> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1296595010528> <BEA-090511> <The following exception has occurred:
  com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException
       at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
       at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
       at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
       at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
       at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
       at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
       at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
       at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
       at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
       at weblogic.security.SecurityService.start(SecurityService.java:142)
       at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  I looked the error number up and it says:
  OAMAP-60516: Unable to create the AccessGate entry for identity assertion/authentication.
  Cause: AccessGate instance creation failed.
  Action: See the Identity Asserter/Authenticator log for details.
  Level: 1
  Type: ERROR
  Impact: Configuration
  This seems to indication my identity assertion is incorrect. My oam authentication provider is pretty simple.
  I am using OPEN transport security so the provider config is pretty simple. I provided an AccessGate pwd, primary and secondary access gate servers and Access Gate name provided by my administrator.
  I'm not sure about what the Application Domain field refers to. Can someone provide guidance on that?

• Custom asserter provider for Atuhentication Basic header.

  Hello,
  Is it possible to create an asserter provider to obtain the basic authentication header?
  I tried to create it by following the documentation: http://docs.oracle.com/cd/E23943_01/web.1111/e13718/ia.htm
  But when I configure a proxy from OSB to use "custom authentication" and select the header "Authorization", not take it.
  Thanks.

  I think it should be possible after turning off basic auth check on WLS by setting off enforce-valid-basic-auth-credentials in weblogic

• My custom identity asserter is ignored - what did I miss?

  Hello -
  My custom identity asserter's assertIdentity method is never called - even though I've verified that the correct token is added to the request header. I am hoping for some guidance as to what I am missing.
  1. I downloaded this sample app which uses ADF security: http://jdevsamples.googlecode.com/files/ADFSecurityWL.zip
  I changed the app to:
  - add a filter to dump request headers to System.out so I could verify that the token is correctly added to the request headers
  - changed the auth-method in web.xml from BASIC to CLIENT-CERT
  2. I also downloaded the sample authentication providers (for WLS 9.1) from here: https://codesamples.samplecode.oracle.com/servlets/tracking?id=S224
  and created a custom identity asserter based on the sample identity asserter provider in the app.
  3. I created an EAR file for the app and an mbean jar for the custom identity assertion provider.
  4. I added the mbean jar to the correct directory under weblogic, restarted weblogic, and created an instance of my provider in the security realm. I also reordered the providers so mine would be first (not sure if that matters). Then I restarted weblogic again. I verified that my provider was in the list of providers and that the chosen "Active Types" included my token type.
  5. I deployed the app EAR file to weblogic.
  6. I created a test program based on the test program in the sample providers download (above) and connected to the deployed app. I verified that the test program added the correct token to the request. My app's filter dumped the headers and I could see the token there.
  7. My custom identity assertion provider has System.out.println calls in the initialize() and assertIdentity() methods. I can see that the initialize() method is called when I start weblogic. However, I never see the assertIdentity() method's calls to System.out.println when I try to reach the app and those calls are the 1st thing in the method.
  8. I am using WebLogic Server version 10.3.3.0
  So, is there some obvious step I missed? (I am new to using WLS so it wouldn't surprise me if I got something really obvious wrong...)
  Thanks for reading my question,
  -- Scott

  Thanks Faisal.
  When I compared my mbean declaration with yours I discovered that I had set the Extends attribute to "weblogic.management.security.authentication.Authenticator" instead of "weblogic.management.security.authentication.IdentityAsserter". Using the correct value fixed my problem.

• Identiy Assertion Provider

  What is the recommended way to access a database from an identity assertion provider?

  For assert identity the caller should have admin privs. Depending on how the client
  obtains and communicate with the EJB you have the option to setup a <run-as> tag
  then map the role to an admin user via <run-as-role-assignment> using the deployment
  descriptors.
  -Craig
  "Claude" <[email protected]> wrote:
  >
  Thank you for your answer !
  I had not thought of building a custom "UsernamePassword" authenticator
  and use
  the password as token. It seams to be a good simple way of solving the
  problem.
  The EJB that accepts a token as parameter is interesting as well (especially
  if
  they are
  performance issues). Are you sure that the class
  weblogic.security.services.Authentication is suitable to be called from
  an EJB?
  Thanks, Claude
  "Craig" <[email protected]> wrote:
  I don't know of many uses outside of WebService or WebApp except when
  using 2-way
  SSL where the client certificate can be used to assert identity.
  You could write an EJB that accepted the token and then the EJB would
  programmatically
  call identity assertion. Or if you had a custom authenticator you could
  take the
  token as the "password".
  http://edocs.bea.com/wls/docs81/javadocs/weblogic/security/services/Authentication.html
  -Craig
  "Claude" <[email protected]> wrote:
  Hello
  I'm wondering whether an Identity Assertion Provider can be used with
  a Java-client
  or
  if they are only for Web-clients (or Web-services).
  I'm also wondering how the client sends its token (through the credential
  set
  of the JAAS
  subject ?).
  Thanks
  Claude

• Publisher 11g and Identity Asserter

  How do you integrate publisher 11g with a custom weblogic identity asserter? From what I have been told so far, integration cannot be performed via the publisher administrative interfaces. It must be performed via configuration files on the server. There is no documentation on this subject yet. Has anyone performed the configuration that would be willing to share their experiences and configurations?
  FYI, any attempt to utilize the identity asserter in the default publisher configuration will result in java errors in the server log and a 500 error in the browser.

  Any security configuration must be under certified products so you can be confident they should work 100%. Otherwise
  any issues you find under NOT certified products may not work and Oracle Support will not be able to help you.
  As you describe the configuration you are trying to set is not certified and therefore the issues you find will probably
  never be resolved.
  References:
  1. Setting Security in BIEE 11g:
  http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/intromartin.htm#CJHFBCBA
  2. List of Certified products for BIEE11g:
  http://www.oracle.com/technetwork/middleware/bi-enterprise-edition/bi-11gr1certmatrix-166168.xls
  (Non Oracle ID and Access Mgmt tab)
  If you configure BI Publisher 11g as Standalone then the list of Security Modes are:
  - Oracle DB
  - Siebel
  - EBusiness Suite
  - BI Publisher
  - LDAP
  - Fusion Middleware
  regards
  Jorge

• How to pass back Subject do Client app after authentication via identity assertion

  I have developed an Identity Assertion Provider based on
  SampleIdentityAsserterProviderImpl provided by BEA.
  It seams that all works fine, but I don't now how to pass back authenticated
  Subject to client application in order to call methods runAs(Subject,
  PrivillegedAction). I have tried build Subject from
  connection.getInputStream() but when I use Subject constructed in that way I
  have received an error:
  lava.lang.SecurityException: Invalid Subject: principals=[user, usergroup1,
  usergroup1]
  Thanks in advance for any suggestions.
  Jerzy Nawrot

  Hi,
  as per the below comment.
  We want to change this and do this dynamic way so that the XCM configuration application can read these dynamic parameters and behave accordingly(like customers with different languages, client systems etc). This is the 1st part .
  You have to use different scanrios to be set in XCM like (customer specific to language, and client), and that to be passed in
  Where language specifications should maintained in XCM settings only. also to be noted that Product catalog for those should also maintain in that specific language.
  "/init.do?scenario=value2;
  The 2nd part leading this scenario is after the portal user successfully lands into ISA application, if the user needs to go back to the WDP java screen, would the JSP based ISA application be able to navigate back to the original WD Java iView Screen. ? or would it open in a new window ? (probably this can be set to be launched in same window)
  I am not sure, but if you go back to WD from ISA , ISA Session will die.
  Let me know if you have any further queries.
  Regards,
  Devender V

• Oracle Identity Server Authenticator as Security Provider for Weblogic 10.3

  Hi,
  I am getting the following exception on weblogic server 10.1.3 console when accessing users and groups in security realm. This can be reproduced using the following steps.
  1. I have installed Oracle Identity Management 10.1.4 (Oracle SSO). I have installed Oracle SSO using the default port options. I tested accessing the Internet directory using orcladmin user and it is working with out any problems.
  2. Installed Oracle weblogic Server 10.1.3 and then installed ADF runtime. I verified the installation by accessing the admin server console and did not find any issues.
  3. Opened the Admin Console and then accessed the Security Realms and then selected myrealm. Then selected Providers and added Oracle Internet directory Authentication provider.
  4. configured the provider specific parameters like the host name and port number (389).
  Now when I select user and groups tab I am getting the following exception on weblogic adminserver command prompt console.
  Am I missing any steps in configuring Oracle Internet directory authenitcaiton provider for weblogic 10.3.1
  <Oct 13, 2009 8:33:21 PM EDT> <Error> <Console> <BEA-240003> <Console encountere
  d the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
  at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3224)
  at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2248)
  at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
  at weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBeanImpl.listUsers(OracleInternetDirectoryAuthenticatorMBeanImpl.java:221)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
  at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
  at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
  at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
  at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
  at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:314)
  at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
  at java.security.AccessController.doPrivileged(Native Method)
  at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
  at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
  at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
  at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
  at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
  at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
  at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
  at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
  at javax.management.remote.rmi.RMIConnectionImpl_1031_WLStub.invoke(Unknown Source)
  at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978)
  at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
  at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
  at $Proxy106.listUsers(Unknown Source)
  at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
  at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
  at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
  at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
  at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
  at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:262)
  at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
  at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
  at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
  at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
  at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
  at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
  at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
  at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
  at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
  at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
  at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
  at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
  at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
  at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
       at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
  at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
  at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
  at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
  at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
  at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
  at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
  at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
  at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
  at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: java.lang.reflect.InvocationTargetException
  at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3890)
  at weblogic.security.utils.Pool.newInstance(Pool.java:37)
       at weblogic.security.utils.Pool.getInstance(Pool.java:33)
  at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
  ... 119 more
  Caused by: netscape.ldap.LDAPException: error result (49)
  at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
  at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
  at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
  at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
  at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
  at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3860)
  ... 122 more
  Thanks and Regards,
  S R Prasad

  The problem has been resolved after providing OID admin user creadential with cn=orcladmin instead of orcladmin. The Security:090294 is related to OID credentials.
  Regards,
  S R Prasad

• Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1

  Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
  Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
  2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
  e in ap_table
  2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
  y (com.sun.am.policy.agents.accessDeniedURL) specified
  2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
  d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
  nied (20)
  2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
  d access to http://xx.xx.xx.net:8080/.
  2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
  s denied to testuser1
  We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
  Any suggestions would be of great help.
  Thanks,
  Sunil.

  From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
  information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
  security.provider.1=sun.security.provider.Sun
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry

• Weblogic plugin for Apache 2.2

  Where should I download the weblogic plugin for Apache 2.2?
  I'm running WL 10.3 on windows xp.
  Please provide the link .
  Thanks,
  sripos

  Hi
  On this link, click Accept license and go all the way to bottom and click on All Versions link named next to "Oracle WebLogic Server Web Server Plugins 1.1"
  http://www.oracle.com/technetwork/middleware/weblogic/downloads/wls-main-097127.html
  That click should open this below link. Accept the license and Download the zip file. Then follow the instructions.
  http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html
  Thanks
  Ravi Jegga

• Overriding default errror page for Apache-Weblogic bridge

  I am writing this problem again as nobody has replied me with any solution.
  I want to overide the default error page that comes up when weblogic is down
  for some reason in apache-weblogic bridge. I looked into the weblogic
  documentation and specfied the following in the apache configuration file
  ErrorPage http://www.domain.com/systemerror.html
  But for some reason it is not able to locate the domain as well as the page.
  But if try the same url in the browser, it works. Please help.
  Rakesh

  I am using the plugin and using the error page successfully. Apache and WL
  use the same document root, and the error page is located within the
  document root:
  Within the httpd.conf, I have:
  <IfModule mod_weblogic.c>
  # Config file for WebLogic which defines parameters for plugin
  Include conf/weblogic.conf
  </IfModule>
  Within the weblogic.conf, I have:
  ErrorPage unavailable.html
  Provide your configuration settings.
  "Rakesh Gupta" <[email protected]> wrote in message
  news:39d3bcd3$[email protected]..
  Well, we are using weblogic supplied apache plugin and I am following all
  the steps that is specified in setting up apache plugins in weblogic
  documentation. I do not think it is apache network problem as apache is
  working fine.
  The think the problem is somewhere in the weblogic-apache plugin module.
  "Jesse E Tilly" <[email protected]> wrote in message
  news:[email protected]..
  [email protected] (Rakesh Gupta) wrote in <[email protected]>:
  I am writing this problem again as nobody has replied me with any
  solution.
  I want to overide the default error page that comes up when weblogic is
  down for some reason in apache-weblogic bridge. I looked into the
  weblogic documentation and specfied the following in the apache
  configuration file
  ErrorPage http://www.domain.com/systemerror.html
  But for some reason it is not able to locate the domain as well as the
  page. But if try the same url in the browser, it works. Please help.
  Rakesh
  as worded, that sounds like a network setup problem on the apache server
  side.
  however, it seems that you want a server-connection-timeout error toreturn
  an specific error page via the plug-in. This all depends on how theplugin
  works. If it is how I think it works, there needs to be an INI
  setting
  to sepcify a page. Why? Because the plug-in effectively has control of
  the response. It either needs a way hand control back to the web serveror
  needs to have error pages of its own.
  BEA?
  Jesse

• Re: Overriding default errror page for Apache-Weblogic

  I am writing this problem again as nobody has replied me with any solution.
  I want to overide the default error page that comes up when weblogic is down
  for some reason in apache-weblogic bridge. I looked into the weblogic
  documentation and specfied the following in the apache configuration file
  ErrorPage http://www.domain.com/systemerror.html
  But for some reason it is not able to locate the domain as well as the page.
  But if try the same url in the browser, it works. Please help.
  Rakesh

  I am using the plugin and using the error page successfully. Apache and WL
  use the same document root, and the error page is located within the
  document root:
  Within the httpd.conf, I have:
  <IfModule mod_weblogic.c>
  # Config file for WebLogic which defines parameters for plugin
  Include conf/weblogic.conf
  </IfModule>
  Within the weblogic.conf, I have:
  ErrorPage unavailable.html
  Provide your configuration settings.
  "Rakesh Gupta" <[email protected]> wrote in message
  news:39d3bcd3$[email protected]..
  Well, we are using weblogic supplied apache plugin and I am following all
  the steps that is specified in setting up apache plugins in weblogic
  documentation. I do not think it is apache network problem as apache is
  working fine.
  The think the problem is somewhere in the weblogic-apache plugin module.
  "Jesse E Tilly" <[email protected]> wrote in message
  news:[email protected]..
  [email protected] (Rakesh Gupta) wrote in <[email protected]>:
  I am writing this problem again as nobody has replied me with any
  solution.
  I want to overide the default error page that comes up when weblogic is
  down for some reason in apache-weblogic bridge. I looked into the
  weblogic documentation and specfied the following in the apache
  configuration file
  ErrorPage http://www.domain.com/systemerror.html
  But for some reason it is not able to locate the domain as well as the
  page. But if try the same url in the browser, it works. Please help.
  Rakesh
  as worded, that sounds like a network setup problem on the apache server
  side.
  however, it seems that you want a server-connection-timeout error toreturn
  an specific error page via the plug-in. This all depends on how theplugin
  works. If it is how I think it works, there needs to be an INI
  setting
  to sepcify a page. Why? Because the plug-in effectively has control of
  the response. It either needs a way hand control back to the web serveror
  needs to have error pages of its own.
  BEA?
  Jesse

• Can PeopleSoft act as a Identity Provider for Federation?

  Hi All,
  We would like to know about a trust federation (SSO) with PeopleSoft and following is my question:
  Can we use PeopleSoft as a Identity Provider for Federation Scenarios? we would like to onboard PeopleSoft as a Identity Provider for Microsoft ADFS v2, in this regard we want to know whether PeopleSoft expose a FederationMetadata.XML to any Federation Service providers that are there in exisisting market...?
  ADFS : Active Directory Federation Services
  Thanks & Regards,
  VDeevi.

  As of SAP IdM 7.20 (which runs as a component on the SAP Java Application Server) SAML 2.0 as identity provider is supported.
  So it is not just any SAP J2EE system (e.g. EP) and also not all releases.
  I was also disappointed by this
  Cheers,
  Julius

• [svn:bz-trunk] 17920: Fix for WebLogic: WebLogic does not provide File IO on the deployed artifacts hence using getResourceAsStream .

  Revision: 17920
  Revision: 17920
  Author:   [email protected]
  Date:     2010-09-29 05:56:06 -0700 (Wed, 29 Sep 2010)
  Log Message:
  Fix for WebLogic: WebLogic does not provide File IO on the deployed artifacts hence using getResourceAsStream.
  Modified Paths:
      blazeds/trunk/apps/samples/WEB-INF/src/flex/samples/marketdata/Portfolio.java

  check the server log;
  /app/oracle/product/fwm11g/user_projects/domains/fwm_domain/servers/AdminServer/logs/AdminServer.log
  you can launch the console and see if it is running; http://<server>:<port>/console

• Where can i download the weblogic modules for apache (source/precompiled)

  I have wandered the wonderfull world of the BEA website for 2 full days now and still am not an inch closer to de download site for the weblogic module for apache. That is, i have apache and need to add the weblogic module to it.
  Complications are Solaris 10 and apache 2.0.55. So the latest versions of OS and webserver. Is there a precompiled module available or can i get the sources somewhere?
  I do have a working module for apache 2.0.53 if someone can confirm that this is supported for 55 that would be fine by me.

  At times when the sources were available I tried to build it on a "new" platform (Solaris x86 32bit) and I can tell you: it's NOTHING that is obvious. Building OpenOffice or Mozilla may appear like an easy task. It took me months to get there and to be able to just build the 'build tools'.
  On top, many of the sources are (historically) written in a Pascal dialect and are transferred to C with an own precompiler so there are three languages used (C, C++ and Pascal)  - so it's a pretty hard (next to impossible) job to learn some algorithms from those sources.
  See also here:
  http://cjcollier.livejournal.com/177628.html
  http://home.snafu.de/~dittmar/sapdbdev/
  and just to get an idea of the modules and their structure:
  http://home.snafu.de/~dittmar/sapdbdev/sapdbModules.txt
  Markus