Weblogic identity assertion provider for apache
I am using apache reverse proxy to handle the user authentication. My work env. is
a) apache reverse proxy
b) mod_auth_tkt (single sign on module for apache)
c) weblogic portal server
once the user is authenticated against mod_auth_tkt/active directory, apache generates cookie/ticket based on MD5 checksum.
I need to pass the credentials from apache to weblogic.
My question is
a) Can I use any weblogic identity assertion provider which comes weblogic server product or do i have to develop custom weblogic identity assertion provider. Please advise
Thanks
Prabu
*1-Can you please double check that your latest version of your web application is deployed ?*
I have checked the application and can confirm that the correct application is deployed. With the auth-method as just BASIC (no CLIENT-CERT) I see the following behaviour:
- With a Negotiate Identity Asserter Provider I see both WWW-Authenticate: Negotiate and WWW-Authenticate: Basic
- Without a Negotiate Identity Asserter Provider I see just WWW-Authenticate: Basic
*2-I believe there is no intermediary web server (like IIS) between your client and WLS ? A third part may add additional authentication request in the http header. If there is an intermediary exist, can you please avoid it for your tests.*
I can confirm that there is no intermediary server between me and Weblogic.
*3-Can you please check "weblogic.security.enableNegotiate" system parameter value. If it is true can you please set it to false and test your app again ?*
I have weblogic.security.enableNegotiate set to true. I tried setting it to false and it seems I still see the same behaviour I described above in my answer to question 1.
*3-Although I'm quite sure that Negotiate Identity Assertion Provider would not work for your app, can you please remove it and repeat your tests again. If you detect that it's because of the Negotiate Identity Assertion Provider, that you can consider open a bug request in Oracle Support system.*
When I remove the Negotiate Identity Assertion Provider, I no longer see a WWW-Authenticate: Negotiate challenge in the response.
Edited by: user1992925 on 16/05/2010 17:06
Similar Messages
-
OAM Identity Asserter Provider Error:Unable to create the AccessGate entry
Hi All,
I have installed Oracle Access Manager and trying to protect an application deployed on weblogic application server.
I have added the jar oamAuthnProvider in weblogic server lib mbeantypes and configured an OAM Identity Asserter Provider in myrealm. When I restart the weblogic server, I encounter the following error:
<Error> <> <BEA-000000> <OAMAP-60516:Unableto create the AccessGate entry for identity assertion/authentication.>
<Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException
: com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException.weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException
When I remove the following section from config.xml, the server starts fine:
<sec:authentication-provider xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:oam-identity-asserterType">
<n1:name xmlns:n1="http://www.bea.com/ns/weblogic/90/security">OAMID</n1:name>
<n2:control-flag xmlns:n2="http://www.bea.com/ns/weblogic/90/security">REQUIRED</n2:control-flag>
<ext:access-gate-name>MYAPP</ext:access-gate-name>
<ext:primary-access-server>AccessServer</ext:primary-access-server>
<ext:application-domain>MYDOMAIN.com</ext:application-domain>
<ext:access-gate-password-encrypted>{AES}P3UIYbQpYupPs=</ext:access-gate-password-encrypted>
</sec:authentication-provider>
Has anyone come across this error before? Please suggest a workaround..
Software versions being used:
OAM 10.1.4.3
Weblogic: 10.3.2
Thanks
JoeI am having the same problem on my WLS 10.3.4. running OSB 11g. I get the following error:
tuning)'> <<WLS Kernel>> <> <> <1296595010528> <BEA-000000> <OAMAP-60516:Unable to create the AccessGate entry for identity assertion/authentication.>
####<Feb 1, 2011 1:16:50 PM PST> <Info> <Security> <WD-OR14P5A5W624> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1296595010528> <BEA-090511> <The following exception has occurred:
com.bea.common.engine.ServiceInitializationException: java.lang.RuntimeException
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)
at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)
at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)
at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)
at weblogic.security.service.internal.WLSIdentityServiceImpl.initialize(WLSIdentityServiceImpl.java:47)
at weblogic.security.service.CSSWLSDelegateImpl.initializeServiceEngine(CSSWLSDelegateImpl.java:300)
at weblogic.security.service.CSSWLSDelegateImpl.initialize(CSSWLSDelegateImpl.java:222)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.InitializeServiceEngine(CommonSecurityServiceManagerDelegateImpl.java:1784)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:445)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:840)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1030)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:881)
at weblogic.security.SecurityService.start(SecurityService.java:142)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
I looked the error number up and it says:
OAMAP-60516: Unable to create the AccessGate entry for identity assertion/authentication.
Cause: AccessGate instance creation failed.
Action: See the Identity Asserter/Authenticator log for details.
Level: 1
Type: ERROR
Impact: Configuration
This seems to indication my identity assertion is incorrect. My oam authentication provider is pretty simple.
I am using OPEN transport security so the provider config is pretty simple. I provided an AccessGate pwd, primary and secondary access gate servers and Access Gate name provided by my administrator.
I'm not sure about what the Application Domain field refers to. Can someone provide guidance on that? -
Custom asserter provider for Atuhentication Basic header.
Hello,
Is it possible to create an asserter provider to obtain the basic authentication header?
I tried to create it by following the documentation: http://docs.oracle.com/cd/E23943_01/web.1111/e13718/ia.htm
But when I configure a proxy from OSB to use "custom authentication" and select the header "Authorization", not take it.
Thanks.I think it should be possible after turning off basic auth check on WLS by setting off enforce-valid-basic-auth-credentials in weblogic
-
My custom identity asserter is ignored - what did I miss?
Hello -
My custom identity asserter's assertIdentity method is never called - even though I've verified that the correct token is added to the request header. I am hoping for some guidance as to what I am missing.
1. I downloaded this sample app which uses ADF security: http://jdevsamples.googlecode.com/files/ADFSecurityWL.zip
I changed the app to:
- add a filter to dump request headers to System.out so I could verify that the token is correctly added to the request headers
- changed the auth-method in web.xml from BASIC to CLIENT-CERT
2. I also downloaded the sample authentication providers (for WLS 9.1) from here: https://codesamples.samplecode.oracle.com/servlets/tracking?id=S224
and created a custom identity asserter based on the sample identity asserter provider in the app.
3. I created an EAR file for the app and an mbean jar for the custom identity assertion provider.
4. I added the mbean jar to the correct directory under weblogic, restarted weblogic, and created an instance of my provider in the security realm. I also reordered the providers so mine would be first (not sure if that matters). Then I restarted weblogic again. I verified that my provider was in the list of providers and that the chosen "Active Types" included my token type.
5. I deployed the app EAR file to weblogic.
6. I created a test program based on the test program in the sample providers download (above) and connected to the deployed app. I verified that the test program added the correct token to the request. My app's filter dumped the headers and I could see the token there.
7. My custom identity assertion provider has System.out.println calls in the initialize() and assertIdentity() methods. I can see that the initialize() method is called when I start weblogic. However, I never see the assertIdentity() method's calls to System.out.println when I try to reach the app and those calls are the 1st thing in the method.
8. I am using WebLogic Server version 10.3.3.0
So, is there some obvious step I missed? (I am new to using WLS so it wouldn't surprise me if I got something really obvious wrong...)
Thanks for reading my question,
-- ScottThanks Faisal.
When I compared my mbean declaration with yours I discovered that I had set the Extends attribute to "weblogic.management.security.authentication.Authenticator" instead of "weblogic.management.security.authentication.IdentityAsserter". Using the correct value fixed my problem. -
What is the recommended way to access a database from an identity assertion provider?
For assert identity the caller should have admin privs. Depending on how the client
obtains and communicate with the EJB you have the option to setup a <run-as> tag
then map the role to an admin user via <run-as-role-assignment> using the deployment
descriptors.
-Craig
"Claude" <[email protected]> wrote:
>
Thank you for your answer !
I had not thought of building a custom "UsernamePassword" authenticator
and use
the password as token. It seams to be a good simple way of solving the
problem.
The EJB that accepts a token as parameter is interesting as well (especially
if
they are
performance issues). Are you sure that the class
weblogic.security.services.Authentication is suitable to be called from
an EJB?
Thanks, Claude
"Craig" <[email protected]> wrote:
I don't know of many uses outside of WebService or WebApp except when
using 2-way
SSL where the client certificate can be used to assert identity.
You could write an EJB that accepted the token and then the EJB would
programmatically
call identity assertion. Or if you had a custom authenticator you could
take the
token as the "password".
http://edocs.bea.com/wls/docs81/javadocs/weblogic/security/services/Authentication.html
-Craig
"Claude" <[email protected]> wrote:
Hello
I'm wondering whether an Identity Assertion Provider can be used with
a Java-client
or
if they are only for Web-clients (or Web-services).
I'm also wondering how the client sends its token (through the credential
set
of the JAAS
subject ?).
Thanks
Claude -
Publisher 11g and Identity Asserter
How do you integrate publisher 11g with a custom weblogic identity asserter? From what I have been told so far, integration cannot be performed via the publisher administrative interfaces. It must be performed via configuration files on the server. There is no documentation on this subject yet. Has anyone performed the configuration that would be willing to share their experiences and configurations?
FYI, any attempt to utilize the identity asserter in the default publisher configuration will result in java errors in the server log and a 500 error in the browser.Any security configuration must be under certified products so you can be confident they should work 100%. Otherwise
any issues you find under NOT certified products may not work and Oracle Support will not be able to help you.
As you describe the configuration you are trying to set is not certified and therefore the issues you find will probably
never be resolved.
References:
1. Setting Security in BIEE 11g:
http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/intromartin.htm#CJHFBCBA
2. List of Certified products for BIEE11g:
http://www.oracle.com/technetwork/middleware/bi-enterprise-edition/bi-11gr1certmatrix-166168.xls
(Non Oracle ID and Access Mgmt tab)
If you configure BI Publisher 11g as Standalone then the list of Security Modes are:
- Oracle DB
- Siebel
- EBusiness Suite
- BI Publisher
- LDAP
- Fusion Middleware
regards
Jorge -
How to pass back Subject do Client app after authentication via identity assertion
I have developed an Identity Assertion Provider based on
SampleIdentityAsserterProviderImpl provided by BEA.
It seams that all works fine, but I don't now how to pass back authenticated
Subject to client application in order to call methods runAs(Subject,
PrivillegedAction). I have tried build Subject from
connection.getInputStream() but when I use Subject constructed in that way I
have received an error:
lava.lang.SecurityException: Invalid Subject: principals=[user, usergroup1,
usergroup1]
Thanks in advance for any suggestions.
Jerzy NawrotHi,
as per the below comment.
We want to change this and do this dynamic way so that the XCM configuration application can read these dynamic parameters and behave accordingly(like customers with different languages, client systems etc). This is the 1st part .
You have to use different scanrios to be set in XCM like (customer specific to language, and client), and that to be passed in
Where language specifications should maintained in XCM settings only. also to be noted that Product catalog for those should also maintain in that specific language.
"/init.do?scenario=value2;
The 2nd part leading this scenario is after the portal user successfully lands into ISA application, if the user needs to go back to the WDP java screen, would the JSP based ISA application be able to navigate back to the original WD Java iView Screen. ? or would it open in a new window ? (probably this can be set to be launched in same window)
I am not sure, but if you go back to WD from ISA , ISA Session will die.
Let me know if you have any further queries.
Regards,
Devender V -
Oracle Identity Server Authenticator as Security Provider for Weblogic 10.3
Hi,
I am getting the following exception on weblogic server 10.1.3 console when accessing users and groups in security realm. This can be reproduced using the following steps.
1. I have installed Oracle Identity Management 10.1.4 (Oracle SSO). I have installed Oracle SSO using the default port options. I tested accessing the Internet directory using orcladmin user and it is working with out any problems.
2. Installed Oracle weblogic Server 10.1.3 and then installed ADF runtime. I verified the installation by accessing the admin server console and did not find any issues.
3. Opened the Admin Console and then accessed the Security Realms and then selected myrealm. Then selected Providers and added Oracle Internet directory Authentication provider.
4. configured the provider specific parameters like the host name and port number (389).
Now when I select user and groups tab I am getting the following exception on weblogic adminserver command prompt console.
Am I missing any steps in configuring Oracle Internet directory authenitcaiton provider for weblogic 10.3.1
<Oct 13, 2009 8:33:21 PM EDT> <Error> <Console> <BEA-240003> <Console encountere
d the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3224)
at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2248)
at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
at weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBeanImpl.listUsers(OracleInternetDirectoryAuthenticatorMBeanImpl.java:221)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:314)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
at java.security.AccessController.doPrivileged(Native Method)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
at javax.management.remote.rmi.RMIConnectionImpl_1031_WLStub.invoke(Unknown Source)
at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978)
at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
at $Proxy106.listUsers(Unknown Source)
at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:262)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.reflect.InvocationTargetException
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3890)
at weblogic.security.utils.Pool.newInstance(Pool.java:37)
at weblogic.security.utils.Pool.getInstance(Pool.java:33)
at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
... 119 more
Caused by: netscape.ldap.LDAPException: error result (49)
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3860)
... 122 more
Thanks and Regards,
S R PrasadThe problem has been resolved after providing OID admin user creadential with cn=orcladmin instead of orcladmin. The Security:090294 is related to OID credentials.
Regards,
S R Prasad -
Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
Web Policy Agent 2.1 for Apache 1.3.27 with Identity Server 6.1
Does anybody has a working combination of the above ? I get a ID login page and after that I always get a access denied page. I get this exception on the agent logs:
2004-10-14 16:28:00.917 Warning 6347:c1818 PolicyAgent: in get_cookie: no cooki
e in ap_table
2004-10-14 16:28:01.895 Warning 6359:c1818 PolicyAgent: Invalid URL for propert
y (com.sun.am.policy.agents.accessDeniedURL) specified
2004-10-14 16:28:56.742 Warning 6349:c1818 PolicyAgent: am_web_is_access_allowe
d(http://xx.xx.xx.net:8080/, GET) denying access: status = access de
nied (20)
2004-10-14 16:28:56.743 128 6349:c1818 RemoteLog: User testuser1 was denie
d access to http://xx.xx.xx.net:8080/.
2004-10-14 16:28:56.831 -1 6349:c1818 PolicyAgent: URL Access Agent: acces
s denied to testuser1
We can ignore Invalid URL property part because its just looking for a custom url in place there. I have cookies enabled in my browser. I even turned on the prompt option. No luck yet.
Any suggestions would be of great help.
Thanks,
Sunil.From your description, since the agent installs file with a different JRE, I would suspect it has something to do with the availability of JCE provider in the first JRE. By default, WebSphere's JRE is equipped with IBM JCE provider which is what the agent uses to encrypt the necessary
information. If this provider is not configured correctly it could result in the error that you are seeing. Please check the WebSphere installation and make sure that the JRE used by it has the necessary IBM JCE provider configured. The java.security file for this should contain something like:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.IBMJSSEProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
Also, make sure that when you are installing the agent you specify the Java Home as prompted by the agent to point to the location where this JRE is installed. Typically this is under WebSphere/AppServer/java directory. HTH, Jerry -
Weblogic plugin for Apache 2.2
Where should I download the weblogic plugin for Apache 2.2?
I'm running WL 10.3 on windows xp.
Please provide the link .
Thanks,
sriposHi
On this link, click Accept license and go all the way to bottom and click on All Versions link named next to "Oracle WebLogic Server Web Server Plugins 1.1"
http://www.oracle.com/technetwork/middleware/weblogic/downloads/wls-main-097127.html
That click should open this below link. Accept the license and Download the zip file. Then follow the instructions.
http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html
Thanks
Ravi Jegga -
Overriding default errror page for Apache-Weblogic bridge
I am writing this problem again as nobody has replied me with any solution.
I want to overide the default error page that comes up when weblogic is down
for some reason in apache-weblogic bridge. I looked into the weblogic
documentation and specfied the following in the apache configuration file
ErrorPage http://www.domain.com/systemerror.html
But for some reason it is not able to locate the domain as well as the page.
But if try the same url in the browser, it works. Please help.
RakeshI am using the plugin and using the error page successfully. Apache and WL
use the same document root, and the error page is located within the
document root:
Within the httpd.conf, I have:
<IfModule mod_weblogic.c>
# Config file for WebLogic which defines parameters for plugin
Include conf/weblogic.conf
</IfModule>
Within the weblogic.conf, I have:
ErrorPage unavailable.html
Provide your configuration settings.
"Rakesh Gupta" <[email protected]> wrote in message
news:39d3bcd3$[email protected]..
Well, we are using weblogic supplied apache plugin and I am following all
the steps that is specified in setting up apache plugins in weblogic
documentation. I do not think it is apache network problem as apache is
working fine.
The think the problem is somewhere in the weblogic-apache plugin module.
"Jesse E Tilly" <[email protected]> wrote in message
news:[email protected]..
[email protected] (Rakesh Gupta) wrote in <[email protected]>:
I am writing this problem again as nobody has replied me with any
solution.
I want to overide the default error page that comes up when weblogic is
down for some reason in apache-weblogic bridge. I looked into the
weblogic documentation and specfied the following in the apache
configuration file
ErrorPage http://www.domain.com/systemerror.html
But for some reason it is not able to locate the domain as well as the
page. But if try the same url in the browser, it works. Please help.
Rakesh
as worded, that sounds like a network setup problem on the apache server
side.
however, it seems that you want a server-connection-timeout error toreturn
an specific error page via the plug-in. This all depends on how theplugin
works. If it is how I think it works, there needs to be an INI
setting
to sepcify a page. Why? Because the plug-in effectively has control of
the response. It either needs a way hand control back to the web serveror
needs to have error pages of its own.
BEA?
Jesse -
Re: Overriding default errror page for Apache-Weblogic
I am writing this problem again as nobody has replied me with any solution.
I want to overide the default error page that comes up when weblogic is down
for some reason in apache-weblogic bridge. I looked into the weblogic
documentation and specfied the following in the apache configuration file
ErrorPage http://www.domain.com/systemerror.html
But for some reason it is not able to locate the domain as well as the page.
But if try the same url in the browser, it works. Please help.
RakeshI am using the plugin and using the error page successfully. Apache and WL
use the same document root, and the error page is located within the
document root:
Within the httpd.conf, I have:
<IfModule mod_weblogic.c>
# Config file for WebLogic which defines parameters for plugin
Include conf/weblogic.conf
</IfModule>
Within the weblogic.conf, I have:
ErrorPage unavailable.html
Provide your configuration settings.
"Rakesh Gupta" <[email protected]> wrote in message
news:39d3bcd3$[email protected]..
Well, we are using weblogic supplied apache plugin and I am following all
the steps that is specified in setting up apache plugins in weblogic
documentation. I do not think it is apache network problem as apache is
working fine.
The think the problem is somewhere in the weblogic-apache plugin module.
"Jesse E Tilly" <[email protected]> wrote in message
news:[email protected]..
[email protected] (Rakesh Gupta) wrote in <[email protected]>:
I am writing this problem again as nobody has replied me with any
solution.
I want to overide the default error page that comes up when weblogic is
down for some reason in apache-weblogic bridge. I looked into the
weblogic documentation and specfied the following in the apache
configuration file
ErrorPage http://www.domain.com/systemerror.html
But for some reason it is not able to locate the domain as well as the
page. But if try the same url in the browser, it works. Please help.
Rakesh
as worded, that sounds like a network setup problem on the apache server
side.
however, it seems that you want a server-connection-timeout error toreturn
an specific error page via the plug-in. This all depends on how theplugin
works. If it is how I think it works, there needs to be an INI
setting
to sepcify a page. Why? Because the plug-in effectively has control of
the response. It either needs a way hand control back to the web serveror
needs to have error pages of its own.
BEA?
Jesse -
Can PeopleSoft act as a Identity Provider for Federation?
Hi All,
We would like to know about a trust federation (SSO) with PeopleSoft and following is my question:
Can we use PeopleSoft as a Identity Provider for Federation Scenarios? we would like to onboard PeopleSoft as a Identity Provider for Microsoft ADFS v2, in this regard we want to know whether PeopleSoft expose a FederationMetadata.XML to any Federation Service providers that are there in exisisting market...?
ADFS : Active Directory Federation Services
Thanks & Regards,
VDeevi.As of SAP IdM 7.20 (which runs as a component on the SAP Java Application Server) SAML 2.0 as identity provider is supported.
So it is not just any SAP J2EE system (e.g. EP) and also not all releases.
I was also disappointed by this
Cheers,
Julius -
Revision: 17920
Revision: 17920
Author: [email protected]
Date: 2010-09-29 05:56:06 -0700 (Wed, 29 Sep 2010)
Log Message:
Fix for WebLogic: WebLogic does not provide File IO on the deployed artifacts hence using getResourceAsStream.
Modified Paths:
blazeds/trunk/apps/samples/WEB-INF/src/flex/samples/marketdata/Portfolio.javacheck the server log;
/app/oracle/product/fwm11g/user_projects/domains/fwm_domain/servers/AdminServer/logs/AdminServer.log
you can launch the console and see if it is running; http://<server>:<port>/console -
Where can i download the weblogic modules for apache (source/precompiled)
I have wandered the wonderfull world of the BEA website for 2 full days now and still am not an inch closer to de download site for the weblogic module for apache. That is, i have apache and need to add the weblogic module to it.
Complications are Solaris 10 and apache 2.0.55. So the latest versions of OS and webserver. Is there a precompiled module available or can i get the sources somewhere?
I do have a working module for apache 2.0.53 if someone can confirm that this is supported for 55 that would be fine by me.At times when the sources were available I tried to build it on a "new" platform (Solaris x86 32bit) and I can tell you: it's NOTHING that is obvious. Building OpenOffice or Mozilla may appear like an easy task. It took me months to get there and to be able to just build the 'build tools'.
On top, many of the sources are (historically) written in a Pascal dialect and are transferred to C with an own precompiler so there are three languages used (C, C++ and Pascal) - so it's a pretty hard (next to impossible) job to learn some algorithms from those sources.
See also here:
http://cjcollier.livejournal.com/177628.html
http://home.snafu.de/~dittmar/sapdbdev/
and just to get an idea of the modules and their structure:
http://home.snafu.de/~dittmar/sapdbdev/sapdbModules.txt
Markus
Maybe you are looking for
-
Using Bind variables in SQL PLUS Report
using Bind variables in SQL PLUS Report. This report gets the arguments from the application concurrent program. Now my need is to convert the start_date and end_date to bind Variables to improve the performance. I have commented the original code in
-
SpellChecker Program - A little help please?
Follwing is a spell checker program I've written. It reads from dictionary file(of correct words) and a user input file. The user input is compared against the contents of the dic file. If they do not match, incorrect words are outputted to the conso
-
Javax.naming.NameNotFoundException during a lookup() call.
I am getting this exception when I try to get a reference to my Local Entity bean from within a Remote Session bean. ( I did a search in these forums, and found a few topics similar to mine. However, those that were similar were unfortunately still u
-
Transfering my music in ipod nano to the new Video Ipod
Does anyone know how to Transfer music from one ipod to another?
-
When I make a jpeg image in my camera, it is assigned the adobe rgb gamut. What happens when it is imported in LR? Does the gamut change to prophoto automatically? When I print the jpeg do I have to specify the color gamut? If it isn't prophoto rgb,