Weblogic Portal 9.2 LDAP user listing resulting in NullPointer
Hi,
I have configured Weblogic Portal 9.2 to use an LDAPAuthenticator, when I use the Admin Console I can see the Novel Groups and Novel Users fine. When I select "User Management" menu item in the Admin tool where you set the Entitlements etc.. I get a null pointer exception but can see the Novel Groups fine. Is this a bug?
The exception starts with...
java.lang.NullPointerException
at sun.text.UCharacterIterator.<init>(UCharacterIterator.java:46)
at sun.text.UCharacterIterator.getInstance(UCharacterIterator.java:71)
at sun.text.Normalizer.setText(Normalizer.java:1045)
at java.text.CollationElementIterator.setText(CollationElementIterator.java:479)
at java.text.RuleBasedCollator.compare(RuleBasedCollator.java:401)
at java.text.Collator.compare(Collator.java:297)
at java.util.Arrays.mergeSort(Arrays.java:1284)
at java.util.Arrays.mergeSort(Arrays.java:1296)
at java.util.Arrays.mergeSort(Arrays.java:1296)
at java.util.Arrays.mergeSort(Arrays.java:1295)
at java.util.Arrays.mergeSort(Arrays.java:1295)
at java.util.Arrays.sort(Arrays.java:1223)
at java.util.Collections.sort(Collections.java:159)
at com.bea.p13n.usermgmt.query.UGQueryResult.reSort(UGQueryResult.java:132)
at com.bea.p13n.usermgmt.query.UGQueryResult.<init>(UGQueryResult.java:48)
at com.bea.p13n.usermgmt.query.internal.UserPagedResult.<init>(UserPagedResult.java:31)
at com.bea.p13n.usermgmt.hierarchy.AtnGroupManager.queryUser(AtnGroupManager.java:231)
The strange thing is that firstly I can see the Novel Groups but not the users, and can see both Groups and Users in the normal administration console. This tells me that the LDAPAuthenticator is connecting up correctly.
This problem occured because the user filter entry was not filled in when putting in the ldap provider settings on the weblogic console. The portal admin console gives a null pointer when listing all users but when using the normal weblogic console it lists the Novel users alright.
Similar Messages
-
User status shows active in portal for inactive LDAP users
Hi all,
Users listed in the LDAP as deleted or inactive are still listed in EP
User Management as valid active users.
1) is there any process or OSS note which can help us to get users
inactive in portal user management to the corresponding LDAP inactive
users?
2) is there any chance that any inactive or deleted entries in LDAP
should not be searchable from User admin Portal search?
Any solution for the above problem?
Please reply.
Regards,
haroonHello there,
i have the same problem: We have several domains that sometimes contain users with the same user-id. This happens, if a user is "moved" from one domain to another: A new user with the same user-id is created in the new domain and the user-status of the user in the old domain is set to "inactive".
But SAP NetWeaver Portal (7.0 EHP 1) ignores this user-status flag and thus login (with SPNego / Integrated Windows Authentication, which does not send the domain of an identified user to the portal) fails.
Is there a possibility to get the portal to "ignore" LDAP users (meaning no longer list them in the UME) that have their user-status flag set to "inactive"?
Thanks for a reply in advance!
Regards,
René -
Unable to find user list in Active Directory Authenticator
Hi all,
I am using weblogic 10.3 and want to configure ActiveDirectory Authenticator for my weblogic application. We have one managed srever under admin server . I have configured a Active Directory Authenticator named "ADAuthenticator" and made following changes as per the below values:
I set the control flag to "OPTIONAL" .
Security Realms-->myrealm-->Providers-->ADAuthenticator-->Provider Specific
UserName Attribute : ServiceBEA
Principal : ServiceBEA
Host : xxxxxx
User Search Scope : subtree
Group From Name Filter : (&(ServiceBEA=%g)(objectclass=group))
Credential : xxxxxx
Confirm Credential : xxxxxx
User From Name Filter : (&(ServiceBEA=%u)(objectclass=user))
Static Group Name Attribute : ServiceBEA
User Base DN : values provided as per requirement
Port : 389
User Object Class : user
Use Retrieved User Name as Principal : checked
Group Base DN : same values as per User Base DN
Static Group Object Class : group
Group Membership Searching : unlimited
Max Group Membership Search Level : 0
These are my AD settings. After doing this i click on save and then activate changes and then restarted the admin server.
But the problem is when i login to weblogic console to check the user list under "User and Group" i am unble to find any Active Directory users.
I don't know where i made the mistake. Can some make me out of this trouble.
Any help is highly appreciated.
Thanks in advance !Hi Sean,
Actually we have already a Active Directory with username "ServiceBEA" in our windows server. So i used this "ServiceBEA" as UserName Attribute in weblogic console while creating a Active Directory Authenticator.
You mean to say that we should go for "sAMAccountName" or what? If that is the case then i have also tested with following values, but still no luck.
UserName Attribute : sAMAccountName
Principal : ServiceBEA
Host : xxxxxx
User Search Scope : subtree
Group From Name Filter : (&(sAMAccountName=%g)(objectclass=group))
Credential : xxxxxx
Confirm Credential : xxxxxx
User From Name Filter : (&(sAMAccountName=%u)(objectclass=user))
Static Group Name Attribute : sAMAccountName
User Base DN : values provided as per requirement
Port : 389
User Object Class : user
Use Retrieved User Name as Principal : checked
Group Base DN : same values as per User Base DN
Static Group Object Class : group
Group Membership Searching : unlimited
Max Group Membership Search Level : 0
Please advise what to be place in case of User Name Attribute.
Any help is highly appreciated.
Thanks in advance ! -
Capture event in weblogic portal 8.1
Hi
I have observed some changed behaviour in weblogic portal 8.1.
in weblogic portal 7.0,whenever user minimize portlet and log off,he again gets
the same state after login(minimized portlet).
It is not happeneing in weblogic portal 8.1 ..everytime user is getting same
(normal state) ,even if he minimized portlet before log out.
cheersPlease check out this thread for some details about this behavior:
http://mktnews1.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.portal&item=6292&utag=
Cordially,
George Murnock
"ashshish" <[email protected]> wrote:
>
Hi
I have observed some changed behaviour in weblogic portal 8.1.
in weblogic portal 7.0,whenever user minimize portlet and log off,he
again gets
the same state after login(minimized portlet).
It is not happeneing in weblogic portal 8.1 ..everytime user is getting
same
(normal state) ,even if he minimized portlet before log out.
cheers -
LDAP user groups not visible for configuring a Group Portal
Hi,
We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2 in which
I've added the Novell LDAP Authentication provider as the authentication provider
and then set "myRealm" as the default realm for the domain. I am able to start
the WLS server instance and login to portalAppTools with the "administrator" account.
We would like to configure a Group Portal. In Portal Administration interfaces,
when I click on Group Administartion, I am unable to see any of my external LDAP
groups. I know that we cannot create/delete users or groups in the external LDAP
repository thru the Admin UI but the documentation says that I should be able
to view the users/groups in the Admin UI. Authentication against the external
LDAP repository works fine. Can anybody suggest the reason why we are unable to
view any of the Users or Groups in our external LDAP repository thru the User
Administration interfactes.
Appreciate any feedback.
Thanks
VikramHi Jim,
I've configured a default LDAP V2 Compatibility Realm by modifying the Config.xml
file. I was able to restart Weblogic and see the LDAP Groups and Users thru the
WLS console. In our project we've a unique requirement wherein all Application
Groups and User Accounts would be stored in an LDAP repository and all BEA SERVICE
level accounts and groups are stored in a Database (groups like AdminEligible,
Administrators etc.). We need to be able to look at the groups in both the Database
and LDAP repositories in order to administer and configure a Group Portal. On
the outset it looks like we will not be able to do what we want to with the current
portal framework. Please suggest if there are any alternatives in order to implement
this solution. I am sure there are lot of other Clients who cannot create groups
like Administrators, AdminEligible etc in their LDAP repositories and will be
forced to think of alternatives.
I would appreciate if you can reply back at your earliest convenience.
Thanks
Vikram
Jim Litton <replyto@newsgroup> wrote:
The Weblogic 7.0 Authentication Providers (new JAAS Framework) is not
supported with Portal 7.0. You will need to configure the Compatibility
Security CustomRealm for Novell to try to get Portal working.
see defaultLDAPRealmForNovellDirectoryServices at
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1083149
In addition, remember to test functionality through the Weblogic
Console. If you can see groups and users there okay it is very likely
that Portal will operate.
-- Jim
Vikram wrote:
Hi,
We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2in which
I've added the Novell LDAP Authentication provider as the authenticationprovider
and then set "myRealm" as the default realm for the domain. I am ableto start
the WLS server instance and login to portalAppTools with the "administrator"account.
We would like to configure a Group Portal. In Portal Administrationinterfaces,
when I click on Group Administartion, I am unable to see any of myexternal LDAP
groups. I know that we cannot create/delete users or groups in theexternal LDAP
repository thru the Admin UI but the documentation says that I shouldbe able
to view the users/groups in the Admin UI. Authentication against theexternal
LDAP repository works fine. Can anybody suggest the reason why we areunable to
view any of the Users or Groups in our external LDAP repository thruthe User
Administration interfactes.
Appreciate any feedback.
Thanks
Vikram -
Authentication in weblogic portal server 8.1 sp2 using external LDAP
Hi,
I am trying to use external LDAP for authentication.
I have configured the ActiveDirectoryAuthenticator giving the necessary
values
( and added
"-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
ator" in startWeblgoic.cmd )
and can see the users and the groups from my LDAP provider in the admin
console and in the admin portal's "users and groups".
A set of users are given permission to access the restricted site and those
users are visible in the global role with the permission.
The web.xml is configured for BASIC auth-method, and the role is
<externally-defined/> in weblogic.xml.
Now when I access a restricted page, I am shown a dialog prompt to key in
the username and password.
Even when I key in the valid credentials, the restricted page is not shown
and an "Unauthorized xxx" 401 access error is thrown.
Any clue, on what i am missing.?
Please let me know if any suggestion / idea.
Regards,
Arun.Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
Brad -
How to force a new password in portal with LDAP user? external users
With an external portal (used by agents that do not work for you or reside in your office), company policy is for password to be changed every qtr.
If the users are creating as LDAP users how to force them to change their password when required?
Is this a custom application that needs to be written so when they log into the portal if the qtr has expired the portal ask them to enter a new password that becomes valid for the next qtr.
Versus internally deleting and emailing all the users a new password?Hi Glenn,
We are getting one problem when we are creating user in LDAP and login with that user in Portal that time we are getting Password change screen , but when we create a user in LDAP and change the password of that user in LDAP then when the user tries to Login to portal that time we are not able to see the password change screen.
But again if we change the password of that user through Portal we are able to see change password screen.
can you help on this how we can force the user to change password when we are changing password in LDAP or in SAP System.
Regards
Trilochan -
LDAP users Faicng Error While Accessing the ESS Iviews in Portal
Hi,
My Portal is SAP EP 7.0 SP20 And ECC 6.0 SP16.
UME users able to access the ESS MSS Iviews.But only one LDAP User only access ESS/MSS Iviews Other getting the Below error.
Critical Error
A critical error has occured. Processing of the service had to be terminated. Unsaved data has been lost.
Please contact your system administrator
Syntax error in program CL_XSS_CAT_BUFFER=============CP ., error key: RFC_ERROR_SYSTEM_FAILURE
Syntax error in program CL_XSS_CAT_BUFFER=============CP ., error key: RFC_ERROR_SYSTEM_FAILURE:
com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Syntax error in program CL_XSS_CAT_BUFFER=============CP ., error key: RFC_ERROR_SYSTEM_FAILURE
at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:101)
at com.sap.xss.ser.xssmenu.fc.ModelHandler.onInit(ModelHandler.java:205)
at com.sap.xss.ser.xssmenu.fc.wdp.InternalModelHandler.onInit(InternalModelHandler.java:428)
at com.sap.xss.ser.xssmenu.fc.FcXssMenu.setPersonnelNumber(FcXssMenu.java:570)
at com.sap.xss.ser.xssmenu.fc.FcXssMenu.onInit(FcXssMenu.java:292)
at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenu.onInit(InternalFcXssMenu.java:455)
at com.sap.xss.ser.xssmenu.fc.FcXssMenuInterface.onInit(FcXssMenuInterface.java:165)
at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenuInterface.onInit(InternalFcXssMenuInterface.java:389)
at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenuInterface$External.onInit(InternalFcXssMenuInterface.java:546)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:922)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
at com.sap.pcuigp.xssutils.navi.FcNavigation.onInit(FcNavigation.java:314)
at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigation.onInit(InternalFcNavigation.java:358)
at com.sap.pcuigp.xssutils.navi.FcNavigationInterface.onInit(FcNavigationInterface.java:145)
at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigationInterface.onInit(InternalFcNavigationInterface.java:142)
at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigationInterface$External.onInit(InternalFcNavigationInterface.java:278)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:922)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
at com.sap.pcuigp.xssutils.roadmap.VcRoadmap.onInit(VcRoadmap.java:188)
at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmap.onInit(InternalVcRoadmap.java:162)
at com.sap.pcuigp.xssutils.roadmap.VcRoadmapInterface.onInit(VcRoadmapInterface.java:153)
at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmapInterface.onInit(InternalVcRoadmapInterface.java:144)
at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmapInterface$External.onInit(InternalVcRoadmapInterface.java:220)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:564)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:782)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:302)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:761)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:696)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:869)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:229)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1344)
at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:356)
at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:549)
at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:193)
at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:782)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:302)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.sap.aii.proxy.framework.core.BaseProxyException: Syntax error in program CL_XSS_CAT_BUFFER=============CP ., error key: RFC_ERROR_SYSTEM_FAILURE
at com.sap.aii.proxy.framework.core.AbstractProxy.send$(AbstractProxy.java:150)
at com.sap.pcuigp.xssutils.xssmenu.model.MenuModel.hrxss_Ser_Getmenudata(MenuModel.java:171)
at com.sap.pcuigp.xssutils.xssmenu.model.Hrxss_Ser_Getmenudata_Input.doExecute(Hrxss_Ser_Getmenudata_Input.java:137)
at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:92)
... 76 more
Thanks & Regrads,
Subba RaoHi,
Now every user facing the same error while accessing ESS Iviews from Portal.
in ST22 Dump is created.
What happened? |
Error in the ABAP Application Program
The current ABAP program "CL_XSS_CAT_TIME_SHEET=========CP" had to be
terminated because it has
come across a statement that unfortunately cannot be executed.
The following syntax error occurred in program
"CL_XSS_CAT_BUFFER=============CP " in include
"CL_XSS_CAT_BUFFER=============CM00C " in
line 50:
""L_CATSDB" and "L_CATSDBCOMM" are not mutually convertible. In Unicode"
" programs, "L_CATSDB" must have the same structure layout as "L_CATSDB"
"COMM", independent of the length of a Unicode character."
The include has been created and last changed by:
Created by: "SAP "
Last changed by: "SAP "
Error in the ABAP Application Program
The current ABAP program "CL_XSS_CAT_TIME_SHEET=========CP" had to be
terminated because it has
| come across a statement that unfortunately cannot be executed.
What we need to resolve the above issue.
Thanks & Regards,
Subba Rao -
Error while configuring external LDAP user store with weblogic
Hi,
I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
To do this, I have configured authentication provider and provided all the required details to connect to ldap.
For example:
Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
User DN: ou=People,dc=test,dc=com
Group DN: ou=Groups,dc=test,dc=com
This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
password=xxxxxxx
username=admin
Now while starting the admin weblogic server, I am getting the below error:
<Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
<Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
Regards,
Neeraj Tati.Hi,
Please refer the below content that I found for Oracle 11g in the docs.
"If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
Here not sure what to do.
Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
Regards,
Neeraj Tati. -
Table name in which user information is stored in weblogic portal
Hi Friends,
Please specify the name of the table which stores user information(such as username,firstname,lastname,email,etc.)in weblogic portal.
Thanx in advance.
Chiku.Default table is PROPERTY_VALUE. You can write your own property manager to
save is somewhere else
Rajneesh
<John Wayne> wrote in message news:[email protected]..
Hi Friends,
Please specify the name of the table which stores user information(such
as username,firstname,lastname,email,etc.)in weblogic portal.
Thanx in advance.
Chiku. -
User creation in Portal Connected to LDAP
Hi Gurus,
i want to know if we have LDAP connected to a Portal and someone creates a user on Portal UME , will the user get created in LDAP or portal UME.
The situation is where any registerd user accessing the portal should be authenticated against LDAP and he can also do a self registration from portal.So if he self registers, does his user id/Password gets created in LDAP or it stays in Portal UME.If it gets stored all the way to LDAP then we are fine, if not , then is there a way to replicate this user id password to LDAP.
Thanks in Advance!>
Gaurav Garg wrote:
> Hi Gurus,
> i want to know if we have LDAP connected to a Portal and someone creates a user on Portal UME , will the user get created in LDAP or portal UME.
User will be created in UME only not in LDAP.
> The situation is where any registerd user accessing the portal should be authenticated against LDAP and he can also do a self registration from portal.So if he self registers, does his user id/Password gets created in LDAP or it stays in Portal UME.
No the user is created in UME database and not in LDAP. If you are setting up your user persistence in LDAP (authenticating users from LDAP) then you have to setup users in LDAP. UME has a read only access to things that it pulls from LDAP.
Regards,
Zaheer -
How to get logged-in user/group information in WebLogic Portal 10.3.2
Hi bros.
I have a codesnipet to get information about user who actually logged in weblogic portal:
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import com.bea.p13n.security.Authentication;
import com.bea.portal.tools.security.user.*;
public class UGMSummary {
private static final String username = "weblogic";
private static final String password = "webl0gic";
public UGMSummary(){
public void test(){
try {
Subject tmp = Authentication.authenticate(username, password);
//PolicyItem pi = new PolicyItem();
//System.out.println("######## " + Authentication.getCurrentSubject().toString());
UserIDBuilder builder = new UserIDBuilder();
UserID uid = builder.createResourceID();
System.out.println("######## Admin ? " + Authentication.isAdministrator(tmp));
System.out.println("######## Anonymous ? " + Authentication.isAnonymous(tmp));
System.out.println(" ######## " + uid.getUserName());
} catch (LoginException e) {
System.out.println(e.getMessage());
//e.printStackTrace();
}Some println commands above are used to mark in console. I can ensure that there is an user (admin) logged in weblogic system by executing command: Authentication.isAdministrator(tmp);
Output of codesnipet above is:
######## Admin ? true
######## Anonymous ? false
######## nullMy problem is impossible to use UserID object to get username of weblogic user. Output of command: uid.getUsername() is: null
Somebody tell me why my code doesn't work though it can authenticate an user.
Thank in advance.
ps:
Some Javadoc for UserID can be found here:
http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html
http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.htmlHi, Kevin.
I'm glad to see your response again. I found some interesting information from your recommendation link. At this time, I know that impossible to get users/groups information by using DelegatedAtnProxyManagerControlFacade (ref: http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/com/bea/portal/tools/ugm/controls/DelegatedAtnProxyManagerControlFacade.html) interface.
But, I dont know how to get an instance of an object that implemented this interface. My friend give me a codesnipet that shown the way to get a DelegatedAtnProxyManagerControlFacade by using this codesnipet in a GlobalController:
try
DelegatedAtnProxyManagerControlFacade delegatedAtnProxyManager = (DelegatedAtnProxyManagerControlFacade)getControl(DelegatedAtnProxyManagerControlFacade.class);
catch (PolicyRefException e)
reportPolicyRefException(e);
catch (OperationNotSupportedException e)
reportOperationNotSupportedException(e);
}But I dont know what global.GlobalController actually is ?
I've asked Google for information but I got nothing. Do you know any documentation that describes about this controller ?
Thanks, regards !
Doubt_Man. -
How to use Domino LDAP in WebLogic Portal 8.1?
Hi, all
I'm trying to solve the problem of how to use Domino LDAP in WebLogic Portal 8.1. Anybody who have this experience please help me.
Best Regards,
SeanHi,
I just spoke to BEA and domino LDAP not supported although they gave me these
LDAP filters that might help -
http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_solution&answerpage=solution&page=wls/S-09460.htm
Sean Lin <[email protected]> wrote:
Hi, all
I'm trying to solve the problem of how to use Domino LDAP in WebLogic
Portal 8.1. Anybody who have this experience please help me.
Best Regards,
Sean -
Filter very long user list in Weblogic console
Hi,
we have configured Weblogic to use Active Directory for authentication, which works fine. However now the user list in the weblogic console is very very long (some 100.000 entries) making it very unconvenient to edit the local users which we also need.
Is there a way to not display the users from AD here? Or to filter the list by provider? (Directly at the list I can only filter by name).
Thanks and best regards
Daniel
P.S.: It's WLS 10.3.3.0Hi Faisal,
thanks for your reply. Number of rows displayed per page is a good hint, but the list will have multiple 10.000 entries anyway, so this is not really good. When I apply a filter within the Provider configuration can the other users (that got filtered out) still log in? As far as I understood, users who are filtered away here, are not present for weblogic in any way, i.e. also cannot login.
Cheers
Daniel -
Is there way send notifications to portal users within weblogic portal
Is there way send notifications to portal users within weblogic portal or we need
to use Message broker channel or JMS for this purposevenks wrote:
Is there way send notifications to portal users within weblogic portal or we need
to use Message broker channel or JMS for this purposeI think you could do it using the portal event framework....subscribe
the user to a custom event on login and then just raise the
event...should be examples in the samples app....check the javadocs for
com.bea.p13n.events.Event
Martin
Maybe you are looking for
-
How to get sour to play through mini display via vga without sound cables?
I know that many of you guys might tell me that this question is stupid or that it is impossible to do it but i run in to problems that usually the company that made the product can't asnwer it all the time. So here it is. I have the mid 2009 MBP 17
-
This has happened multiple times. While typing email and also in forums. This is a new computer with Windows 7 so not sure if problem is something in Windows or with Firefox. Sometimes when I hit Shift and t a new tab will open, or shift and w will c
-
Where to download the SQL Server 2000 plug-in for Migration Workbench
Dear All, I am new to Migration WorkBench, I want to migrate the SQL Server 2000 database to Oracle 9i. When i start the Migration WorkBench, it requires me to select the plug-in (SQL Server) for the migration source. Before i have download and insta
-
Hi, I have problem with authorization with Value Driver Tree (SEM-CPM). I use CPM variables for Group and Directorate Level. When I try to make authorization for the Directorate and Group, I can not found authorization object for it. I already use ST
-
Query related to form printing.
Hello sir's, In program i am giving delivery number as input ,if there is 10 items in that delivery number, then i want each item to be printed on the separate page in smartform on a single print click. There is no limit on number of items in particu