0 Replies Latest reply: Dec 21, 2011 3:13 AM by pribyl RSS

    Weblogic NegotiateIdentityAsserter and user principal name

    pribyl
      Weblogic NegotiateIdentityAsserter and user principal name

      My web application uses Kerberos authentication. I set NegotiateIdentityAsserter and LDAP Authentication Provider. Everything works fine if sAMAccountName is user for user lookup. Unfortunately in tagret environment this attribute is not unique. I need to identify user by his UPN (user principal name).

      Is there a way how to achieve it?

      My configuration is

      Weblogic 10.3.5
      Java 1.6

      ----------------
      login.config:

      myrealm {
      weblogic.security.auth.login.UsernamePasswordLoginModule required debug=true;
      };

      com.sun.security.jgss.initiate {
      com.sun.security.auth.module.Krb5LoginModule required
      principal="HTTP/ceprwlvyv.dsmsp.local@DSMSP.LOCAL"
      refreshKrb5Config=true
      useKeyTab=true
      keyTab="c:/ccaapl/security/ceprwlvyv_ktpass.keytab"
      storeKey=true
      debug=true;
      };

      com.sun.security.jgss.accept {
      com.sun.security.auth.module.Krb5LoginModule required
      principal="HTTP/ceprwlvyv.dsmsp.local@DSMSP.LOCAL"
      refreshKrb5Config=true
      useKeyTab=true
      keyTab="c:/ccaapl/security/ceprwlvyv_ktpass.keytab"
      storeKey=true
      debug=true;

      };

      com.sun.security.jgss.krb5.accept {
      com.sun.security.auth.module.Krb5LoginModule required
      principal="HTTP/ceprwlvyv.dsmsp.local@DSMSP.LOCAL"
      refreshKrb5Config=true
      useKeyTab=true
      keyTab="c:/ccaapl/security/ceprwlvyv_ktpass.keytab"
      storeKey=true
      debug=true;

      };

      -------------------
      krb5.ini:

      [libdefaults]
      default_realm = DSMSP.LOCAL
      kdc_timesync = 1
      ccache_type = 4
      ticket_lifetime = 600
      clockskew = 1200
      dns_lookup_kdc = true

      [realms]
      DSMSP.LOCAL = {
      kdc = DSDC.dsmsp.local
      }

      [appdefaults]
      autologin = true
      forward = true
      forwardable = true
      encrypt = true


      Thanks in advance!

      Petr