This discussion is archived
9 Replies Latest reply: Feb 6, 2013 3:55 AM by 935795 RSS

Windows NT - Weblogic 12c Form based Auth ?

935795 Newbie
Currently Being Moderated
Hello,
I am migrating an EAR from Websphere to Weblogic. One of the WARs inside the EAR uses a Login that is written with Form based authentication. In Windows, I have set up the users and groups. The client browser for WAR should be able to login with the local OS username.

The code and cofig are written as specified in a [weblogic |http://docs.oracle.com/cd/E24329_01/web.1211/e24485/thin_client.htm#i1034590] tutorial. One difference between the example in the tutorial and my config is, the tuitorial relies on the default security realm is considered but my code, there is 'ES Manager realm'. I believed the ES Manager realm will provide the link between weblogic-my WAR-Local Win NT OS-users & groups. I have configured the Auth provider as WinNT and expected to choose the Win NT users that I wanted my WAR to use. But that did not happen.

The web.xml, weblogic.xml, java code and jsp are fine. I guess the configuration in the weblogic admin console is the missing link.

Can you please help me on what has to be done in the admin console.

regards,
Raj
  • 1. Re: Windows NT - Weblogic 12c Form based Auth ?
    Kalyan Pasupuleti-Oracle Expert
    Currently Being Moderated
    Hi Raj,

    Most of time you need to specifiy the new users and roles under Weblogic Admin console.

    check this Doc...
    http://docs.oracle.com/cd/E13222_01/wls/docs91/secwlres/secroles.html


    Regards,
    Kal
  • 2. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    Thanks again Kal.

    The Web Application is developed in a way that it accepts its login user name and password which is the same local OS user name and password. The Weblogic does not have the usernames and password and delegates the Auth responsiblity to WinNT.

    So, I followed the link to add a Security Realm called 'ES Security Realm'. This is the same realm referred in web.xml. The type of authentication provider is WindowsNTAuthenticator, because I want Windows to authenticate if the User/password is genuine or otherwise. Then I come to User and Groups and find that the 'New' button is missing. So I don't have the chance to add new User. I wanted to add the Windows local username as the user here. However, if I added 'Default Authenticator', the New button appears, but Windows user name will not be understood by anyone other than the Windows Authenticator (I think so).

    Regards,
    Raj
  • 3. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    I just understood from the document that Windows NT Authentication Provider is deprecated and am asked to find alternatives. May be that could be the reason for the inability to add users.
  • 4. Re: Windows NT - Weblogic 12c Form based Auth ?
    Kalyan Pasupuleti-Oracle Expert
    Currently Being Moderated
    yes Raj,

    that would be one of the reason too....

    Regards,
    kal
  • 5. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    Hi Kal,

    The alternative for Windows NT provider is to use LDAPProvider. That is opening a door to another few days of work, becuase I may have to connect to a LDAP server.
    Isn't it possible to connect to the local operating system ? I am working on Windows 7 professional and have configured local users and groups. Websphere has a simple option to connecting to the local OS. I could try LDAP at a later point of time - production; for now, I wish to get the system up and running.
    May I know if its possible to connect to local os?

    Thanks,
    Raj
  • 6. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    Hello,

    I entered the values at Home >Summary of Security Realms >ESP Manager Application >Users and Groups >Providers >MyDomain for the 'Provider Specific' values. The provider is LDAP. I have no clue what values are expected, as my context based help is not working in the admin console. I managed to fill values using a client called Microsoft Active Directory Explorer for LDAP. I should have filled the wrong values because when I access the Users and Groups, I get the following error in the startWeblogic command prompt.

    <01-Feb-2013 16:14:01 o'clock GMT> <Warning> <Security> <BEA-099117> <The LDAP authentication provider named "MyDom
    ain" failed to make connection to ldap server at ldaps://192.168.0.125:389, the error cause is: Connection reset.>
    <01-Feb-2013 16:14:01 o'clock GMT> <Error> <Console> <BEA-240003> <Administration Console encountered the following erro
    r: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
    at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3492)
    at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3479)
    at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2267)
    at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
    at weblogic.security.providers.authentication.LDAPAuthenticatorMBeanImpl.listUsers(LDAPAuthenticatorMBeanImpl.ja
    va:328)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:791)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:4
    49)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:4
    47)
    at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:263)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:4
    49)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:4
    47)
    at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:444)
    at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:323)
    at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.
    java:663)
    at java.security.AccessController.doPrivileged(Native Method)
    at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.ja
    va:661)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.ja
    va:654)
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1486)
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:96)
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1327)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1426)
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:847)
    at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
    at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:201)
    at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:299)
    at javax.management.remote.rmi.RMIConnectionImpl_1211_WLStub.invoke(Unknown Source)
    at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:1017)
    at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
    at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
    at $Proxy72.listUsers(Unknown Source)
    at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
    at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
    at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:82)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java
    :2044)
    at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptor
    s.java:91)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java
    :2116)
    at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor
    .java:261)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)

    at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
    at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
    at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
    at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:262)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:134)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
    at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1129)
    at com.bea.portlet.adapter.scopedcontent.framework.internal.PageFlowUtilsBeehiveDelegate.strutsLookupInternal(Pa
    geFlowUtilsBeehiveDelegate.java:43)
    at com.bea.portlet.adapter.scopedcontent.framework.PageFlowUtils.strutsLookup(PageFlowUtils.java:108)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.jav
    a:707)
    at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.ja
    va:265)
    at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:103)
    at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
    at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
    at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:465)
    at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:291)
    at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:231)
    at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:216)
    at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:275)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
    at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:64)
    at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:125)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:242)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:216)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:132)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:338)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:74)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3288
    )
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3254)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2163)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2089)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2074)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1513)
    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.ja
    va:254)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Caused by: java.lang.reflect.InvocationTargetException
    at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4166)

    at weblogic.security.utils.Pool.newInstance(Pool.java:37)
    at weblogic.security.utils.Pool.getInstance(Pool.java:33)
    at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3487)
    ... 128 more
    Caused by: netscape.ldap.LDAPException: Connection reset (91); Cannot connect to the LDAP server
    at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate
    .java:4647)
    at netscape.ldap.LDAPConnSetupMgr.connectServer(Unknown Source)
    at netscape.ldap.LDAPConnSetupMgr.openSerial(Unknown Source)
    at netscape.ldap.LDAPConnSetupMgr.connect(Unknown Source)
    at netscape.ldap.LDAPConnSetupMgr.openConnection(Unknown Source)
    at netscape.ldap.LDAPConnThread.connect(Unknown Source)
    at netscape.ldap.LDAPConnection.connect(Unknown Source)
    at netscape.ldap.LDAPConnection.connect(Unknown Source)
    at netscape.ldap.LDAPConnection.connect(Unknown Source)
    at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:4141)

    ... 131 more
    Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:189)
    at java.net.SocketInputStream.read(SocketInputStream.java:121)
    at weblogic.socket.JSSEFilterImpl.readFromNetwork(JSSEFilterImpl.java:445)
    at weblogic.socket.JSSEFilterImpl.handleUnwrapResults(JSSEFilterImpl.java:616)
    at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:498)
    at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:93)
    at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:71)
    at weblogic.socket.JSSESocket.startHandshake(JSSESocket.java:170)
    at weblogic.security.providers.authentication.LDAPAtnDelegate$AtnLDAPSSLSocketFactory.makeSocket(LDAPAtnDelegate
    .java:4644)
    ... 140 more
    >

    Can you please tell me some information link for Oracle 12c.

    Thanks,
    Raj
  • 7. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    Hi,
    I believe the problem is in filling the values in the LDAPProvider settings. These settings are used by Weblogic to connect to the LDAP server. In Weblogic Admin console, I can create an LDAPPRovider and there is a section to fill on Connection, Users, Groups, Static Groups and Dyanamic Groups. Under Users, the list is User Base DN, All users filter, User from name filter at al. Similarly, there is a list under Groups. All these are text areas and no drop downs. I have information about LDAP through a Microsoft tool called Active Directory explorer or through an open source tool called LDAP Admin.

    Now the problem is, the names and terminologies used by Weblogic and LDAP terminologies are not straightforward. Since I am writing wrong values, Weblogic is not able to communicate with LDAP server. Hence, I get security errors.

    May i request if you have successfully used weblogic with Windows NT-LDAP?

    Thanks,
    Raj
  • 8. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    I have solved the problem and like to share the solution with some other who may be looking to solve.

    Weblogic 10 has deprecated the Windows NT Autenticator. So, if you are looking to use your local OS, you may have to run some LDAP kind of adapters to access below. The best alternative is to use the Embedded Weblogic Authenticator. I don't know about this and have not tried. I took another option of using my organization's LDAP service. We have a Microsoft Active Directory. It has an LDAP Server. Weblogic 12c has an ActiveDirectoryAuthenticator. This link is useful to configure http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/

    The one place I was seriously stuck was filling the values for the Active Directory settings. The values may not be default all times. The Directory structure of LDAP servers are different between environments. The best way around is to have a system admin to help. If you cannot, you have to use to browse the structure and find the users and groups yourself. The properties of them will give you the CNs, OUs et al. I had more than one CN in our system. I used a free tool called LDAP Admin to access. The link I have given above is run by one, Faizal, is very helpful. There is a mail id mentioned too, if you manage to get his attention.

    All the best.

    Raj
  • 9. Re: Windows NT - Weblogic 12c Form based Auth ?
    935795 Newbie
    Currently Being Moderated
    Some more tips..
    The error messsage you get is utterly misleading. If your credentials are wrong, you get 'Socket not found' :-)
    And whenever you save the credentials page, the password gets hashed by the browser. So if you are saving again, it is better to rewrite the password.
    If you don't create a new realm. the myrealm does not let you add a new provider. Ripley's believe it or not!!

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points