2 Replies Latest reply: Aug 4, 2013 8:53 PM by sotaof RSS

    LDAPAuthenticator Configuration

    Salai.jayavelu
      Hi All,

      AS per my vendor instruction manuall i have added 3rd party LDAPAuthenticator configuration in myrealms and place LDAPAuthenticator on top of everything. But when i restart the AdminServer it didnt com up but it failed with following error. Unsure what is the cause.

      LDAPAuthenticator Configuration

      <sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
      <sec:name>LDAPAuthenticator</sec:name>
      <sec:control-flag>SUFFICIENT</sec:control-flag>
      <wls:host>137.92.97.50</wls:host>
      <wls:port>2215</wls:port>
      <wls:user-object-class>userProxyFull</wls:user-object-class>
      <wls:user-name-attribute>CN</wls:user-name-attribute>
      <wls:principal>CN=hronline-user,OU=Service Accounts,DC=Moodle,DC=Canberra,DC=edu,DC=au</wls:principal>
      <wls:user-base-dn>DC=moodle,DC=canberra,DC=edu,DC=au</wls:user-base-dn>
      <wls:credential-encrypted>{AES}Haqm8MRwlHhXxcUXJwh5NUDIWsLMOeBZ7pcSEBjOU7M=</wls:credential-encrypted>
      <wls:group-base-dn>DC=moodle,DC=canberra,DC=edu,DC=au</wls:group-base-dn>
      <wls:connect-timeout>0</wls:connect-timeout>
      <wls:static-group-object-class>group</wls:static-group-object-class>
      <wls:static-member-dn-attribute>member</wls:static-member-dn-attribute>
      <wls:connection-pool-size>6</wls:connection-pool-size>
      <wls:group-membership-searching>unlimited</wls:group-membership-searching>
      </sec:authentication-provider>



      Error log when startup AdminServer

      <Mar 1, 2013 10:23:45 AM EST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause.
      If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap.
      Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
      The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.>

      <Mar 1, 2013 10:23:45 AM EST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
      The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
      weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
      The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
      at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
      at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
      at weblogic.security.SecurityService.start(SecurityService.java:141)
      at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
      Truncated. see log file for complete stacktrace
      Caused By: oracle.security.jps.JpsRuntimeException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
      The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
      at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
      at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      Truncated. see log file for complete stacktrace
      Caused By: oracle.security.jps.JpsException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
      The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
      at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2855)
      at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
      at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
      at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      Truncated. see log file for complete stacktrace
      Caused By: oracle.security.jps.service.idstore.IdentityStoreException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
      The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
      at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getIdStoreConfig(LdapIdentityStoreProvider.java:199)
      at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.access$300(LdapIdentityStoreProvider.java:74)
      at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider$NoLibOvd.getInstance(LdapIdentityStoreProvider.java:246)
      at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:118)
      at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:74)
      Truncated. see log file for complete stacktrace

      <Mar 1, 2013 10:23:45 AM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>

      <Mar 1, 2013 10:23:45 AM EST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>

      <Mar 1, 2013 10:23:45 AM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>


      Please advice. Thanks

      Thanks in Advance,
      Salai

      Edited by: Salai.jayavelu on 28/02/2013 15:38
        • 1. Re: LDAPAuthenticator Configuration
          Erik Janssen
          Hello Salai,

          The errors seem to indicate that you have configured the wrong LDAP authenticator type. Check My Oracle Support note [url https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1327104.1]1327104.1, 'WebLogic Server Fails To Start With The Following Error: "The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server." ' and [url https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1331981.1]1331981.1, 'Weblogic Server Fails to Start when Configured for LDAP Authentication' for similar issues. OAM Admin guide contains info as well, see [url http://docs.oracle.com/cd/E23943_01/doc.1111/e15478/datasrc.htm#BHCCCFIA]Registering a New User Identity Store.

          Thanks,
          EJ
          • 2. Re: LDAPAuthenticator Configuration
            sotaof

            Hello, today ,  I encounter the same problem, my solution is that I delete DefaultDomain (C:\Users\XXX\AppData\Roaming\JDeveloper\system11.1.1.6.38.61.92\DefaultDomain), then reboot is ok!

            by sotaof