developers

    Forum Stats

  • 3,874,065 Users
  • 2,266,670 Discussions
  • 7,911,715 Comments

Discussions

Authenticate users using Active directory in adf

Mohammed Jahangir
Mohammed Jahangir Member Posts: 125 Blue Ribbon

hello Everyone,

I am new to adf, my requirement is to create an ADF application and authenticate users by Active directory/ windows login credentials. Could you please guide me how to achieve my requirement.

waiting for your response.

Thanks

Tagged:

Answers

  • Timo Hahn
    Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 38,913 Red Diamond

    User, tell us your exact JDev version, please!

    To authenticate users, you use an authentication provider on your Server (WeblogicServer). This isn't a problem of ADF. ADF security wraps authentication and authorization using some simple API. You don't have to do anything in your app but to enable security.

    Look at this older post https://community.oracle.com/tech/developers/discussion/4064856/how-to-integrate-adf-with-windows-active-directory that points you to the solution.

    Tim Hall prodided an WSLT script to configure AD in WLS at https://oracle-base.com/articles/web/wlst-configure-active-directory-authentication

    Timo

  • Mohammed Jahangir
    Mohammed Jahangir Member Posts: 125 Blue Ribbon
    edited Sep 13, 2022 7:10AM

    Thanks Timo,

    I am using Jdeveloper version - 12.2.1.3.0,

    1. My requirement is in my application I have login form, I have to authenticate users from Active directory.
    2. How can I know that user is authenticated and get his user name in login bean.
    3. Once user is authenticated, I need to check whether user has privileges to access application.
    4. what changes I have to make in my adf application

    Kindly guide me.

    I will go thorough the blogs, hopefully my requirement will be fulfilled. If there is anything then I will get back to discussion.


    Thanks

  • dvohra21
    dvohra21 Member Posts: 14,691 Gold Crown

    Is auto-login used? The auto login functionality is based on Active Directory domain credentials using Microsoft Kerberos over SPNEGO protocol. 

     Kerberos is a network authentication protocol that provides authentication for client and server applications and supports the concept of Single Sign-On (SSO). If you are already logged in to a system that is part of a domain, you can access network services throughout a Kerberos realm without authenticating again. For HTTP, Kerberos support is provided by SPNEGO authentication mechanism. All the browsers support SPNEGO-based authentication. For auto login to work, you must configure browsers to enable the SPNEGO support.

    Please refer "How To Configure Browser-based SSO with Kerberos/SPNEGO"

    https://www.oracle.com/technical-resources/articles/middleware/idm-weblogic-sso-kerberos.html

  • Mohammed Jahangir
    Mohammed Jahangir Member Posts: 125 Blue Ribbon

    I have created application implemented form based adf security and created users in jazn.

    I am able to login with the credentials stored in jazn.

    I implemented AD authentication using http://adfhowto.blogspot.com/2011/07/how-to-configure-active-directory.html and configured LDAP credentials successfully in integrated WLS.

    Made changes to default Authenticator as "Optional" and AD Authenticator as "Sufficient" then tried to login with AD users but it is throwing below error.

    javax.security.auth.login.FailedLoginException: [Security:090938]Authentication failure: The specified user failed to log in. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied

    at com.bea.common.security.utils.ExceptionHandler.throwFailedLoginException(ExceptionHandler.java:62)

    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:380)

    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:117)

    at java.security.AccessController.doPrivileged(Native Method)

    at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:114)

    at sun.reflect.GeneratedMethodAccessor378.invoke(Unknown Source)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)

    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

    at java.security.AccessController.doPrivileged(Native Method)

    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)

    at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)

    at sun.reflect.GeneratedMethodAccessor452.invoke(Unknown Source)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)

    at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)

    at com.sun.proxy.$Proxy76.login(Unknown Source)

    at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:92)

    at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:83)

    at sun.reflect.GeneratedMethodAccessor456.invoke(Unknown Source)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)

    at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)

    at com.sun.proxy.$Proxy95.authenticate(Unknown Source)

    at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)

    at weblogic.security.service.PrincipalAuthenticatorImpl.authenticate(PrincipalAuthenticatorImpl.java:373)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)

    at weblogic.security.service.ServiceHandler.invoke(ServiceHandler.java:55)

    at com.sun.proxy.$Proxy106.authenticate(Unknown Source)

    at weblogic.security.services.Authentication.doLogin(Authentication.java:140)

    at weblogic.security.services.Authentication.login(Authentication.java:75)

    at weblogic.security.services.Authentication.login(Authentication.java:51)

    at qassim.gov.sa.view.beans.LoginBean.doLoginActionListener(LoginBean.java:85)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)

    at com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:181)

    at com.sun.el.parser.AstValue.invoke(AstValue.java:289)

    at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:304)

    at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)

    at javax.faces.event.MethodExpressionActionListener.processAction(MethodExpressionActionListener.java:147)

    at javax.faces.event.ActionEvent.processListener(ActionEvent.java:88)

    at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcast(UIXComponentBase.java:1127)

    at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:179)

    at org.apache.myfaces.trinidad.component.UIXComponent.broadcastInContext(UIXComponent.java:364)

    at oracle.adf.view.rich.event.ProxyEvent.broadcastWrappedEvent(ProxyEvent.java:72)

    at oracle.adf.view.rich.component.fragment.UIXRegion._handleProxyEvent(UIXRegion.java:933)

    at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:117)

    at org.apache.myfaces.trinidad.component.UIXComponent.broadcastInContext(UIXComponent.java:364)

    at org.apache.myfaces.trinidad.component.WrapperEvent.broadcastWrappedEvent(WrapperEvent.java:82)

    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:168)

    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:510)

    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:171)

    at org.apache.myfaces.trinidad.component.UIXComponent.broadcastInContext(UIXComponent.java:364)

    at org.apache.myfaces.trinidad.component.WrapperEvent.broadcastWrappedEvent(WrapperEvent.java:82)

    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:111)

    at org.apache.myfaces.trinidad.component.UIXComponent.broadcastInContext(UIXComponent.java:364)

    at org.apache.myfaces.trinidad.component.WrapperEvent.broadcastWrappedEvent(WrapperEvent.java:82)

    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:168)

    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:510)

    at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:171)

    at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:115)

    at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)

    at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:1243)

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executeInvokeApplication(LifecycleImpl.java:686)

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:364)

    at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:227)

    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:650)

    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)

    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)

    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)

    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)

    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:207)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:105)

    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:529)

    at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)

    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:529)

    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:354)

    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:232)

    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at oracle.security.jps.ee.http.JpsAbsFilter$3.run(JpsAbsFilter.java:172)

    at java.security.AccessController.doPrivileged(Native Method)

    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)

    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:650)

    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:110)

    at oracle.security.jps.ee.http.JpsAbsFilter.doFilterInternal(JpsAbsFilter.java:273)

    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:147)

    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:248)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:32)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3701)

    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3667)

    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)

    at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)

    at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)

    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)

    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443)

    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291)

    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269)

    at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1703)

    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1663)

    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)

    at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)

    at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)

    at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)

    at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)

    at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:644)

    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:415)

    at weblogic.work.ExecuteThread.run(ExecuteThread.java:355)

  • Mohammed Jahangir
    Mohammed Jahangir Member Posts: 125 Blue Ribbon

    I have created application implemented form based adf security and created users in jazn. 

     I am able to login with the credentials stored in jazn.

    I implemented AD authentication using http://adfhowto.blogspot.com/2011/07/how-to-configure-active-directory.html and configured LDAP credentials successfully in integrated WLS.

    Made changes to default Authenticator as "Optional" and AD Authenticator as "Sufficient" then tried to login with AD users but it is throwing below error.

    javax.security.auth.login.FailedLoginException: [Security:090938]Authentication failure: The specified user failed to log in. javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User specified user denied

    at com.bea.common.security.utils.ExceptionHandler.throwFailedLoginException(ExceptionHandler.java:62)

    at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:380)

    at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:117)

    at java.security.AccessController.doPrivileged(Native Method)

    at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:114)

  • Timo Hahn
    Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 38,913 Red Diamond

    User, it won't help if you tell us everything again. The error message suggests that the user's access is denied.

    This might be because of a wrong configuration of the AD in WLS or something else we can't see.

    I mentioned some other resources in my first repüly. Have you checked them out?

    Maybe the blog you followed left some thing out.


    Timo

  • Mohammed Jahangir
    Mohammed Jahangir Member Posts: 125 Blue Ribbon
    edited Oct 6, 2022 5:12AM

    Dear Timo,

    Thanks for your response....

    Development environment

    Jdeveloper - 12C 12.2.3.0

    Integrated WLS

    Production environment

    Weblogic server 12c on production

    With previous posts link I created ADAuthenticator into Integrated WLS and on production server. With principal user and credentials I am able to connect LDAP server.

    After restarting server to test whether ADAuthenticator fetch users and groups from AD, I am getting connection failed 91 error code in logs of both WLS

    But I am able to fetch users and groups from third party LDAP tools.

    I also entered LDAP IP and Host into etc/host file as mentioned in one of oracle solutions.

    Still I am getting same connection failed error.

    I used same credentials in third party tool and it's fetching users and groups from AD.

    Note - there is no SSL on LDAP.

    Kindly guide me for possible solutions.

    Log:

    <Oct 6, 2022 8:10:06,321 AM AST> <Error> <Console> <BEA-240003> <Administration Console encountered the following error: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection

    at weblogic.security.providers.authentication.LDAPAtnDelegate.handleLdapException(LDAPAtnDelegate.java:4214)

    at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2666)

    at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:195)

    at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:243)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    Caused by: netscape.ldap.LDAPException: Referral connect failed: failed to connect to server ldap://qassim.gov.sa?/OU=Users,OU=?????%20?????%20??????,DC=qassim,DC=gov,DC=sa? (91); Cannot connect to the LDAP server; Failed to follow referral

    at netscape.ldap.LDAPConnection.referralConnect(Unknown Source)

    at netscape.ldap.LDAPConnection.performReferrals(Unknown Source)

    at netscape.ldap.LDAPConnection.checkSearchMsg(Unknown Source)

    at netscape.ldap.LDAPConnection.search(Unknown Source)

    at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2651)

    ... 163 more

  • Timo Hahn
    Timo Hahn Senior Principal Technical Consultant - Oracle ACE Director Member, Moderator Posts: 38,913 Red Diamond

    Well, nothing much to do from my side. The connection from the WLS to the LDAP is not working. You get the details in the error message.

    The connect string looks bogus to me, but I can't know as I don't know your system.


    Timo

developers