1 Reply Latest reply: Oct 30, 2012 3:48 PM by Mohammed Rayan-Oracle RSS

    Weblogic 10.3.3 Novell Authenticator Provider

    jordan.moises-user8678781
      We have a Weblogic 10.3.3 that uses Novell Authenticator Provider to let users to log into the Weblogic Web Applications with their same user and password as they do at Windows.

      Here the part of the config.xml file that it is related to the REALM, I changed same data for a security issue.


      <realm>
      <sec:authentication-provider xsi:type="wls:default-authenticatorType">
      <sec:control-flag>SUFFICIENT</sec:control-flag>
      </sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
      <sec:active-type>AuthenticatedUser</sec:active-type>
      </sec:authentication-provider>
      <sec:authentication-provider xsi:type="wls:novell-authenticatorType">
      <sec:name>CustomAuthenticator</sec:name>
      <sec:control-flag>SUFFICIENT</sec:control-flag>
      <wls:propagate-cause-for-login-exception>true</wls:propagate-cause-for-login-exception>
      <wls:host>XXX.XXX.XXX.XXX</wls:host>
      <wls:port>636</wls:port>
      <wls:ssl-enabled>true</wls:ssl-enabled>
      <wls:principal>cn=user,o=ouname</wls:principal>
      <wls:user-base-dn>o=ouname</wls:user-base-dn>
      <wls:credential-encrypted>{AES}encrypted-password</wls:credential-encrypted>
      <wls:group-base-dn>o=ouname</wls:group-base-dn>
      <wls:connect-timeout>300</wls:connect-timeout>
      <wls:connection-pool-size>30</wls:connection-pool-size>
      </sec:authentication-provider>
      <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
      <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
      <sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
      <sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
      <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
      <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
      <sec:name>myrealm</sec:name>
      <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
      <sec:name>SystemPasswordValidator</sec:name>
      <pas:min-password-length>8</pas:min-password-length>
      <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
      </sec:password-validator>
      </realm>

      And here are two parameters that can not be seeing in the file, may be because we didn't change their default values.

      Cache Size = 32
      TTL Cache = 60

      The problem we have is this:

      A certain user yesterday had to change the NOVELL E-Directory password, so the user changed succesfully the password, but when the user tried to log in to the web application that we have designed to let access all the others web applications on that weblogic, the user could not log in.

      Today we did not restart the weblogic and the user stial can not login to the weblogic.

      We think that for this time the issue will solve if we restart, but only for this time.

      Someone can help us?

      Thanks

      Jordán
        • 1. Re: Weblogic 10.3.3 Novell Authenticator Provider
          Mohammed Rayan-Oracle
          what the server logs says,when the authentication fails?You might consider turning on the securityATN debug either from the console or command line JAVA_OPTIONS and check the debug logs to figure out the cause for authentication denied issue.


          -Dweblogic.debug.DebugSecurityAtn=true
          -Dweblogic.debug.DebugSecurityAtz=true
          -Dweblogic.debug.DebugSecurityRoleMap=true


          "We think that for this time the issue will solve if we restart, but only for this time."
          I'm not sure how restart shall fix the issue