1 Reply Latest reply on Oct 12, 2015 3:43 PM by Charly_Z

    ORDS 3.0 on WLS with OAuth2: WLS-Basic-Challenges?

    Charly_Z

      Hi all!

       

      I have ords3.0 up and running and registered a client application for OAuth2 - Client-credentials flow as given in the documentation.

      In the standalone-mode I can successfully get a token and issue a GET to a secured resource by giving this token. (all without SSL/TLS).

      Works fine!

       

      Now I want to deploy ords on WLS.

      This works for http and https on unprotected resources.

       

      But when I want to go for a token, I get 401 :

      Request:

      POST https://server:port/ords/ordstest/oauth/token HTTP/1.1

      Accept-Encoding: gzip,deflate

      Content-Type: application/x-www-form-urlencoded

      Authorization: Basic Vk1xczVYR1VCTnBtblZ5UUE5cXh1US4uOnJTZ1VoVVQ2UENTUFM4RzZvTmVUUWcuLiA=

      Content-Length: 29

      Host: server:port

      Connection: Keep-Alive

      User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

       

      grant_type=client_credentials

       

      The Response is:

      HTTP/1.1 401 Unauthorized

      Date: Thu, 08 Oct 2015 15:42:22 GMT

      Server: Oracle-Application-Server-11g

      Content-Length: 1468

      WWW-Authenticate: Basic realm="WebLogic Server"

      X-Powered-By: Servlet/2.5 JSP/2.1

      Keep-Alive: timeout=5, max=97

      Connection: Keep-Alive

      Content-Type: text/html; charset=UTF-8

      Content-Language: en

       

      <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">

      <HTML>

      <HEAD>

      <TITLE>Error 401--Unauthorized</TITLE>

      ...

      This is from WLS as it seems.

      I didn't do this step (1.5.6)  in the configuration:

      http://docs.oracle.com/cd/E56351_01/doc.30/e56293/install.htm#AELIG7185

       

      I'm afraid this change will affect other applications which are deployed on this WLS!

       

      Is there a way to set this only for the ords-application on WLS?

      Any other ways to bring OAuth2 to work on WLS without affecting other apps?

       

      Thanks for your help!

      Charly

        • 1. Re: ORDS 3.0 on WLS with OAuth2: WLS-Basic-Challenges?
          Charly_Z

          Hi!

           

          Here is a way how it works on WLS (by using the WLS-Authentication for getting the tokens):

          Step1

          Create these Roles in WLS:

            OAuth Client Application

            OAuth Client Developer

            << the role you defined in ords.create_role() >>

           

          (I'm not sure why you also need OAuth Client Developer)

           

          Step2

          Create a WLS-user named exactly like given with  oauth.create_client(). See the user and password with

              select client_id,client_secret from user_ords_clients

           

          Step3

          Grant the 3 roles from Step1 to the new user.

           

          Now you can get a token by calling ords over the wls by giving the username and password from create_client().

           

          Here's a screenshot from an SOAPUI-Request for getting an token:

          2015-10-12 17_38_50-SoapUI 5.2.0.png

           

          It is an additional step to define the user in WLS too, but I don't need to change the WLS-Configuration.

          Maybe someone can find this useful.

           

          Charly