I can see that there are a few related discussions but all of them are archived :
What I want to achieve is exactly what it is NOT explained in this tutorial: This document does not describe how to integrate WebLogic Server and GlassFish with the many popular user repository systems such as LDAP repositories, but Oracle REST Data Services can authenticate against such repositories after WebLogic Server or GlassFish has been correctly configured.
What I have so far is:
- ORDS enabled for one table (DEPLOYMENT) in my schema
- Oracle REST Data Services role (crud-deployments)
- A privilege (crud-operations-on-deployment-table) mapped to that role
- And I have mapped that privileged against a mapping (/deployment/*)
All of the above means that only the users with the role crud-deployments can access the services behind the /deployment/* URL. So if I make a request against any protected resource (e.g. https://my.domain.com/ords/my_schema/deployment/) I am redirected to the ORDS sign-in URL: https://my.domain.com/ords/my_schema/sign-in/?r=deployment%2F
The /ords application is deployed in an Oracle Weblogic Server 12.1.3 with the LDAPAuthenticator. This authenticator is rightly configured and my users can authenticate.
The problem is that if the ORDS sign-in form always reply with a 401 Unauthorized. Just a few lines for brevity:
UnauthorizedException [statusCode=401, reasons=] at oracle.dbtools.http.auth.RequestAuthorizationProvider.authorize(RequestAuthorizationProvider.java:145) .../... Caused by: NotAuthorizedException [authConstraint=crud-operations-on-deployment-table, error=null] at oracle.dbtools.http.auth.RequestAuthorizationProvider.authorize(RequestAuthorizationProvider.java:142)
However it works if bypass the sign-in form including the "Authorization: Basic XXXX" header on my request: e.g.
curl --basic --user myuser https://my.domain.com/ords/my_schema /deployment/
Any thoughts on this?
Thanks in advance,
ps: I will provide some log traces about this.
pps: my final aim is to make this work for OAUTH2 clients and integrate it with our SSO solution (SAML2).
Message was edited by: Luis The role is crud-deployments and not crud-operations-on-deployment-table, this means that your user needs to be member of crud-deployments groups in the LDAP