Help on Scope of Subject and WLSPrincipal - Weblogic

This is a discussion on Help on Scope of Subject and WLSPrincipal - Weblogic ; Hi, I am trying to understand the scope of WLSPrincipal. Does it span across various authenticators. For example, I have the following authenticators set DefaultAuthenticator (req) IplanetAuthenticator (sufficient) goes to DS1 and has user John. Iplanet added John to the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Help on Scope of Subject and WLSPrincipal

  1. Help on Scope of Subject and WLSPrincipal


    Hi,
    I am trying to understand the scope of WLSPrincipal. Does it span across various
    authenticators.
    For example, I have the following authenticators set
    DefaultAuthenticator (req)
    IplanetAuthenticator (sufficient) goes to DS1 and has user John. Iplanet added
    John to the subject as the authentication went through fine.

    So, will I be able to see the Subject with Principal (John) if I write a customAuthenticator?

    I wrote a small custom Authenticator and it show that it does not contain the
    Principal. Am I doing anything wrong???
    PLease Help!!!

    Thank you
    LAkshmi



  2. Re: Help on Scope of Subject and WLSPrincipal

    From: "Peter"
    Newsgroups: weblogic.developer.interest.security
    References: <3f0d7489$1@newsgroups.bea.com>
    Subject: Re: Help on Scope of Subject and WLSPrincipal
    Date: Thu, 7 Aug 2003 07:18:01 -0400
    Lines: 33
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    NNTP-Posting-Host: 216.148.48.18
    X-Original-NNTP-Posting-Host: 216.148.48.18
    Message-ID: <3f32357b@newsgroups.bea.com>
    X-Trace: newsgroups.bea.com 1060255099 216.148.48.18 (7 Aug 2003 04:18:19 -0700)
    X-Original-Trace: 7 Aug 2003 04:18:19 -0700, 216.148.48.18
    Organization: BEA NEWS SITE
    XPident: Unknown
    Path: newsgroups.bea.com!not-for-mail
    Xref: newsgroups.bea.com weblogic.developer.interest.security:10447


    "Lakshmi Chakravarthi" wrote in message
    news:3f0d7489$1@newsgroups.bea.com...
    >
    > Hi,
    > I am trying to understand the scope of WLSPrincipal. Does it span across

    various
    > authenticators.
    > For example, I have the following authenticators set
    > DefaultAuthenticator (req)
    > IplanetAuthenticator (sufficient) goes to DS1 and has user John. Iplanet

    added
    > John to the subject as the authentication went through fine.
    >
    > So, will I be able to see the Subject with Principal (John) if I write a

    customAuthenticator?
    >


    As part of the jaas login process, the default authenticator and iplanet
    authenticator will be called.
    The sufficient control flag has the following behavior.

    SUFFICIENT This LoginModule needs not succeed. If it does succeed, return
    control to the application. If it fails and other Authentication providers
    are configured, authentication proceeds down the LoginModule list.

    Since the iplanet authenticator is marked sufficient, if it succeeds, your
    custom authenticator will not be called.






+ Reply to Thread