Configuring AD Authenticator in WLP 8.1 - Weblogic

This is a discussion on Configuring AD Authenticator in WLP 8.1 - Weblogic ; I have created an AD Authenticator in the console and set the appropriate settings (I think). I have also created a user(who also exists by username in AD) in the weblogic admin tool. I have copied the sample login portlet ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Configuring AD Authenticator in WLP 8.1

  1. Configuring AD Authenticator in WLP 8.1


    I have created an AD Authenticator in the console and set the appropriate settings
    (I think). I have also created a user(who also exists by username in AD) in the
    weblogic admin tool. I have copied the sample login portlet that comes with
    the sample portlet into my Portal App for this test. Is there anything else that
    I need to do to be able to authenticate via Active Directory (because it is not
    working)?

    One more thing. I thought that I had read that security was going to be very
    different in WLP 8.1, but it looks very similar to previous versions.

    Thanks in advance

    Jeremy

  2. Re: Configuring AD Authenticator in WLP 8.1

    Jeremy,

    AD has been tested successfully with WLP for authentication.

    I'm wondering why you created the same username in the WLS provider?
    When the same user exists (but possibly with a different pwd)
    in more than one authenticator, you need to pay special
    attention to the state of the "Control Flag" on each provider.

    WLP security in 8.1 utilizes the WLS security framework introduced
    in 7.0. WLP security in 7.0 utilized the compatibility realm.

    Hope that helps.

    -Phil

    "Jeremy Mann" wrote in message
    news:3f44dadd$1@newsgroups.bea.com...
    >
    > I have created an AD Authenticator in the console and set the appropriate

    settings
    > (I think). I have also created a user(who also exists by username in AD)

    in the
    > weblogic admin tool. I have copied the sample login portlet that comes

    with
    > the sample portlet into my Portal App for this test. Is there anything

    else that
    > I need to do to be able to authenticate via Active Directory (because it

    is not
    > working)?
    >
    > One more thing. I thought that I had read that security was going to be

    very
    > different in WLP 8.1, but it looks very similar to previous versions.
    >
    > Thanks in advance
    >
    > Jeremy




  3. Re: Configuring AD Authenticator in WLP 8.1

    From: "Phil Griffin"
    Newsgroups: weblogic.developer.interest.security
    References: <3f44dadd$1@newsgroups.bea.com> <3f4633f4@newsgroups.bea.com> <3f464a18$1@newsgroups.bea.com>
    Subject: Re: Configuring AD Authenticator in WLP 8.1
    Date: Fri, 22 Aug 2003 13:02:24 -0600
    Lines: 96
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
    NNTP-Posting-Host: 216.148.48.18
    X-Original-NNTP-Posting-Host: 216.148.48.18
    Message-ID: <3f46686b@newsgroups.bea.com>
    X-Trace: newsgroups.bea.com 1061578859 216.148.48.18 (22 Aug 2003 12:00:59 -0700)
    X-Original-Trace: 22 Aug 2003 12:00:59 -0700, 216.148.48.18
    Organization: BEA NEWS SITE
    XPident: Unknown
    Path: newsgroups.bea.com!not-for-mail
    Xref: newsgroups.bea.com weblogic.developer.interest.security:10560

    Ok, that is a different issue. You are authenticating successfully, but have
    run
    into the limitation that WLP user profile code only "knows" about a single
    authentication provider. Our bad...fix is scheduled for service pack 2 (a
    couple months away).

    If your portal only needs to be aware of the AD users/groups, then you
    can configure WLP as such and you'll be good-to-go (otherwise, you'll
    have to get SP2).

    See
    http://edocs.bea.com/wlp/docs81/java...RealmHelper.ht
    ml
    for configuration info.

    -Phil

    "Jeremy Mann" wrote in message
    news:3f464a18$1@newsgroups.bea.com...
    >
    > Ok - that helps a bit. So I am bringing back users from AD and I get see

    them
    > in the console under user management. When I login to the portal via an

    local
    > user that I created in the portal admin tool it works fine. When I login

    via
    > an AD user I get the following error.
    >
    > Are you sure that I don't need to do something in the PortalAdminTool? I

    only
    > see AD users in the console but not in the PortalAdminTool.
    >
    > Thanks - Jeremy
    >
    > Cannot invoke 'postLogin' method on SessionHelper because

    com.bea.p13n.usermgmt.UserManagementException:
    > Cannot get new user profile because java.rmi.RemoteException: EJB

    Exception: ;
    > nested exception is:
    > com.bea.p13n.usermgmt.UserManagementException: User xman was not found.
    > caused by: : com.bea.p13n.usermgmt.UserManagementException: Cannot get new

    user
    > profile because java.rmi.RemoteException: EJB Exception: ; nested

    exception is:
    >
    > com.bea.p13n.usermgmt.UserManagementException: User xman was not found.
    >
    > "Phil Griffin" wrote:
    > >Jeremy,
    > >
    > >AD has been tested successfully with WLP for authentication.
    > >
    > >I'm wondering why you created the same username in the WLS provider?
    > >When the same user exists (but possibly with a different pwd)
    > >in more than one authenticator, you need to pay special
    > >attention to the state of the "Control Flag" on each provider.
    > >
    > >WLP security in 8.1 utilizes the WLS security framework introduced
    > >in 7.0. WLP security in 7.0 utilized the compatibility realm.
    > >
    > >Hope that helps.
    > >
    > >-Phil
    > >
    > >"Jeremy Mann" wrote in message
    > >news:3f44dadd$1@newsgroups.bea.com...
    > >>
    > >> I have created an AD Authenticator in the console and set the

    appropriate
    > >settings
    > >> (I think). I have also created a user(who also exists by username

    > >in AD)
    > >in the
    > >> weblogic admin tool. I have copied the sample login portlet that

    > >comes
    > >with
    > >> the sample portlet into my Portal App for this test. Is there anything

    > >else that
    > >> I need to do to be able to authenticate via Active Directory (because

    > >it
    > >is not
    > >> working)?
    > >>
    > >> One more thing. I thought that I had read that security was going

    > >to be
    > >very
    > >> different in WLP 8.1, but it looks very similar to previous versions.
    > >>
    > >> Thanks in advance
    > >>
    > >> Jeremy

    > >
    > >

    >




  4. Re: Configuring AD Authenticator in WLP 8.1

    From: "Jeremy Mann"
    Sender: "Jeremy Mann"
    Reply-To: "Jeremy Mann"
    Subject: Re: Configuring AD Authenticator in WLP 8.1
    Newsgroups: weblogic.developer.interest.security
    X-User-Info: 64.2.113.10
    References: <3f44dadd$1@newsgroups.bea.com> <3f4633f4@newsgroups.bea.com> <3f464a18$1@newsgroups.bea.com> <3f46686b@newsgroups.bea.com>
    NNTP-Posting-Host: 64.2.113.10
    X-Original-NNTP-Posting-Host: 64.2.113.10
    Message-ID: <3f46719c@newsgroups.bea.com>
    Date: 22 Aug 2003 12:40:12 -0700
    X-Trace: newsgroups.bea.com 1061581212 64.2.113.10 (22 Aug 2003 12:40:12 -0700)
    X-Original-Trace: 22 Aug 2003 12:40:12 -0700, 64.2.113.10
    Organization: BEA NEWS SITE
    Lines: 121
    XPident: Unknown
    Path: newsgroups.bea.com!not-for-mail
    Xref: newsgroups.bea.com weblogic.developer.interest.security:10561


    Thanks Phil,

    Those javadocs will be helpful. I think what was happening was that I was successfully
    authenticating via the server, but because no profile existed for the user in
    the Portal it was throwing an error when trying to implement personalization.
    For now, my solution is to create the user in the PortalAdminTool and give that
    use a generic password. I can now successfully login with my ldap password and
    use the PortalAdminTool to create personalization. Is this what you are talking
    about being fixed in sp2? If so does that mean the a user profile in the Portal
    will be automatically created if one does not already exist?

    Thanks

    Jeremy

    "Phil Griffin" wrote:
    >Ok, that is a different issue. You are authenticating successfully, but
    >have
    >run
    >into the limitation that WLP user profile code only "knows" about a single
    >authentication provider. Our bad...fix is scheduled for service pack
    >2 (a
    >couple months away).
    >
    >If your portal only needs to be aware of the AD users/groups, then you
    >can configure WLP as such and you'll be good-to-go (otherwise, you'll
    >have to get SP2).
    >
    > See
    >http://edocs.bea.com/wlp/docs81/java...RealmHelper.ht
    >ml
    >for configuration info.
    >
    >-Phil
    >
    >"Jeremy Mann" wrote in message
    >news:3f464a18$1@newsgroups.bea.com...
    >>
    >> Ok - that helps a bit. So I am bringing back users from AD and I get

    >see
    >them
    >> in the console under user management. When I login to the portal via

    >an
    >local
    >> user that I created in the portal admin tool it works fine. When I

    >login
    >via
    >> an AD user I get the following error.
    >>
    >> Are you sure that I don't need to do something in the PortalAdminTool?

    > I
    >only
    >> see AD users in the console but not in the PortalAdminTool.
    >>
    >> Thanks - Jeremy
    >>
    >> Cannot invoke 'postLogin' method on SessionHelper because

    >com.bea.p13n.usermgmt.UserManagementException:
    >> Cannot get new user profile because java.rmi.RemoteException: EJB

    >Exception: ;
    >> nested exception is:
    >> com.bea.p13n.usermgmt.UserManagementException: User xman was not found.
    >> caused by: : com.bea.p13n.usermgmt.UserManagementException: Cannot

    >get new
    >user
    >> profile because java.rmi.RemoteException: EJB Exception: ; nested

    >exception is:
    >>
    >> com.bea.p13n.usermgmt.UserManagementException: User xman was not found.
    >>
    >> "Phil Griffin" wrote:
    >> >Jeremy,
    >> >
    >> >AD has been tested successfully with WLP for authentication.
    >> >
    >> >I'm wondering why you created the same username in the WLS provider?
    >> >When the same user exists (but possibly with a different pwd)
    >> >in more than one authenticator, you need to pay special
    >> >attention to the state of the "Control Flag" on each provider.
    >> >
    >> >WLP security in 8.1 utilizes the WLS security framework introduced
    >> >in 7.0. WLP security in 7.0 utilized the compatibility realm.
    >> >
    >> >Hope that helps.
    >> >
    >> >-Phil
    >> >
    >> >"Jeremy Mann" wrote in message
    >> >news:3f44dadd$1@newsgroups.bea.com...
    >> >>
    >> >> I have created an AD Authenticator in the console and set the

    >appropriate
    >> >settings
    >> >> (I think). I have also created a user(who also exists by username
    >> >in AD)
    >> >in the
    >> >> weblogic admin tool. I have copied the sample login portlet that
    >> >comes
    >> >with
    >> >> the sample portlet into my Portal App for this test. Is there anything
    >> >else that
    >> >> I need to do to be able to authenticate via Active Directory (because
    >> >it
    >> >is not
    >> >> working)?
    >> >>
    >> >> One more thing. I thought that I had read that security was going
    >> >to be
    >> >very
    >> >> different in WLP 8.1, but it looks very similar to previous versions.
    >> >>
    >> >> Thanks in advance
    >> >>
    >> >> Jeremy
    >> >
    >> >

    >>

    >
    >



  5. Re: Configuring AD Authenticator in WLP 8.1

    Yes, the SP2 fix will create a profile even if the user doesn't exist in the
    (only) authentication provider that WLP knows about. This will
    prevent you from needing to create the user in multiple authenticators.

    -Phil

    "Jeremy Mann" wrote in message
    news:3f46719c@newsgroups.bea.com...
    >
    > Thanks Phil,
    >
    > Those javadocs will be helpful. I think what was happening was that I was

    successfully
    > authenticating via the server, but because no profile existed for the user

    in
    > the Portal it was throwing an error when trying to implement

    personalization.
    > For now, my solution is to create the user in the PortalAdminTool and

    give that
    > use a generic password. I can now successfully login with my ldap

    password and
    > use the PortalAdminTool to create personalization. Is this what you are

    talking
    > about being fixed in sp2? If so does that mean the a user profile in the

    Portal
    > will be automatically created if one does not already exist?
    >
    > Thanks
    >
    > Jeremy
    >
    > "Phil Griffin" wrote:
    > >Ok, that is a different issue. You are authenticating successfully, but
    > >have
    > >run
    > >into the limitation that WLP user profile code only "knows" about a

    single
    > >authentication provider. Our bad...fix is scheduled for service pack
    > >2 (a
    > >couple months away).
    > >
    > >If your portal only needs to be aware of the AD users/groups, then you
    > >can configure WLP as such and you'll be good-to-go (otherwise, you'll
    > >have to get SP2).
    > >
    > > See

    >
    >http://edocs.bea.com/wlp/docs81/java.../RealmHelper.h

    t
    > >ml
    > >for configuration info.
    > >
    > >-Phil
    > >
    > >"Jeremy Mann" wrote in message
    > >news:3f464a18$1@newsgroups.bea.com...
    > >>
    > >> Ok - that helps a bit. So I am bringing back users from AD and I get

    > >see
    > >them
    > >> in the console under user management. When I login to the portal via

    > >an
    > >local
    > >> user that I created in the portal admin tool it works fine. When I

    > >login
    > >via
    > >> an AD user I get the following error.
    > >>
    > >> Are you sure that I don't need to do something in the PortalAdminTool?

    > > I
    > >only
    > >> see AD users in the console but not in the PortalAdminTool.
    > >>
    > >> Thanks - Jeremy
    > >>
    > >> Cannot invoke 'postLogin' method on SessionHelper because

    > >com.bea.p13n.usermgmt.UserManagementException:
    > >> Cannot get new user profile because java.rmi.RemoteException: EJB

    > >Exception: ;
    > >> nested exception is:
    > >> com.bea.p13n.usermgmt.UserManagementException: User xman was not found.
    > >> caused by: : com.bea.p13n.usermgmt.UserManagementException: Cannot

    > >get new
    > >user
    > >> profile because java.rmi.RemoteException: EJB Exception: ; nested

    > >exception is:
    > >>
    > >> com.bea.p13n.usermgmt.UserManagementException: User xman was not found.
    > >>
    > >> "Phil Griffin" wrote:
    > >> >Jeremy,
    > >> >
    > >> >AD has been tested successfully with WLP for authentication.
    > >> >
    > >> >I'm wondering why you created the same username in the WLS provider?
    > >> >When the same user exists (but possibly with a different pwd)
    > >> >in more than one authenticator, you need to pay special
    > >> >attention to the state of the "Control Flag" on each provider.
    > >> >
    > >> >WLP security in 8.1 utilizes the WLS security framework introduced
    > >> >in 7.0. WLP security in 7.0 utilized the compatibility realm.
    > >> >
    > >> >Hope that helps.
    > >> >
    > >> >-Phil
    > >> >
    > >> >"Jeremy Mann" wrote in message
    > >> >news:3f44dadd$1@newsgroups.bea.com...
    > >> >>
    > >> >> I have created an AD Authenticator in the console and set the

    > >appropriate
    > >> >settings
    > >> >> (I think). I have also created a user(who also exists by username
    > >> >in AD)
    > >> >in the
    > >> >> weblogic admin tool. I have copied the sample login portlet that
    > >> >comes
    > >> >with
    > >> >> the sample portlet into my Portal App for this test. Is there

    anything
    > >> >else that
    > >> >> I need to do to be able to authenticate via Active Directory

    (because
    > >> >it
    > >> >is not
    > >> >> working)?
    > >> >>
    > >> >> One more thing. I thought that I had read that security was going
    > >> >to be
    > >> >very
    > >> >> different in WLP 8.1, but it looks very similar to previous

    versions.
    > >> >>
    > >> >> Thanks in advance
    > >> >>
    > >> >> Jeremy
    > >> >
    > >> >
    > >>

    > >
    > >

    >




+ Reply to Thread