Resetting security realm - HELP!!!!! - Weblogic

This is a discussion on Resetting security realm - HELP!!!!! - Weblogic ; Hello, I was trying to configure WLS 7.0 SP2 so that it uses the default realm myrealm (the one set up out-of-box) instead of the compatibility realm. I added an iPlanet authentication provider so that the server will authenticate users ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Resetting security realm - HELP!!!!!

  1. Resetting security realm - HELP!!!!!

    Hello,

    I was trying to configure WLS 7.0 SP2 so that it uses the default realm
    myrealm (the one set up out-of-box) instead of the compatibility realm. I
    added an iPlanet authentication provider so that the server will
    authenticate users against our LDAP server. However once I made that change,
    I cannot start up the server at all with the following error:

    <000364> failed during initializat
    ion. Exception:java.lang.SecurityException: Authentication for user denied
    java.lang.SecurityException: Authentication for user denied
    at
    weblogic.security.service.SecurityServiceManager.d oBootAuthorization(Securit
    yServiceManag
    er.java:1078)
    at
    weblogic.security.service.SecurityServiceManager.i nitialize(SecurityServiceM
    anager.java:1
    216)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:72 3)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594 )
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
    at weblogic.Server.main(Server.java:32)
    >

    <000342> to initialize the server
    : Fatal initialization exception
    Throwable: java.lang.SecurityException: Authentication for user denied
    java.lang.SecurityException: Authentication for user denied
    at
    weblogic.security.service.SecurityServiceManager.d oBootAuthorization(Securit
    yServiceManag
    er.java:1078)
    at
    weblogic.security.service.SecurityServiceManager.i nitialize(SecurityServiceM
    anager.java:1
    216)
    at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:72 3)
    at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594 )
    at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
    at weblogic.Server.main(Server.java:32)
    >


    This error is returned regardless of what user name I enter, 'system'
    doesn't work. Even the ones that exist in the LDAP server doesn't work.

    I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My question
    is, how can I re-configure the server without using the console (which
    cannot be accessed since the server doesn't startup)?

    I appreciate any insight on this...thank you!

    Makoto



  2. Re: Resetting security realm - HELP!!!!!


    "Makoto Suzuki" wrote in message
    news:3f590937$1@newsgroups.bea.com...
    > Hello,
    >
    > I was trying to configure WLS 7.0 SP2 so that it uses the default realm
    > myrealm (the one set up out-of-box) instead of the compatibility realm. I
    > added an iPlanet authentication provider so that the server will
    > authenticate users against our LDAP server. However once I made that

    change,
    > I cannot start up the server at all with the following error:
    >
    > <000364> > failed during initializat
    > ion. Exception:java.lang.SecurityException: Authentication for user

    denied
    > java.lang.SecurityException: Authentication for user denied
    >


    What are the control flags for the different providers. If both requisite or
    required, then the
    user must exist in both the embedded ldap and the external ldap servers.

    > This error is returned regardless of what user name I enter, 'system'
    > doesn't work. Even the ones that exist in the LDAP server doesn't work.
    >

    The username and password may have to exist in both depending upon control
    flags.

    > I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My

    question
    > is, how can I re-configure the server without using the console (which
    > cannot be accessed since the server doesn't startup)?
    >


    That should have reverted the configuration to the last boot.
    You can dump the mbeans, change the control flag of the embedded ldap to
    optional, and
    then reboot and then use the console.




  3. Re: Resetting security realm - HELP!!!!!


    > What are the control flags for the different providers. If both requisite

    or
    > required, then the
    > user must exist in both the embedded ldap and the external ldap servers.


    You're right. It is set to Required.

    > The username and password may have to exist in both depending upon control
    > flags.


    I know the user system exists on the external ldap server.

    >
    > > I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My

    > question
    > > is, how can I re-configure the server without using the console (which
    > > cannot be accessed since the server doesn't startup)?
    > >

    >
    > That should have reverted the configuration to the last boot.
    > You can dump the mbeans, change the control flag of the embedded ldap to
    > optional, and
    > then reboot and then use the console.


    Now how would i do that without firing up the console? Could you give us
    pointer to which file, tool, etc. to use?

    Thank you,
    Makoto



  4. Re: Resetting security realm - HELP!!!!!



    Makoto Suzuki wrote:
    >>What are the control flags for the different providers. If both requisite

    >
    > or
    >
    >>required, then the
    >>user must exist in both the embedded ldap and the external ldap servers.

    >
    >
    > You're right. It is set to Required.
    >
    >
    >>The username and password may have to exist in both depending upon control
    >>flags.

    >
    >
    > I know the user system exists on the external ldap server.
    >
    >
    >>>I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My

    >>
    >>question
    >>
    >>>is, how can I re-configure the server without using the console (which
    >>>cannot be accessed since the server doesn't startup)?
    >>>

    >>
    >>That should have reverted the configuration to the last boot.
    >>You can dump the mbeans, change the control flag of the embedded ldap to
    >>optional, and
    >>then reboot and then use the console.

    >
    >
    > Now how would i do that without firing up the console? Could you give us
    > pointer to which file, tool, etc. to use?


    Please refer to the documentation at,

    http://e-docs.bea.com/wls/docs70/adm.../failures.html

    Thanks,
    -satya

    >
    > Thank you,
    > Makoto
    >
    >



+ Reply to Thread