Active Directory Authentication in Weblogic 8.1 - Weblogic

This is a discussion on Active Directory Authentication in Weblogic 8.1 - Weblogic ; Hi, We want to do authentication from Microsoft Active Directory using weblogic 8.1. I have created a Active directory and configured weblogic from console to use it. But it is still not working. Your help with these question would be ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Active Directory Authentication in Weblogic 8.1

  1. Active Directory Authentication in Weblogic 8.1


    Hi,

    We want to do authentication from Microsoft Active Directory using weblogic 8.1.
    I have created a Active directory and

    configured weblogic from console to use it. But it is still not working. Your
    help with these question would be highly

    appreciated.

    1. Is there anyone in group who have tried this before. Please let me know how
    to proceed.
    2. Is there any tool by which I can get to know the different attribute asked
    for configuration in Weblogic?
    3. I am not able to login to my application after configuration. Is there any
    other way to come to know whether it is working

    or not?

    There could be plethora of reason but nothing which can come to my mind. Everything
    seems to be configured correctly. Here is

    portion of my config.xml related with authentication:




    PasswordPolicy="wl_default_password_policy"
    Realm="wl_default_realm" RealmSetup="true">
    ControlFlag="SUFFICIENT"
    Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>

    ActiveTypes="AuthenticatedUser"
    Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
    Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
    Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
    Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
    Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
    Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
    Adjudicator="Security:Name=myrealmDefaultAdjudicator"


    AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security :Name=myrealmDefaultIdentityAsserter|Security:Name

    =myrealmADAuthenticator"
    Authorizers="Security:Name=myrealmDefaultAuthorizer"
    CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
    DefaultRealm="true" DisplayName="myrealm"
    Name="Security:Name=myrealm"
    RoleMappers="Security:Name=myrealmDefaultRoleMapper"

    UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
    Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>

    ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
    DisplayName="ADAuthenticator" FollowReferrals="false"
    GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
    Name="Security:Name=myrealmADAuthenticator"
    Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>



    First, of all is it possible to use Active Directory authentication in Weblogic
    without writing any custom code. If yes, how?

    Thanks in advance,
    Amit Tyagi

  2. Re: Active Directory Authentication in Weblogic 8.1


    Amit,

    We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
    and downs though.
    |
    |
    1) First, make sure you are sending right LDAP queries to AD. To verify this,
    we used free 3rd party LDAP browser from Softerra. There is also java based free
    browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
    Play with your LDAP settings using this and make sure AD is returning the right
    data.
    |
    2) AD has some default settings that makes it return only the top 1000 users.
    Use ntdsutil.exe to modify these default settings
    |
    3) AD needs to have the right set of users and groups. To configure this, refer
    to WLS docs. This is very well documented in WLS docs. Also refer to this article
    http://dev2dev.bea.com/products/wlpo...lp70_MSADS.jsp as additional
    reference
    |
    4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
    one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
    another product AD/AM (AD in Application Mode) in combination with MIIS server.
    But if you are using sp2, you shouldn't be worry about this.
    |
    5) In your providers, you might want to get rid of the DefaultAuthentication provider,
    once you are able to establish a connection with your ActiveDirectoryAuthentication
    provider. The DefaultAuthentication provider causes some problems and does not
    let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
    investgated the root of this prob. When we deleted DefaultAuthentication provider,
    everything worked normally - so we didn't really care that much :-)
    |
    6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
    your are able to authenticate talk to your AD.
    |
    These are the ones I could think of. Hope this helps..

    Regards,
    Anant

    "Amit" wrote:
    >
    >Hi,
    >
    >We want to do authentication from Microsoft Active Directory using weblogic
    >8.1.
    >I have created a Active directory and
    >
    >configured weblogic from console to use it. But it is still not working.
    >Your
    >help with these question would be highly
    >
    >appreciated.
    >
    >1. Is there anyone in group who have tried this before. Please let me
    >know how
    >to proceed.
    >2. Is there any tool by which I can get to know the different attribute
    >asked
    >for configuration in Weblogic?
    >3. I am not able to login to my application after configuration. Is there
    >any
    >other way to come to know whether it is working
    >
    >or not?
    >
    >There could be plethora of reason but nothing which can come to my mind.
    >Everything
    >seems to be configured correctly. Here is
    >
    >portion of my config.xml related with authentication:
    >
    >
    >
    >
    > > PasswordPolicy="wl_default_password_policy"
    > Realm="wl_default_realm" RealmSetup="true">
    > > ControlFlag="SUFFICIENT"
    > Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
    >
    > > ActiveTypes="AuthenticatedUser"
    > Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
    > > Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
    > > Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
    > > Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
    > > Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
    > > Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
    > > Adjudicator="Security:Name=myrealmDefaultAdjudicator"
    >
    >
    >AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security :Name=myrealmDefaultIdentityAsserter|Security:Name
    >
    >=myrealmADAuthenticator"
    > Authorizers="Security:Name=myrealmDefaultAuthorizer"
    > CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
    > DefaultRealm="true" DisplayName="myrealm"
    > Name="Security:Name=myrealm"
    > RoleMappers="Security:Name=myrealmDefaultRoleMapper"
    >
    >UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
    > > Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
    >
    > > ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
    > DisplayName="ADAuthenticator" FollowReferrals="false"
    > GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
    > Name="Security:Name=myrealmADAuthenticator"
    > Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
    >

    >
    >
    >First, of all is it possible to use Active Directory authentication in
    >Weblogic
    >without writing any custom code. If yes, how?
    >
    >Thanks in advance,
    >Amit Tyagi



  3. RE: Re: Active Directory Authentication in Weblogic 8.1

    Is the ActiveDirectoryAuthenticator provider compatible with AD in Application Mode (ADAM)?

    Thanks

+ Reply to Thread