Hi,

I have a issue regarding the Group/Role mapping for ActiveDirectory Authentication provider and the FORM based Container managed authentication. Any help is greatly appreciated.

Now, when I try to log on to protected resources under /pages/* as specified below, I do get redirected to login.jsp page as it should. But once I login with correct user name password combination, instead of going to protected resource I get redirected to login error page.

I verified that authentication is working, since I can print the user name using request.getRemoteUser() call.

But I think I am missing something in Authorization setup. I need to specify correct Group or role name somewhere in Active Directory setup or do Role mapping and that needs to match with what I have in weblogic.xml.

Please note that "Corp Users" is the OU in my Active Directory setup. I am providing "Corp Users" in weblogic.xml.

If I am thinking correctly, then where should I provide the role information? I have gone through weblogic 8.1 security documentation multiple times now but to no help!.

I am using weblogic server 8.1 SP2.

My web app is having following descriptor files and Active Directory Authentication provider definition:

security setting in web.xml:

index.jsp




Test web
Protect the following resources
/pages/*
GET
POST


user


This is how the user data must be transmitted.
NONE




FORM
myrealm

/login.jsp
/login_error.jsp



A role to access the secured pages
user





weblogic.xml




user
Corp Users




Authentication provider definition:

ControlFlag="SUFFICIENT" Credential="{3DES}X5aOoy1TBtg="
GroupBaseDN="OU=IS,OU=Corp Users,OU=Corp,DC=company,DC=net"
Host="dc01"
Name="Security:Name=myrealmActiveDirectoryAuthenticator"
Principal="cn=test user,ou=IS,ou=Corp Users,ou=Corp,dc=company,dc=net"
Realm="Security:Name=myrealm"
UserBaseDN="OU=IS,OU=Corp Users,OU=Corp,DC=company,DC=net"
UserFromNameFilter="(&(samAccountName=%u)(objectclass=user))" UserNameAttribute="samAccountName"/>


thanks in advance,

Rajesh