Leave a Comment:
82 comments
Nice details.
I have an R12.1 e-business integrated to OID/SSO 10.1.4.3 and the SSO has an external authentication (custom IPASAuthInterface for a smartcard system). Works great for E-business logins. Can I use the same OID/SSO/Smartcard environment for WebLogic 10.3.1 logins as recommended here? It would really help my authentication issues.
Reply
@ dbabeege,
Yes you can use same OID environment for weblogic 10.3.1
If you also want SSO (single sign-on) with weblogin (authentication using OID is different from SSO) then check
documentation here
Hi Atul,
First of all, you’ve done a very nice compilation of all steps needed for LDAP authentication.
After doing all steps, i could see all LDAP users loaded through ‘Users and Groups’ tab in WLS console. However, I’m unable to log into OBIEE Answers with any LDAP user; it everytime says –
Unable to Sign In
An invalid User Name or Password was entered.
I also enabled debugging and checked AdminServer\logs but to no avail. Can you suggest, what could be wrong?
Reply @ Harsh,
Did you deploy OBIEE n weblogic ?
If yes which version of OBIEE and WebLogic you are running ?
which documentation you used to deploy OBIEE on WebLogic ?
Reply @ Harsh,
Good to hear that so what was issue ? Is this simple weblogic restart or something else ?
Thnx Atul. restarting weblogic and OPMN services fixed this issue..
Reply Atul – thanks for the SSO document reference. I realize SSO is a little off topic, however I’m trying to follow the document and in section 10.3.2, step 1.e. it has this:
An Oracle Fusion Middleware product such as Oracle Identity Management, Oracle SOA Suite, or Oracle WebCenter is required; it includes the provider required for OSSO by Oracle WebLogic Server in the following path:
ORACLE_INSTANCE/modules/oracle.ossoiap_11.1.1/ossoiap.jar
Any thoughts regarding which environment actually needs this jar file? It doesn’t exist in the existing 10.1.4.3 Identity Management environment. Also, we’ve installed an OHS 10g from the companion CD and we still can’t find the file.
In order to use SSO we need a newer (11g? “Oracle Fusion Middleware”??) identity management environment instead of the 10.1.4.3 IM we use with our e-business suite?
Reply @ Harsh,
This jar file is part of Fusion Middleware 11g of installation type SOA, WebCenter or Identity Managerement
In my case Fusion MW 11g home is /oracle/apps/fusion/mid with installation type of SOA
/oracle/apps/fusion/mid/Oracle_SOA1/modules/oracle.ossoiap_11.1.1
-bash-3.00# ls
ossoiap.jar
[…] To configure OID (Oracle Internet Directory) as Authentication Provider in WebLogic click here […]
Reply
Atul,
I was trying to integrate my 10.1.4.0.1 OID with ADS. I was able to do the sync from AD to OID. I am also able to authenticate AD users from SSO against ADS by running oidspadi.sh.
But later i realized that i missed excluding the orcladmin and other OID specific users to mention under “exception entry property”. For this i re-run the oidspadi.sh, after deleting “adwhencompare” and “adwhenbind” from PLug-in management through oidadmin. From then onwards i am not able to authenticate AD users. New users created in AD are getting synced to OID perfectly, but authentication is getting failed. Please help me on this
Hi Atul
I was tryig to create the OID Authenticator but it does not appear in the list box in new provider screen.
What i need to do or configurate to fix this??
Can you help me please??
Thanks
Reply @ Javier,
Which version of WebLogic you are using ? Did you or any one in team extended weblogic console (It is possible to change console properties so that only selective providers are available) ?
Update full nevigation path for your authentication provider (OIDAuthenticator)
Reply
Hi Atul,
Im trying to integrate OID with OSB. I hv WS having BPEL and OSB.
I have followed all step u have provided for integrating OID with weblogic server.
Now when i’m tryng to login with new username passoword in BPEL console, its worked fine but when trying to login in OSB console with new username password, it has showing authentication error.
Can you please provide me help to integrate OID with OSB?
@ Milind, Which version of OSB you are using ? What is error message in OSB managed server log file ?
Reply Hi Atul,
following are the OSB and WS version.
also find error which I got during logging.
I’m not able to trace the error in log files.
I have checked both log files.
1osb_server1.log and osb_server1-diagnostic.log
OSB version 11.
WS version 10.3.3.0
Authentication Denied
@ Milind,
Only user with IntegrationAdmin role can access OSB console .
http://download.oracle.com/docs/cd/E14571_01/doc.1111/e15867/roles.htm#i1074187
Create group in OID, map this group with WebLogic Role IntegrationAdmin and add user to OID group which you have mapped .
Let me know how it goes.
Reply
Your explanations are splendid, We are trying to provide the SSO authentication for our weblogic 10.3 portal with RSA Access Manager authentication. Could you please provide the steps for SSO integration of the WLP 10.3 with RSA Access Manager?
Thank you in Advance
Reply @Sravi,
Check steps in below guide which is for RSA with peoplesoft however conceptually it should be applicable to weblogic too (peoplesoft uses weblogic server)
http://italy.rsa.com/rsasecured/guides/cleartrust/PeopleSoft_PeopleSoft89_PT47_AxM6.pdf
Reply
Hi,
why i have to create a group in OID as Administrators and include in it a dummy user ?
Not i s possible to define group\profile for the dummy user in Weblogic ?
Reply @ cristiano,
By creating Administrators group and adding a user to that group, you make that user as weblogic administrator user.
When a user who is member of Administrators logs into weblogic (integrated with OID), weblogic gets information is member of Group Administrators. In WebLogic Roles , Admin Role of WebLogic is mapped to Administrators Group of LDAP server (OID or embedded ldap)
Other option is to find a user X in OID who is member of group Y, then go to WebLogic Roles section . Search for Admin Role and configure Admin Role to group Y .
This way user X in OID will become Admin user of WebLogic.
Reply I want to integrate WL 10.0 Mp2 with OID.
I have configured correctly the integration with WL 10.3 (11g), but i cant modify the LDAPAuthenticator created because this error is shown:
OBJECT DELETED: The object that you were viewing has been deleted,either by you or another user. Please make another selection.
what is happen ?
Reply the previous error happen only with WL 10 MP2, with WL 10.3 (11g) this integration was gone fine.
Reply THE SOLUTION:
Weblogic 10 MP2 64 bit work only with Java Rockit version jrrt-3.1.2-1.5.0
Atual – do you know if we can start weblogic server 10.3.x using an LDAP account and boot.properties file. We would like to have only one authentication provider for our security realm and want to remove the default authentication provider. The LDAP user who we will be using to start and stop the server is a part of OID group that is mapped to Global Admin role in weblogic.
Thank you.
Reply @ Me2,
Yes you can start weblogic using LDAP account. You can either create group administrators in LDAP and add weblogic admin user to this group
or
use one of existing group in OID and map it to Admin role in weblogic (WebLogic Console -> Security Realm -> your_realm -> Roles and Policies -> Global Roles -> Roles -> click on “view role conditions” against admin role -> click add condition and add your LDAP group here)
Reply Thanks Autul – I was able to configure it. I was having issues with ACI on the LDAP but all is good now.
Reply
Hello Atul,
I have serious problem.
When I change control flag to SUFFICIENT for OID Authentication Provider I can’t start weblogic.
./startWebLogic.sh
<Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
In OID is the user weblogic with the same password which in config file with login and password and group Administrators.
Reply @Alexander,
In order to understand this issue please answer following
1. Are you using boot.properties (if yes do not use boot.properties unless you can start from command prompt)
2. Remove user weblogic from oid and create user like weblogicoid and add that to group Administrator in OID (ensure that attribute userpasswd is set and value is defined for weblogicoid in OID)
3. Ensure that weblogic server can connect to OID server on port 3060 (this is default OID port)
4. Also make sure that in User Base DN and Groupbase DN in OID provider are set as per your OID.
Reply Many thank, Atul
I just added the weblogic user to the administrators group.
Hello Atul,
I can not understand a simple thing.
I have an application that is deployed on weblogic.
In this application, there is no authentication.
In OID I have one user weblogic in the group Administrators.
Now I want to statically protect url applications. When opening links, appear to page
SSO, after the authentication would provide access to the application.
I do not understand how to deal with groups. I in the OID create a user group for this application, add users there. How weblogic understand that the user belongs to this group and give access to the application?
@ Alexander,
WebLogic during authentication process (via authentication provider) weblogic authentication provider checks user and all groups assigned to user (in identity store) and populates them into subject . You can enable debug in ATN (authentication) and check admin server logs to see user and group queried from Identity store
Check here
http://download.oracle.com/docs/cd/E17904_01/web.1111/e13710/archtect.htm#i1052063
Thanks for the reply.
But I would like to clarify a bit unclear.
In OID, I created a user alex in the group webapp.
Link to the application module on weblogic domain is protected by SSO.
When I open a link that appears SSO page.
I enter a username alex with the appropriate password.
How weblogic knows that the user alex from the group webapp can give access to the application?
What I need to add to weblogic domain?
Addition
In the OID also is user alex2 with group webapp2.
This user does not have access to the application.
How to make the user alex had access, and alex2 – no?
[…] Internet Directory (OID) 11g using steps here (For OID integration with WebLogic Domain click here ). I also added an OID user to WebCenter Administrator role as mentioned […]
Reply @ Alexander ,
Which application we are talking here ?
Application should have roles defined (and allow or deny access to application based on role – This is authorization). Application roles are then mapped to group in OID (LDAP server).
Hope this helps
Reply […] Fix: Change control flag of default authentication provider (in weblogic domain) from REQUIRED to SUFFICIENT . More on control flag in WebLogic Authentication Provider here […]
Reply
Hi,
thanks a lot for your post, this has greatly helped me to configure OID in weblogic 10.3.5.
would you please answer the below doubt.
I have configured OID, and deployed a J2EE application in weblogic. when I try to login my credentials getting authunticated. server is bring back the login page.
can you suggest what would be the problem?
muthuvel.p
Reply @muthuvel,
J2EE app which you have deployed on weblogic server , is this custom application or standard oracle app ?
Either you are using wrong username or user is not authorised to access this application.
You can enable debug in atn & atz from weblogic console to find why this is failing.
Reply Hi,
thanks a lot for your immediate reply.
this is a custom J2EE application. we have migrated this from oc4j to weblogic 10.3.5.
In oc4j, LDAP details we have specified in the orion-application.xml file.
In web logic, I have followed your tutorial instruction, the configuration is success-full, As I am able to see the OID user names appearing in the console –> security –> user details screen.
when see the log I was able to see the Access allowed or Denied details depends on the correctness of password.
But after clicking on login into my application, the same login page is coming again.but in the log I was able to see authentication succeed. this is problem I am facing for last 10 days.
I have given some roles like testrole , abc and Administrators in the weblogic.xml and web.xml.
these roles are not present in the OID, OID have seperate set of roles.
Since I am migrating this application, I kept the earlier roles configuration as it is.
Please give your suggestion.
I would greatly appreciate it.
Pegards
Muthuvel.P
Hi,
few more details , I am present to your kind suggestions
I have cofigured roles in web.xml as shown below.
testrole
Administrator
Administrators
SuperRole
abc
ADMLoginRole
these same roles I have added in weblogic.xml
CBCMCashier
testrole
Administrator
Administrators
SuperRole
abc
ADMLoginRole
but none of these Roles except Administrators is available in the OID.
is this is a problem?
Muthuvel.P
Reply […] You must add additional Authentication Provider of type OID in WebLogic Security Realm (steps here and here ) so that OBIEE/WebLogic can authenticate users against […]
Reply […] 5.4 Configure OID as Authentication Provider in WewbCenter’s weblogic security realm. More on OID as authentication provider in WebLogic here […]
Reply
Hi Atul,
Thanks for such detailed information about OID integration with Weblogic. I have achieved that successfully.
I want to create users in Weblogic Embedded LDAP automatically from OID server. I guess, DIP does the same thing. I sync the other directory servers with OID, right?
Can i use DIP to push the users from OID to Weblogic embedded LDAP server? I could configure JExplorer to view both the servers, OID & Weblogic embedded LDAP.
Thanks & Regards,
Vikrant Korde
@ Vikrant Korde,
Though I have not tried my self but yes DIP should be able to handle this . Use synchronization component of DIP .
On side note , why do you want to duplicate users in OID and weblogic’s embedded LDAP server when weblogic can users OID users via OID Authentication Provider.
Reply I am doing implementation at client side and client wants us to keep groups in Weblogic however user credentials should be validated from OID.
Client want to create user with same name in Weblogic and assign IPM related groups in weblogic onlyl. OID will have a single group IPM which will define eligible users for IPM. Later Weblogic will define more specific rights for IPM. So to create users automatically from OID to Weblogic is mnadatory.
As weblogic doesn;t allow us to assign groups to users from other authentication source.
Hi Atul,
I want all the users in OID to be created in weblogic also.This is simple only integration or else it creates users to in weblogic realm.
OID as a stand alone application does not require WebLogic.
There are two J2EE applications (part of IDM)
a) DIP (used for provisioning and replication of OID with applications and other ldap)
b) OWSMM – Graphical User Interface to manage OID/OVD
These two applications require WebLogic.
WebLogic comes with its own embedded LDAP Server but ODSM and DIP uses users stored in OID and not weblogic’s embedded LDAP Server.
User is weblogic embedded LDAP server are used to login to application like weblogic console or enterprise manager (/em)
and WebLogic are two different thing and you ma
Reply Hi Atul,
Can i use DIP to integrate OID and Weblogic’s embedded LDAP server.
I want to create users of specific group from OID into Weblogic. I tried using DIP but it gives me an error of “destination attribute not found”. That attribute is mandatory. I could create some entities of OID in Weblogic but i am not able to create the Users.
Regards,
Vikrant Korde.
Hi Atual,
We have configured custom AD Authenticator with weblogic. we are experiencing issue when particular user tries to login to OIM OIM managed server goes down.
This is not happening for all users. Just the case with few users.
Any pointer would be a great help.
Thanks
Reply @ Pallavi,
Check OIM managed server and weblogic domain log file to see why OIM managed server is crashing on specific users.
Is there anything different for these users ?
Reply Managed server goes down and auto-restarted. we are able to reproduce the issue .. we asked to try login again for the same user and same thing happens some time OIM server restarted itself.
Reply com.thortech.xl.security.tcLoginException:
at com.thortech.xl.security.tcLoginExceptionUtil.createException(tcLoginExceptionUtil.java:96)
at com.thortech.xl.security.tcLoginExceptionUtil.createException(tcLoginExceptionUtil.java:53)
at com.thortech.xl.security.Authenticate.connect(Authenticate.java:231)
at com.thortech.xl.security.Authenticate.connect(Authenticate.java:71)
at com.thortech.xl.security.wl.XellerateLoginModuleImpl.login(XellerateLoginModuleImpl.java:159)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
@ Pallavi,
Are these users locked, expired ? Please raise SR with Oracle Support and try to find difference between set of users for whom this issue is happening..
Hi Atul,
To configure OID as a Authentication provider, what are the pre-requisite installation and configurations are required?
I have installed OIM by following your post on WLS.
Now I trying to execute \Oracle\Middleware\Oracle_IDM\bin\config.bat.
But it is not launching the config wizard.
Please help ASAP.. Big trouble
@ Vivek,
Are you planning to integrate OIM with OID ? If yes do not use this post. Share your requirement and steps/process will differ depending on requirement.
Hi atul,
I hav deployed simple j2ee drm application on epm managed server. So to access the webservice i need to havOIDauthentication privider.
So to configure OID when i try to ececute config.bat cnfig qizard doesnt start. Only on command line we.can see some teats are pSssd anfter that it exit.
Please tell me pre requisites of configuring oid authentication provider.
Thanks.
@Vivek,
You don’t use config.bat(.sh) to configure Authenticatuion Provider . Use WebLogic Console for same.
Thanks for quick response. atul i used the same steps u mentioned above. But unless we dont configure oid how can i use oid authentication provider. I created a provider, but in users and roles while creating provide it showsonly default authenticator.
Reply So did u mean after installation of OIM including OID i dont need to run config.bat??
Reply When you say you wish to configure authentication provider I was assuming you already have OID ready.
Issue for you is that you can’t start config.bat from OID oracle_home , am I right ? please post in right post to avoid issues like this. Your question should go under OID installation and configuration post .
Reply Hi Atul,
That worked for me. Thanks so much.
But can you please elaborate the testing?
i.e.
To test if Integration is working :Create a group (Administrators or Deployers or Operators or Monitors) and dummy user as member of group in OID and try to login to WebLogic Server using user in OID who is member of one of group in OID.
[…] More on integrating WebLogic Server with OID here […]
Reply
Hello Atul,
I have integrated weblogic server with sso to have single login for IPM and R12. In weblogic and in IPM I can see the sso users and login to IPM for sso users is also successful when I login through http://hostname.domain.com:16000/imaging.
I have registered the URL http://hostname.domain.com:7778 through ssoreg.sh. Now If I give http://hostname.domain.com:7778/imaging/faces it is redirecting to SSO login page, after I give credentials, I am getting 500 internal server error. Please help.
Reply @Charan,
Take HTTP Header Trace and see at stage 500 is happening ? The user that you are trying to login What role/group this user belong to ?
Verify that you have done steps mentioned in http://docs.oracle.com/cd/E28280_01/doc.1111/e15483/oam.htm#CACJADGI
Reply
Hi Team,
After configuration ldap in weblogic.
Suppose if ldap team added new group, Do we need to bounce the weblogic server everytime to see the new group in console or it will add dynamically?
Reply @ Vijay,
No restart is required at weblogic level, just log out and log back in to WebLogic Server and group should be visible .
Hi Atul,
Please check the header trace
POST /sso/auth HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://hostname:7777/sso/pages/login.jsp?site2pstoretoken=v1.4~CA42CA8E~FAC9280B22B1321338A6DBB585F121CFECD3B2C4BB16EECD1F7674D7B905DCA3ADA222337DD0C6C8CC7300C5703865307FCD755CC3151EE81A6061B6A1ABCE218EDFA3BFE60B8A8DD314EBB84BBA7F8364E0E9D0104069680E40A7AD51F7B1AFFF9289FB70DBEEF7696C75A3F9AF7FD5C5AC816ECA206A48C5B4B0936DEB5BB6EE6BB4FFA7EBC599A7BF7A8EEBB93A6535AF5CFC143927669ED395F5A2E6EF688EFCAEC1EABC4EE364275EB1175999308D0DDB852FB1CFD3EE7CF0A18503BFB810A79F7C9814D976&p_error_code=&p_submit_url=http%3A%2F%2Fhostname%3A7777%2Fsso%2Fauth&p_cancel_url=http%3A%2F%2Fhostname%3A7778&ssousername=&subscribername=
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: hostname:7777
Content-Length: 565
Connection: Keep-Alive
Cache-Control: no-cache
p_action=OK&v=v1.4&site2pstoretoken=v1.4%7ECA42CA8E%7EFAC9280B22B1321338A6DBB585F121CFECD3B2C4BB16EECD1F7674D7B905DCA3ADA222337DD0C6C8CC7300C5703865307FCD755CC3151EE81A6061B6A1ABCE218EDFA3BFE60B8A8DD314EBB84BBA7F8364E0E9D0104069680E40A7AD51F7B1AFFF9289FB70DBEEF7696C75A3F9AF7FD5C5AC816ECA206A48C5B4B0936DEB5BB6EE6BB4FFA7EBC599A7BF7A8EEBB93A6535AF5CFC143927669ED395F5A2E6EF688EFCAEC1EABC4EE364275EB1175999308D0DDB852FB1CFD3EE7CF0A18503BFB810A79F7C9814D976&appctx=&p_cancel_url=http%3A%2F%2Fhostname%3A7778&locale=&ssousername=testuser01&password=welcome123
HTTP/1.1 302 Moved Temporarily
Date: Thu, 27 Jun 2013 08:11:01 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Content-Length: 2181
Set-Cookie: SSO_ID=v1.2~1~C16025781FCDC5C19E002EFDB53D20F4D55C8A9548B8FBE9240E08769C6D4002DB4E65C239FF5E718DD85CC704C14574085C360B308AECAEF7352155C9F2A364A328905B7524361043A40C82D9090E07936E7450343550CDE61713B2A53791782852BB2FEDB476A9AADF3F6A374A490CA16DDF6A6EF5A3EC3EBCF378414726AA28D2DF7B0B5BA75FD91F939ED939955FD27CF87A34D73C5E09522EDCEDCD2075A5C55F9983DD66215B144433DF11470C7AAD3A34E0BDA54A5A71104D29F7AB95AD2AEE042E487A2FE8A5DEA3E50716782404D48ED070D6D4CCF2D73FE96265FF53F251B5C14531CC7AB050BE9533E01F12CF8256A0F3B2F4A58A07A12D4AC1EC; Path=/
Cache-Control: private
Location: http://hostname:7778/osso_login_success?urlc=v1.4~184A224F95172A88C9A3BF3B513D3B079FB8EDA70EF91B837EAD6843B3DDBD0064EB4799432679CEB9838020469F045971DCAC86DCD0C82F643B36C646F11F0F97D6AF9526F13370665D2021FF1880B30F6D8979C0A36E5120513797EC0622A805C71DB539B665B5934E427385E27D99D4698393E034921683B3E627C3E1185D4D80A252667234708DF8FDAB4C272C39EB18776BFAC231CBF150FC1C845F1952B1BE2E7696C48F4D4C9F3548AD50D1DC4089A2C4B5CD03EC1E69299D3098930A71DEE0BAE7B761579C38EDA680F32238C753F86B3C43EF0957E93639DD924B44A59A6B4A67A8F30865A5D46DB616CEA4D62E0D972482133D149C999A9777B1683D2ED602466F7036035902AD4BEE8CC30186302D3F4E867E5ECF400C71D7C348B65714EE6F172A49CAA905B6B0C8FE676BBA4EC1F140C63ABE5D6DA879FD98D7
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET /osso_login_success?urlc=v1.4~184A224F95172A88C9A3BF3B513D3B079FB8EDA70EF91B837EAD6843B3DDBD0064EB4799432679CEB9838020469F045971DCAC86DCD0C82F643B36C646F11F0F97D6AF9526F13370665D2021FF1880B30F6D8979C0A36E5120513797EC0622A805C71DB539B665B5934E427385E27D99D4698393E034921683B3E627C3E1185D4D80A252667234708DF8FDAB4C272C39EB18776BFAC231CBF150FC1C845F1952B1BE2E7696C48F4D4C9F3548AD50D1DC4089A2C4B5CD03EC1E69299D3098930A71DEE0BAE7B761579C38EDA680F32238C753F86B3C43EF0957E93639DD924B44A59A6B4A67A8F30865A5D46DB616CEA4D62E0D972482133D149C999A9777B1683D2ED602466F7036035902AD4BEE8CC30186302D3F4E867E5ECF400C71D7C348B65714EE6F172A49CAA905B6B0C8FE676BBA4EC1F140C63ABE5D6DA879FD98D7 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://hostname:7777/sso/pages/login.jsp?site2pstoretoken=v1.4~CA42CA8E~FAC9280B22B1321338A6DBB585F121CFECD3B2C4BB16EECD1F7674D7B905DCA3ADA222337DD0C6C8CC7300C5703865307FCD755CC3151EE81A6061B6A1ABCE218EDFA3BFE60B8A8DD314EBB84BBA7F8364E0E9D0104069680E40A7AD51F7B1AFFF9289FB70DBEEF7696C75A3F9AF7FD5C5AC816ECA206A48C5B4B0936DEB5BB6EE6BB4FFA7EBC599A7BF7A8EEBB93A6535AF5CFC143927669ED395F5A2E6EF688EFCAEC1EABC4EE364275EB1175999308D0DDB852FB1CFD3EE7CF0A18503BFB810A79F7C9814D976&p_error_code=&p_submit_url=http%3A%2F%2Fhostname%3A7777%2Fsso%2Fauth&p_cancel_url=http%3A%2F%2Fhostname%3A7778&ssousername=&subscribername=
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: hostname:7778
Cookie: SSO_ID=v1.2~1~C16025781FCDC5C19E002EFDB53D20F4D55C8A9548B8FBE9240E08769C6D4002DB4E65C239FF5E718DD85CC704C14574085C360B308AECAEF7352155C9F2A364A328905B7524361043A40C82D9090E07936E7450343550CDE61713B2A53791782852BB2FEDB476A9AADF3F6A374A490CA16DDF6A6EF5A3EC3EBCF378414726AA28D2DF7B0B5BA75FD91F939ED939955FD27CF87A34D73C5E09522EDCEDCD2075A5C55F9983DD66215B144433DF11470C7AAD3A34E0BDA54A5A71104D29F7AB95AD2AEE042E487A2FE8A5DEA3E50716782404D48ED070D6D4CCF2D73FE96265FF53F251B5C14531CC7AB050BE9533E01F12CF8256A0F3B2F4A58A07A12D4AC1EC
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 500 Internal Server Error
Date: Thu, 27 Jun 2013 08:11:01 GMT
Server: Oracle-Application-Server-11g
Set-Cookie: OHS-whostname-7778=2B2DF7FD4C31187084D42B250C498215D29B4F9A184B16527C0709045A1F81D2C0BEA30828A8BEB6E917ED0143894F5D4AADCC16EBB87682E43FD4E3896E855C0C6A86DE3964A45EA5992DA7F83D4EE43C93A688B90F325AFFDBB8875DC03458BC73A1C81258441F35A5429D318F6185F3E7DFAC4598BEA8C1814CAA7CA7DA7CC70618CF7500CE32115C1FF5853C5B7809F3136E9251B4DAB64251E1CE17BE811E25BB72B87FFA60C59F9248732B5983D726B91C0512FA10EA775314A1AD47AD3A8F1A951A0F6F4C02CE3B3B73713FB86F39F13AD2186F46BB3711E6EF34F638290487C74DD6A3E292B8AE3D837338A5D356842648AFF6C1~; path=/; secure;HTTPOnly
Content-Length: 375
Connection: close
Content-Type: text/html; charset=iso-8859-1
I had similar issue for one of my client.
See if this helps
1. Change $ORACLE_INSTNACE/config/OHS/ohs1/moduleconf/mod_osso.conf
2. Add following entry
SetHandler osso_login_success_handler
SetHandler osso_logout_success_handler
3. Restart OHS and test again
Update results in either case
Reply Hi Atul,
I need one more information.
We are using novel e directory for user accessing different applications (soa,bam and bpm).
I am giving different roles level like monitor , developer and tester .
How can i remove and console and em access. i just want to give only bpm and soa application level access.
Thanks,
Vijay
[…] steps mentioned here to add OID as additional Authentication Provider in WebLogic […]
Reply […] Security:090294 could not get connection javax. net. ssl. SSLKeyException FATAL Alert BAD_CERTIFICATE – A corrupt or unuseable certificate was received Posted in February 7th, 2014 byAtul Kumar in ssl, troubleshooting, weblogic In today’s post I am going to discuss issue while integrating WebLogic Server with LDAP Server (OID/OVD) listening on SSL. To know more about adding OID as authentication provider in WebLogic click here […]
Reply
After doing all steps, i could see all LDAP users loaded through ‘Users and Groups’ tab in WLS console.
I have deployed jsp application on WLS. I can login with WLS users but I’m unable to log with any LDAP user; it everytime says –
Unable to Sign In
Please advise
Hurrah! After all I got a web site from where I be able to truly obtain valuable data
concerning my study and knowledge.