Authentication Prompt for WebLogic applications protected by OAM 10g

Hi All,

Environment details:

OAM 10g in Solaris

IIS Web Server (in different machine ) configured with WebLogic proxy.

WebLogic server (in different machine) where application is deployed.

IWA is enabled with OAM 10g.

Problem Description:

There is a LBR front ending IIS Web Server. IWA is implemented in IIS Web Servers by installing webgate. IWA is working where NTLM authentication is performed and cookies are set. However while the browser is redirecting to the weblogic application, it is displaying a Prompt window for user credentials. Even after entering correct credentials, it is not honoring that and eventually fails with a message 401, Authorization failed.

Solution:

  1. Goto the WebLogic server where the admin server is installed.
  2. Execute the wlst.sh or wlst.cmd accordingly.
  3. Execute connect() and enter the appropriate details when prompted.
  4. Execute cd(‘SecurityConfiguration’)
  5. Execute ls()
  6. The above command displays the domain, execute cd(‘<domain-name>’)
  7. Execute ls()
  8. Observe the parameter EnforceValidBasicAuthCredentials which would be set to true.
  9. Execute edit()
  10. Execute startEdit()
  11. Execute cd(‘SecurityConfiguration’)
  12. Execute cd(‘<domain-name>’)
  13. Execute set(‘EnforceValidBasicAuthCredentials’,’false’)
  14. Execute save()
  15. Execute activate()
  16. Restart the WebLogic servers.
  17. Open the config.xml of the weblogic domain. Observe the value enforce-valid-basic-auth-credentials set to false. In our case, I had changed this flag to false in config.xml and bounced the weblogic servers but the flag value was not reflected and hence had to go through command line approach.

 

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

3 comments
Add Your Reply