Authentication Prompt for WebLogic applications protected by OAM 10g

Hi All,

Environment details:

OAM 10g in Solaris

IIS Web Server (in different machine ) configured with WebLogic proxy.

WebLogic server (in different machine) where application is deployed.

IWA is enabled with OAM 10g.

Problem Description:

There is a LBR front ending IIS Web Server. IWA is implemented in IIS Web Servers by installing webgate. IWA is working where NTLM authentication is performed and cookies are set. However while the browser is redirecting to the weblogic application, it is displaying a Prompt window for user credentials. Even after entering correct credentials, it is not honoring that and eventually fails with a message 401, Authorization failed.

Solution:

  1. Goto the WebLogic server where the admin server is installed.
  2. Execute the wlst.sh or wlst.cmd accordingly.
  3. Execute connect() and enter the appropriate details when prompted.
  4. Execute cd(‘SecurityConfiguration’)
  5. Execute ls()
  6. The above command displays the domain, execute cd(‘<domain-name>’)
  7. Execute ls()
  8. Observe the parameter EnforceValidBasicAuthCredentials which would be set to true.
  9. Execute edit()
  10. Execute startEdit()
  11. Execute cd(‘SecurityConfiguration’)
  12. Execute cd(‘<domain-name>’)
  13. Execute set(‘EnforceValidBasicAuthCredentials’,’false’)
  14. Execute save()
  15. Execute activate()
  16. Restart the WebLogic servers.
  17. Open the config.xml of the weblogic domain. Observe the value enforce-valid-basic-auth-credentials set to false. In our case, I had changed this flag to false in config.xml and bounced the weblogic servers but the flag value was not reflected and hence had to go through command line approach.

 

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

3 comments
» Edit MBeanServer is not enabled for managed server Online Apps DBA: One Stop Shop for Apps DBA’s says March 30, 2013

[…] in Uncategorized This post is a follow-up for the solution described in the previous post. I have come across an issue while executing edit() command after connecting to weblogic server. […]

Reply
Gupta says May 20, 2013

Hi Atul,

I need to protect a web application using OAM 11g, in which we have only 2 jsp’s deployed on tomcat server. One is login.jsp and the remaining is dashboard.jsp. I am validating the user against OracleDB using User table, in which we have 3 columns username,password and role.

Can you please elaborate the procedure to protect this custom java based web app with OAM 11g.

Thanks & Regards,
Gupta Katakam

Reply
Mahendra says May 20, 2013

Gupta,

The recommended process is to use OVD since users are stored in DB. If you can’t use OVD, then you have to write custom auth plugin. In addition you have to use HTTP server front ending Tomcat server.

Install the webgate on HTTP Server, protect only dashboard.jsp and unprotect login.jsp.

Hope this helps.

-Mahendra

Reply
Add Your Reply