INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!

Talk With Other Members
Be Notified Of Responses
To Your Posts
Keyword Search
One-Click Access To Your
Favorite Forums
Automated Signatures
On Your Posts
Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Tek-Tips LinkedIn^® Group

Join our
LinkedIn^® Group!

Hook up with past and present colleagues and classmates quickly.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site

(Download This Button Today!)

Feedback

...I enjoy spending time on it for personal growth (I learn from the questions I don't answer, and I reinforce/stay sharp on the topics I do answer), and to give back to humanity at large...

More...

Geography

Where in the world do Tek-Tips members come from?

Click Here To Find Out!

Tek-Tips Shirts!

Get your
Tek-Tips Forums
SWAG here!

Home > Forums > MIS/IT > e-Business > Oracle (BEA): WebLogic Forum

Weblogic Group Authentication

Read More Threads Like This One

iregk (IS/IT--Management)

9 Mar 11 9:23

Hi all,

I've hit an issue with a Weblogic deployment and application authenticating against MS Active Directory. WLS and AD from here on.

What works:
I've configured WLS to point to point to my active directory server and all filters and dn's etc... seem to be correct as under users and groups i get back all the users and groups setup within AD. It's a standard web appliction and in the weblogic.xml I've specificed the security role and in the principal name specified the users that i wish to use the application with. user1 and user2 as setup in AD (its a development system). This works fine however its not what I want.

<security-role-assignment>
<role-name>secureaccessrole</role-name>
<principal-name>user1,user2</principal-name>
</security-role-assignment>

What doesn't work:
As this system when rolled out to a client will have 300 users accessing it obviously I can't expect them to put in every single user into the weblogic.xml. What I want to do is specify the group that the users are in so that I only need to reference 3 or 4 groups as oppsed to 300 users. On our development system the users user1, user2 etc... are all in the Users group in AD.

<security-role-assignment>
<role-name>secureaccessrole</role-name>
<principal-name>Users</principal-name>
</security-role-assignment>

Question is what do I need to configure or how do I get the system to authenticate users that are members of a group rather than specifying the users themselves. I'm assuming this is down to the group filter setup or somethign like that. I've googled the hell out of it and gone through various sites such as this:

http://wls4mscratch.wordpress.com/2010/05/29/101/
and this
http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/

The only thing is surely the filter is correct if its pulling in all the groups from AD. Within the deployments I can select my deployment, see my role and in the url pattern of the security tab and I have the group Users specified so any user in the group Users shoudl have access.

In the logs with debug on for secutiry I can see the user being authenticated correctly but then it gets denied for each role so it seems that it's being authenticated however it's not been given access to the role specified in the weblogic.xml.

Anyone for any help or any good instructions for speficying AD groups as opposed to users?

Should say that this is WLS 10.3

Thanks
Graham

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Oracle (BEA): WebLogic