In this recipe, we will demonstrate how to configure Sun iPlanet as an alternative authentication provider for WebLogic.
Ensure that you have an instance of iPlanet installed and configured that has the group administrator defined. For the purpose of following this recipe create the demo user and add it to the Administrators group.
You will also need to have installed and configured an instance of Oracle SOA Suite running on Oracle WebLogic.
- Log in to Oracle WebLogic Server Admin Console (
http://host:port/console) with the user that has an administrator privilege, such asweblogic.Once logged in, within Domain Structure select Security Realms; this will list the currently-defined security realms.
- Next select myrealm; this will display the settings for myrealm.
Next, click Lock&Edit to edit the session. Then, select the Providers tab, and within that select the Authentication tab. This will list the authentication providers currently defined for myrealm.
- Click the New button to create a new authentication provider. This will open the authentication provider configuration page.
Enter a Name, such as
iPlanetProvider, and select Type as IPlanetAuthenticator as the authentication provider type and then click on OK.
- The authentication providers are listed in the order in which they will be called. We need to move iPlanetProvider to the top of the list.
To do this, click on Reorder, ensure iPlanetProvider is selected; then click on the up arrow to move it to the top of the list and then click on OK.
- Now, we need to configure our iPlanet Provider to connect to our instances of iPlanet; select iPlanetProvider from the authentication provider list, and click on the Configuration tab. From here, select the Provider Specific tab.
Here, we need to provide our iPlanet-specific connection details, as well as the location of our users and groups within the identity store, as detailed in the following table:
Field
Description
Host
The host of the machine hosting the iPlanet server.
Port
The port number on which the iPlanet server is listening.
Principal
Distinguished Name of the LDAP user that WebLogic server should use to connect to iPlanet.
Credential
The credential (password) used to connect to iPlanet.
SSLEnabled
If the connection to iPlanet uses SSL, select SSLEnabled.
User Base DN
The base Distinguished Name of the tree in the
LDAPdirectory that contains users.Group Base DN
The base Distinguished Name of the tree in the
LDAPdirectory that contains groups.Next select the Common tab, and set Control Flag to SUFFICIENT and click on Save.
- Finally, we need to set Control Flag to SUFFICIENT for our default authenticator.
Select Default Authenticator from the authentication provider list, click on the Configuration tab, and then select the Common tab. From here set Control Flag to SUFFICIENT and click on Save.
- The final step is to put our changes into effect. Within the Change Center, click on Activate Changes.
Next, shutdown and restart the Oracle WebLogic Admin Server and related managed servers.
We have defined two authentication providers, the first being the iPlanet authentication provider with the Control Flag set to SUFFICIENT, and the second being the default authenticator defined against the embedded LDAP.
When we log in as the demo user, WebLogic will attempt to authenticate the user against iPlanet. Assuming the password is correct, the authentication will be successful and the user will be logged in to the application.
When we log in as weblogic, authentication will fail against iPlanet, but because the iPlanet authentication provider is defined as sufficient WebLogic, it will attempt to authenticate the user against the embedded LDAP at the point at which it succeeds and the user will be logged in to the application.
Now, we are able to use Sun iPlanet for authentication. We should be able to see the users from iPlanet in WebLogic Administration Console.