Skip to main content

Web Center: using a custom security provider other than LDAP [custom identity store]

So far everything looks like it will work I am just using the default auth provider and UCM is picking up my groups on login so now to integrate with Web center and use my custom auth provider.

Custom authentication provider is done and I can log in to my content server and application and everything is working. The snag is not of the webcenter custom profile pictures and webcenter goodies are working (it uses the JpsContextFactory etc and that ignores my provider and looks up the default weblogic provider and tries to use that).

I have replaced the identity store with a custom database implementation and everything seems to work [after a LOT of debugging].

Ok so step 1) The custom authentication provider - tons od documentation on how to do this eg: http://docs.oracle.com/cd/E12890_01/ales/docs32/dvspisec/progrmng.htmlhttp://docs.oracle.com/cd/E13222_01/wls/docs81/dvspisec/atn.html so I am not going to rehash this if you want I can post some code but it should not be necessary.

Quick Summary:

1) Create a class that implements javax.security.auth.spi.LoginModule and a ProviderImpl that implements weblogic.security.spi.AuthenticationProviderV2.

2) Create a Authentication provider xml see links for examples

3) Authenticator - I wanted my roles and users to be displayed on the weblogic console and the best way to get this done is via the AuthenticatorImpl. So extend weblogic.management.security.authentication.AuthenticatorImpl and implement the methods also name your CustomAutenticatorImpl the same name as your provider xml with an Impl.java at the end. (so CustomAutenticator.xml becomes CustomAutenticatorImpl).

Step 3) Ant - Ant build also dead simple and well documented but here is the crux:

<java classpath="../../deploy/otheclasses.jar;../../lib/com.bea.core.mbean.maker_1.5.0.0.jar;${oracle.weblogic.security.providers.library};${oracle.jdeveloper.weblogic.library};${oracle.jdeveloper.weblogic.commons.logging.library};${java.home}/../lib/tools.jar"
          classname="weblogic.management.commo.WebLogicMBeanMaker" fork="true"
          failonerror="true" >
      <jvmarg line="-Dfiles=${build_dir} -DMDFDIR=${build_dir} -DMJF=${build_dir}/${providersjar} -DpreserveStubs=true -DcreateStubs=true -DincludeSource=true"/>
</java>

Step 3) Custom Identity Store - this was the hard bit but thanks to this blog http://chintanblog.blogspot.com/2013/01/weblogic-custom-authentication-provider.html everything got a lot easier big thanks you saved me a LOT of time.

I just created my implementation of CustomSecurityProviderPlugin and configured the jps as detailed in the blog and it WORKED! (One note I had to change the following methods in CustomIdentityStore to get everything 100% for my enviroment)

    public oracle.security.idm.SearchResponse searchUsers(oracle.security.idm.SearchParameters p1, java.util.Set p2) {
        List userMap = this.customIdentityRepositoryHelper.searchUsers(p1.getFilter());
        SearchResponse response = createResponse(userMap);
        return response;
    }

    public SearchResponse createResponse(List users) {
        CustomSearchResponse respone = new CustomSearchResponse(this, users, Boolean.TRUE);
        return respone;
    }

    public StoreConfiguration getStoreConfiguration()
        throws IMException {
        return new CustomStoreConfiguration(properties);
    }

Step 4) Installation:
  Copy the authenticator jar to the [wl install]\wlserver_10.3\server\lib\mbeantypes
  Configure your provider as the first in the list and SUFFICIENT
  Configure your default provider as SUFFICIENT
  Copy the Identity Store jar into the classpath for weblogic
  Edit your jps-config.xml  [in YourDomainLocation\config\fmwconfig]

Everything should work now.

INSTALL PROBLEMS

Started with this today first problem installing webcenter on my local machine (with cluster) when starting node manager:

weblogic.nodemanager.common.ConfigException: Native version is enabled but nodem
anager native library could not be loaded

So I had to add a nodemanager.properties file in [wl_install_dir\wlserver_10.3\common\nodemanager] that has the following content

NativeVersionEnabled=false



Server is Running  in Development Mode and Native Library(terminalio) to read the password securely from commandline is not found.

Put the following in JAVA_OPTIONS in setDomain (just running locally so this should be ok and dont want to waste time looking for  terminalio)

-Dweblogic.management.allowPasswordEcho=true


Created the custom authentication provider: NOTE stop ALL managed servers and admin server before deploying the custom provider to server/lib/mbeantypes then restart. (else you get a weblogic.management.provider.UpdateExceptionThe prepare phase of the configuration update failed with an exception:)



Comments

Popular posts from this blog

ADF Encountered deferred syntax #{ in template text.

OracleJSP error: oracle.jsp.parse.JspParseException:  Error: Encountered deferred syntax #{ in template text.  If intended as a literal, escape it or set directive  deferredSyntaxAllowedAsLiteral This normally happens when you have some tag lib dependancy problems but this was  not the case for me... My problem: For some reason my model project had web stuff in it(public html etc)  so I had to remove the public html stuff from my project and manually edit the Model.jpr project file and remove the tag lib entries at the bottom o the file. Go figure.    

JBO-25013: TooManyObjectsException

oracle.jbo.TooManyObjectsException: JBO-25013: Too many objects match the primary key oracle.jbo.Key[Key null ]. Ok so for you it may be trying to insert a duplicate record this should explain your problem (also check trigger they could be the cause.) NOTE: You can also try to create a new duplicate EO if you have a page with two VO's using the same EO. This could sort your problems. For me I needed to add a launch listener on my LOV and clear the cache of my vo. LOV <af:inputListOfValues id="NameId" popupTitle="#{bindings.Name.hints.label}" value="#{bindings.RolName1.inputValue}" label="#{bindings.RolName1.hints.label}" model="#{bindings.RolName1.listOfValuesModel}" required="#{bindings.RolName1.hints.mandatory}" columns="#{bindings.RolName1.hints.displayWidth}" shortDesc="#{bindings.RolName1.hints.tooltip}" launchPopupListener="#{backingBeanScope.backingBean.launchPop

OJDeploy: Documentation for the tool

Real DOCS:  http://docs.oracle.com/cd/E26098_01/user.1112/e17455/deploying_apps.htm#OJDUG645 OJDeploy Documentation if you run it from the command line - I keep looking for this so I though I would post it here so I remeber. Oracle JDeveloper Deploy 11.1.2.1.0.6081 Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. Usage:   ojdeploy -profile <name> -workspace <jws> [ -project <name> ] [ <options> ]   ojdeploy -buildfile <ojbuild.xml> [ <options> ]   ojdeploy -buildfileschema Arguments:   -profile               the name of the Profile to deploy   -workspace      full path to the JDeveloper Workspace file(.jws)   -project              name of the JDeveloper Project within the .jws where the Profile can be found. If omitted, the Profile is assumed to be in the Workspace.   -buildfile            full path to a build file for batch deploy   -buildfileschema  print XML Schema for the build file