Thursday, June 27, 2013

Web Center: using a custom security provider other than LDAP [custom identity store]

So far everything looks like it will work I am just using the default auth provider and UCM is picking up my groups on login so now to integrate with Web center and use my custom auth provider.

Custom authentication provider is done and I can log in to my content server and application and everything is working. The snag is not of the webcenter custom profile pictures and webcenter goodies are working (it uses the JpsContextFactory etc and that ignores my provider and looks up the default weblogic provider and tries to use that).

I have replaced the identity store with a custom database implementation and everything seems to work [after a LOT of debugging].

Ok so step 1) The custom authentication provider - tons od documentation on how to do this eg: http://docs.oracle.com/cd/E12890_01/ales/docs32/dvspisec/progrmng.htmlhttp://docs.oracle.com/cd/E13222_01/wls/docs81/dvspisec/atn.html so I am not going to rehash this if you want I can post some code but it should not be necessary.

Quick Summary:

1) Create a class that implements javax.security.auth.spi.LoginModule and a ProviderImpl that implements weblogic.security.spi.AuthenticationProviderV2.

2) Create a Authentication provider xml see links for examples

3) Authenticator - I wanted my roles and users to be displayed on the weblogic console and the best way to get this done is via the AuthenticatorImpl. So extend weblogic.management.security.authentication.AuthenticatorImpl and implement the methods also name your CustomAutenticatorImpl the same name as your provider xml with an Impl.java at the end. (so CustomAutenticator.xml becomes CustomAutenticatorImpl).

Step 3) Ant - Ant build also dead simple and well documented but here is the crux:

<java classpath="../../deploy/otheclasses.jar;../../lib/com.bea.core.mbean.maker_1.5.0.0.jar;${oracle.weblogic.security.providers.library};${oracle.jdeveloper.weblogic.library};${oracle.jdeveloper.weblogic.commons.logging.library};${java.home}/../lib/tools.jar"
          classname="weblogic.management.commo.WebLogicMBeanMaker" fork="true"
          failonerror="true" >
      <jvmarg line="-Dfiles=${build_dir} -DMDFDIR=${build_dir} -DMJF=${build_dir}/${providersjar} -DpreserveStubs=true -DcreateStubs=true -DincludeSource=true"/>
</java>

Step 3) Custom Identity Store - this was the hard bit but thanks to this blog http://chintanblog.blogspot.com/2013/01/weblogic-custom-authentication-provider.html everything got a lot easier big thanks you saved me a LOT of time.

I just created my implementation of CustomSecurityProviderPlugin and configured the jps as detailed in the blog and it WORKED! (One note I had to change the following methods in CustomIdentityStore to get everything 100% for my enviroment)

    public oracle.security.idm.SearchResponse searchUsers(oracle.security.idm.SearchParameters p1, java.util.Set p2) {
        List userMap = this.customIdentityRepositoryHelper.searchUsers(p1.getFilter());
        SearchResponse response = createResponse(userMap);
        return response;
    }

    public SearchResponse createResponse(List users) {
        CustomSearchResponse respone = new CustomSearchResponse(this, users, Boolean.TRUE);
        return respone;
    }

    public StoreConfiguration getStoreConfiguration()
        throws IMException {
        return new CustomStoreConfiguration(properties);
    }

Step 4) Installation:
  Copy the authenticator jar to the [wl install]\wlserver_10.3\server\lib\mbeantypes
  Configure your provider as the first in the list and SUFFICIENT
  Configure your default provider as SUFFICIENT
  Copy the Identity Store jar into the classpath for weblogic
  Edit your jps-config.xml  [in YourDomainLocation\config\fmwconfig]

Everything should work now.

INSTALL PROBLEMS

Started with this today first problem installing webcenter on my local machine (with cluster) when starting node manager:

weblogic.nodemanager.common.ConfigException: Native version is enabled but nodem
anager native library could not be loaded

So I had to add a nodemanager.properties file in [wl_install_dir\wlserver_10.3\common\nodemanager] that has the following content

NativeVersionEnabled=false



Server is Running  in Development Mode and Native Library(terminalio) to read the password securely from commandline is not found.

Put the following in JAVA_OPTIONS in setDomain (just running locally so this should be ok and dont want to waste time looking for  terminalio)

-Dweblogic.management.allowPasswordEcho=true


Created the custom authentication provider: NOTE stop ALL managed servers and admin server before deploying the custom provider to server/lib/mbeantypes then restart. (else you get a weblogic.management.provider.UpdateExceptionThe prepare phase of the configuration update failed with an exception:)



No comments:

Post a Comment