Weblogic wonders!!! _ Configuring Active Directory Authenticator with Weblog

Weblogic wonders!!! / Configuring Active Directory Authenticator with Weblogic Server

Weblogic wonders!!! A place for all middleware solutions!!

CONFIGURING ACTIVE DIRECTORY AUTHENTICATOR WITH WEBLOGIC SERVER

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and rolemapping.Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.These providers can be Out Of the Box Providers provided by WLS or Custom Providers which can be plugged in. I’ll discuss that in some other article. These are some of the providers

WLS does provide an out of the box provider for Active Directory. These are the steps to configure it. Step 1). Open Active Directory Console

Step 2). Create a User

http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/[18/03/2011 08:56:20 a.m.]

Weblogic wonders!!! / Configuring Active Directory Authenticator with Weblogic Server

Step 3). Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.

Step 4). Go to Weblogic Server and Create an Active Directory Authentication Provider

http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/[18/03/2011 08:56:20 a.m.]

Weblogic wonders!!! / Configuring Active Directory Authenticator with Weblogic Server

Step 5) Under Provider Specific, provide the following values, leave the others as default. Propagate Cause For Login Exception ( checked) Principal :CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com User Base Dn : CN=Users,DC=faisal,DC=bea,DC=com Credential : XXXXXX Group Base Dn: CN=Users,DC=faisal,DC=bea,DC=com You should see the following in the config.xml ActiveDirectory SUFFICIENT false CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com CN=Users,DC=faisal,DC=bea,DC=com {3DES}YoOwqSH1jxsOlvUmAYOENw== CN=Users,DC=faisal,DC=bea,DC=com Step 6) Change the control flag of the Active Directory Authenticator and the Default Authenticator to SUFFICIENT

http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/[18/03/2011 08:56:20 a.m.]

Weblogic wonders!!! / Configuring Active Directory Authenticator with Weblogic Server

Step 7) Restart your server. Go to myrealm. You should be able to see the users and groups from the Active Directory.

0

0

http://weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/[18/03/2011 08:56:20 a.m.]