In this recipe, we will demonstrate how to configure Sun iPlanet as an alternative authentication provider for WebLogic.
Ensure that you have an instance of iPlanet installed and configured that has the group administrator defined. For the purpose of following this recipe create the demo
user and add it to the Administrators
group.
You will also need to have installed and configured an instance of Oracle SOA Suite running on Oracle WebLogic.
http://host:port/console
) with the user that has an administrator privilege, such as weblogic
.Once logged in, within Domain Structure select Security Realms; this will list the currently-defined security realms.
Next, click Lock&Edit to edit the session. Then, select the Providers tab, and within that select the Authentication tab. This will list the authentication providers currently defined for myrealm.
Enter a Name, such as iPlanetProvider
, and select Type as IPlanetAuthenticator as the authentication provider type and then click on OK.
To do this, click on Reorder, ensure iPlanetProvider is selected; then click on the up arrow to move it to the top of the list and then click on OK.
Here, we need to provide our iPlanet-specific connection details, as well as the location of our users and groups within the identity store, as detailed in the following table:
Field |
Description |
---|---|
Host |
The host of the machine hosting the iPlanet server. |
Port |
The port number on which the iPlanet server is listening. |
Principal |
Distinguished Name of the LDAP user that WebLogic server should use to connect to iPlanet. |
Credential |
The credential (password) used to connect to iPlanet. |
SSLEnabled |
If the connection to iPlanet uses SSL, select SSLEnabled. |
User Base DN |
The base Distinguished Name of the tree in the |
Group Base DN |
The base Distinguished Name of the tree in the |
Next select the Common tab, and set Control Flag to SUFFICIENT and click on Save.
Select Default Authenticator from the authentication provider list, click on the Configuration tab, and then select the Common tab. From here set Control Flag to SUFFICIENT and click on Save.
Next, shutdown and restart the Oracle WebLogic Admin Server and related managed servers.
We have defined two authentication providers, the first being the iPlanet authentication provider with the Control Flag set to SUFFICIENT, and the second being the default authenticator defined against the embedded LDAP.
When we log in as the demo
user, WebLogic will attempt to authenticate the user against iPlanet. Assuming the password is correct, the authentication will be successful and the user will be logged in to the application.
When we log in as weblogic
, authentication will fail against iPlanet, but because the iPlanet authentication provider is defined as sufficient WebLogic, it will attempt to authenticate the user against the embedded LDAP at the point at which it succeeds and the user will be logged in to the application.
Now, we are able to use Sun iPlanet for authentication. We should be able to see the users from iPlanet in WebLogic Administration Console.