Steps to configure SAML 2.0 with Weblogic Server (using Oracle DB as a RDBMS security store)...

Note :

- To setup SAML 2 with Weblogic 10.3.x we need to create a security database even before creating domain.

- The RDBMS security store is required by the SAML 2.0 security providers in production environments so that the data they manage can be synchronized across all the WebLogic Server instances that share that data.

- Note that Oracle does not recommend upgrading an existing domain in place to use the RDBMS security store. If you want to use the RDBMS security store, you should configure the RDBMS security store at the time of domain creation. If you have an existing domain with which you want to use the RDBMS security store, create the new domain and migrate your existing security realm to it.

- For testing purpose you can use embedded LDAP instead of an external RDBMS store.

Have a look at the following link : https://blogs.oracle.com/blogbypuneeth/entry/steps_to_configure_saml_2

Since we no longer have the pointbase database shipped along with Weblogic 10.3.6, I am using an Oracle database to configure RDBMS store.

Prerequisite :

Step 1 : 

We need to create two security database – one for the source side domain and another for the destination side domain.

To connect to your remote Database we can use the " Oracle Database Instant Client " application, which can be downloaded from :

Link : http://www.oracle.com/technetwork/database/features/instant-client/index.html

To connect to a remote Oracle Database I used the following command : 

 - cd C:\Users\puneeth\Desktop\instantclient_12_1 

-  sqlplus "puneeth/puneeth@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=xx.xxx.xx.xx)(Port=1521))(CONNECT_DATA=(SID=oracle11g)))"

-  Once it is connected successfully you would see the following prompt " SQL> "

< Additional Info >

Link : http://docs.oracle.com/html/B10131_02/post_install.htm

- Now you need to create the database tables using the sample script ( rdbms_security_store_oracle.sql ) provided in your <wlserver_10.3>/server/lib

- To run the script I used the following command :

SQL> @rdbms_security_store_oracle.sql 

Now we have created a table for RDBMS store using the Oracle user " puneeth " -- This can be used as an RDBMS store for one of the domains, say IDP.

We have to create another table using a different user which can be used as an RDBMS store for the second domain, say SP.

When creating a IDP domain use the user " puneeth " and while creating the SP domain use the second user say " puneeth1 " to connect to the RDBMS store.

We need to run the same sample sql script  ( rdbms_security_store_oracle.sql ) by logging in as the " puneeth1 " user.

In my case I did not have another DB user created, so I used the following command to create a new Oracle DB user :

CREATE USER "USER" PROFILE "DEFAULT" IDENTIFIED BY "user" DEFAULT
TABLESPACE "USERS" TEMPORARY
TABLESPACE "TEMP" ACCOUNT UNLOCK;
GRANT UNLIMITED TABLESPACE TO "USER";
GRANT "CONNECT" TO "USER";
GRANT "RESOURCE" TO "USER";

Note :

- I have used the user " puneeth " to connect to the DB for IDP domain and user " puneth1 " to connect to the DB for SP domain.

- You should configure the RDBMS security store at the time of domain creation.

- Do a test connection and make sure you are able to connect to the DB successfully.

- Now create a domain namely " SAML2_IDP_Source_Domain " and " SAML2_SP_Destination_Domain "

----------------

 Steps to configure SAML2 with Weblogic Server ( using RDMBS security store ) :

Prerequisite :

- In the following example I have created two domains " SAML2_IDP_Source_Domain " and " SAML2_SP_Destination_Domain " on Weblogic Server.

- I have created self signed certificates and configured SSL on both the domains.

- Source domain HTTP and HTTPS ports are 7001 and 7002 respectively.

- Destination domain HTTP and HTTPS ports are 7003 and 7004 respectively.

SAML Souce site configuration :

- Create a " Credential Mapper " on Weblogic Source domain, i.e on the IDP end.

- Login to Source domain - Weblogic console --> Click on ” myrealm ” –> ” Providers ” –> ” Credential Mapping ” –> and add a ” SAML2CredentialMapper ” say ” SAML2_CredentialMapper ” as shown below :

Credential Mapper

- Now click on the newly created SAML2CredentialMapper say ” SAML2_CredentialMapper ” and make the following changes :

">Issuer URI : http://www.souresite.com/saml

Name Qualifier : sourcesite.com

- Click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 Identity Provider ” and make the following changes :

Enabled : check

Preferred Binding : POST

- Click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 General ” and make the following changes :

Replicated Cache Enabled – Uncheck / Check

Contact Person Given Name

Contact Person Surname

Contact Person Type

Contact Person Company

Contact Person Telephone Number

Contact Person Email Address

Organization Name

Organization URL

Published Site URL : http://<SourceSiteDNSName>:<PORT>/saml2

Entity ID : ( Source Domain name)

Single Sign-on Signing Key Alias

Single Sign-on Signing Key Pass Phrase

Confirm Single Sign-on Signing Key Pass Phrase

Save the changes and export the IDP metadata into a XML file –> Click on “ Publish Meta Data ” button. ( say idp_metadata.xml ). We need to copy this file to the destination domain later.

Destination Site Configuration : 

- Create an Identity Asserter on the destination domain, i.e SP end.

- Login to Destination domain - Weblogic console --> Click on ” myrealm ” –> ” Providers ” –> ” Authentication ” –> new ” SAML2IdentityAsserter “ say ” SAML2_IdentityAsserter :

Click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 Service Provider ” and make the following changes :

Enabled : check

Preferred Binding : POST

Default URL : http://<DestinationSiteDNSName>:<PORT>/samldest01App

Now click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 General ” and make the following changes :

Replicated Cache Enabled : Uncheck / Check

Contact Person Given Name

Contact Person Surname

Contact Person Type

Contact Person Company

Contact Person Telephone Number

Contact Person Email Address

Organization Name

Organization URL

Published Site URL : http://<DestinationSiteDNSName>:<PORT>/saml2

Entity ID : ( Destination Domain name)

Single Sign-on Signing Key Alias

Single Sign-on Signing Key Pass Phrase

Confirm Single Sign-on Signing Key Pass Phrase

Save the changes and export the IDP metadata into a XML file –> Click on “ Publish Meta Data ” button. ( say SP_metadata.xml ). 

Copy service provider metadata ( SP_metadata.xml ) to Source Domain and identity provider metadata ( idp_metadata.xml ) to the Destination Domain as shown below :

--

Now configure Service Provider metadata on SAML Identity Provider in Source Site :

Log in to the source site Admin Console and click on ” Security Realms ” –> ” myrealm ” –> ” Providers ” –> ” Credential Mapper ”  –> ” SAML2_CredentialMapper ” –> ” Management ” –> ” New ” –> ” New Web Single Sign-On Service Provider Partner ” :

">

Name this ”New Web Single Sign-On Service Provider Partner” as “SAML_SSO_SP01″ and select the SP_metadata.xml file.

Click on the newly created ” SAML_SSO_SP01 ” and enter the following :

Name :  SAML_SSO_SP01

Enabled :  Checked

Description  : SAML_SSO_SP01

Key Info Included  : Check

">


Click on Site info and verify the data :

------

Now configure Identity Provider metadata on SAML Service Provider in Destination site :

Login to Destination Site Admin Console :

Click on ” Security Realms ” –> ” myrealm ” –> ” Providers ” –> Authentication -> SAML2_IdentityAsserter –> ” Management ” –> ” New ” –> “ New Web Single Sign-On Identity Provider Partner ” say ” SAML_SSO_IDP01 ” and then select ” idp_metadata.xml ” :


Click on ” SAML_SSO_IDP01 ” and enter the following :

Name : SAML_SSO_IDP01

Enabled : Check

Description : SAML_SSO_IDP01

Redirect URIs : /samldest01App/restricted01/samldest01services.jsp


We have successfully configured SAML 2 with Weblogic Server...!!

Deploy the source and destination application and check if SAML 2.0 works fine.

DOWNLOAD : Source Application. ( NEW )

DOWNLOAD : Destination Application. ( NEW )

Note :

- To test this sample application login using " weblogic " user.

The principal I have used in weblogic.xml file of this application is :

<security-role-assignment>
<role-name>SamlTrainee</role-name>
<principal-name>Administrators</principal-name>
</security-role-assignment>

- So you should be able to login to this application with a user " Administrators " or any user who is part of a group called " Administrators ". 

- When you access the Source application, you will get a challenge, enter username " weblogic " and its password. Now click on the redirect URL and you should not be asked for a challenge while accessing the Destination app.

-  In the application jsp pages I have specified " localhost " in the URL, change it to your respective host / IP address.

- If you have the Source and Destination domain on the same machine, then make sure you edit the jsp page and change the redirect URL to IP / host, donot use " localhost " as it may go into a loop.  

Comments:

I have the IDP domain configured on 1 cluster, 2 machine, 4 Managed Servers(configured in the same way) using the RDBMS and then I have the SP domain without RDBMS as there is only the AdminServer where I deploy my war.

When I try to access from SP to IDP I'm able to use SAML2 only on the Managed Servers on the first machine where I have done the metadata. When I try on the other machine I get the following error:

####<11-Sep-2015 13:42:46 o'clock IST> <Debug> <SecuritySAML2Service> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975366971> <BEA-000000> <BASE64 decoded saml message:<?xml version="1.0" encoding="UTF-8"?><samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://70TBD22:7001/saml2/sp/acs/post" ID="_0x0fedeaca86f604a10d71368f2e280b45" InResponseTo="_0xd5b908f6008f064f47a184df181ec24a" IssueInstant="2015-09-11T12:42:46.546Z" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">SAML_IDP_FromScript</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_0x0fedeaca86f604a10d71368f2e280b45">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ds saml samlp xs xsi"/></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>IbeDbP4kcwPfoYQVwJbrFMt0FVjSEnvpclE0dUgisvo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
I/4lO+J+1KJzDjzsalCzyRcSU3ZlmmYxvZ2rfnk3AyhdAgCZ0zsPlkuDRZJDwZwxr3gk0hPoEPDn
jPwnmro73ucxXh6JesE5c9CwcdIKg0jdjQicMdxNdgevSUoAYJi2+ka48o5VyaedntKnUXphJc1d
nHicEdkwf701aX0JOAYemx3CChM56kSVUdoNwvt7tVBPIW4ODn17IHs6rOMgCysI6Kj5JAnOg9kb
UNRmKw6DIIXwvrvp4gPBH8p2w2xyfbuQnZXENTjmYyO9it4SYHXsDnBUkwzhImNkIjV2IhsIvyV3
dtVc4bcytU/kKOV+VVmutLloLmbCkdZMy61+yQ==
</ds:SignatureValue>
</ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0xa2a2f388e26a83e83420f23af4c4f3e5" IssueInstant="2015-09-11T12:42:46.501Z" Version="2.0"><saml:Issuer>SAML_IDP_FromScript</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="friendsfirst.ie">itdschic</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_0xd5b908f6008f064f47a184df181ec24a" NotOnOrAfter="2015-09-11T12:44:41.501Z" Recipient="http://70TBD22:7001/saml2/sp/acs/post"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2015-09-11T12:42:41.501Z" NotOnOrAfter="2015-09-11T12:44:41.501Z"><saml:AudienceRestriction><saml:Audience>LogInLikeAugust2015_v2</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2015-09-11T12:42:46.501Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name="Groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Map - W - DBTransfer</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">NS-FF-ITP-DEV-W2K3</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Map - I - IT - Full</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - ADPersonal - Special</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">FFPD10928</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - ITP - Full</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ACL - IM TEAM SCHEDULE</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User - Local Admin - Service Monitor</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">NS-FF-ITP-SRV-03</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">AuxPrint</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Map Printers</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - RemoteShare - Full</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - Appvol - Read</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Users - Quotes Dev</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT - Chrome Allow</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Map - T - Appvol</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Admin - SWDev - CS</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Map - L - Services</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Map - M - ADPersonal</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT - IE Tabbed Browsing</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Websense - IT</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - IT - Full</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - DBTransfer - Full</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Printer Cutover</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">IT - Triton Proxy</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Fileshare - FP-File1 - Services - Full</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>>
####<11-Sep-2015 13:42:46 o'clock IST> <Debug> <SecuritySAML2Service> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975366981> <BEA-000000> <<samlp:Response> is signed.>
####<11-Sep-2015 13:42:46 o'clock IST> <Debug> <SecuritySAML2Service> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975366981> <BEA-000000> <Digital signature does not validate with the given key>
####<11-Sep-2015 13:42:46 o'clock IST> <Debug> <SecuritySAML2Service> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975366981> <BEA-000000> <exception info
org.opensaml.xml.validation.ValidationException: Digital signature does not validate with the given key
at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:78)
at com.bea.security.saml2.util.SAML2Utils.verifySamlObjectSignature(SAML2Utils.java:229)
at com.bea.security.saml2.service.acs.AssertionConsumerServiceImpl.process(AssertionConsumerServiceImpl.java:136)
at com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:161)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:26)
at com.sun.proxy.$Proxy26.process(Unknown Source)
at com.bea.security.saml2.servlet.SAML2Servlet.service(SAML2Servlet.java:34)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
>
####<11-Sep-2015 13:43:14 o'clock IST> <Debug> <SecurityAtz> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975394567> <BEA-000000> <AuthorizationManager will use common security for ATZ>
####<11-Sep-2015 13:43:14 o'clock IST> <Debug> <SecurityAtz> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975394567> <BEA-000000> <weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
####<11-Sep-2015 13:43:14 o'clock IST> <Debug> <SecurityAtz> <70TBD22> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1441975394567> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Identity=Subject: 0

Any Idea?

Posted by Carlo on September 15, 2015 at 05:35 PM IST #

We are implementing SAML using PING identity. We have two separate instances of OBIEE/Weblogic in two different domains. We use Active Directory to store our users (LDAP Provider). Do we need to configure an RDBMS?

Posted by guest on October 05, 2015 at 10:53 PM IST #

Using RDBMS Store is highly recommended but it is not a must to use it.

Your SSO should work fine even if you have not created an RDBMS store.

Posted by Puneeth on October 14, 2015 at 07:43 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Oracle Fussion Middleware - WebLogic

Search

Archives
« July 2016
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today