Monday May 30, 2016

Steps to create partitions in WLS 12.2.1

Below are the steps to create partitions in Weblogic Server 12.2.1 :

Step 1 :

- Create a weblogic domain (say Partition_From_Windows_Domain)

FMW control is the recommended console for Partition management, so it is good to enable it at the time of  domain creation.  

To enable FMW control select "Oracle Enterprise Manager-Restricted JRF - 12.2.1 [em]" template in the configuration wizard, as shown below :

To access FMW control access : http://<host>:<port>/em

NOTE : We will continue using Weblogic Admin console to create partitions in this example.

Partition names : coke-partition and pepsi-partition

Partition specific realms : coke_realm and pepsi_realm

Partition specific Admin Users : coke_admin and pepsi_admin

Virtual Targets for these partitions : coke-vt and pepsi-vt

Partition Specific Resource Groups : coke-rg1 and pepsi-rg1

Step 2 :

Before creating a partition, you need to create a security realm (then create an Admin user inside this realm, say coke_admin and pepsi_admin) and virtual target for this partition :

To create a new security realm :

Login to console -> Security Realms -> new (say 'coke_realm' and 'pepsi_realm') -> "create default providers within this new realm" (check)

Now create a Virtual target :

Login to console -> + Environment -> Virtual Targets -> new (say coke-vt) and target it to Weblogic Server (say Admin Server) -> specify a URI Prefix

Step 3 :

Lets create a partition now :

Login to console -> Domain Partitions -> new (say coke-partition)-> then target it to a Virtual target (say coke-vt) -> select the security realm for this partition from the drop down menu (say coke_realm)

 Step 4 :

Create a Resource Group inside domain partition

 Step 5 : 

Check the Identity Domains of the partitions :

Step 6 :

You can now deploy applications to Global scope / to a resource group of a partition

To access the application deployed to your partition use the following URL :

http://<host>:<port>/coke/Weblogic_SP_sample_App/login.jsp  ==> Try to login with the coke Admin and also test the login using weblogic user.

Perform similar tests with application deployed on pepsi-partition and global scoped deployment.

Wednesday Jul 15, 2015

Steps to configure Kerberos / SPNEGO / NTLM authentication with Weblogic Server running on IBM JDK (AIX machine)

There are many JAAS parameters deprecated in different IBM JDK versions.

Have a look at the following link which has more information about the same :

Link :

The searching sequence for a default keytab would be:

1, System property or system environment KRB5_KTNAME.

2, The value of default_keytab_name in libdefaults section in krb5.conf file.

3, if user.home is defined, look for user.home/krb5.keytab

4, if user.dir is defined, look for user.dir/krb5.keytab

5, otherwise, use /krb5.keytab

Have a look at the following link to configure Kerberos with Weblogic Server running on Oracle JDK : 

Link :

In this post we will see how to configure Single sign-on (SSO) using Kerberos in Weblogic Server running on IBM JDK. 

[Read More]

Wednesday Mar 04, 2015

Steps to create a .jks keystore from .pfx file

What are the different certificate extensions ?

How do they differ from each other ?

Common filename extensions for X.509 certificates are:

.pem – (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"

.cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too.

If you have a .pem file (Base64) then you can directly rename the file to .cer / .crt and open the certificate in Windows to view its contents. ( by double clicking on the file ) 

.p7b, .p7c – PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)

.p12 – PKCS#12, may contain certificate(s) (public) and private keys (password protected)

.pfx – PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)

PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.

PKCS#12 evolved from the personal information exchange (PFX) standard and is used to exchange public and private objects in a single file.

 Source : 

In this post we will see how to convert a pfx file to pem / JKS.....

[Read More]

Saturday Aug 17, 2013

Steps to DeInstall Oracle Weblogic Server

How to DeInstall Oracle Weblogic Server ? 

- Oracle Weblogic Server 12.1.2 can be Deinstalled in two ways :

* GUI mode

* Silent Mode 

- For GUI mode go to " ORACLE_HOME\oui\bin " directory and run deinstall script.

- For Silent mode use the following command :

Go to " ORACLE_HOME\oui\bin " directory

./ -silent -response <deinstaller_response_file> 

- The deinstaller does not remove the JDK or any user-created data such as WebLogic domains or custom application data. Only the components that were installed by the installation program are removed by the deinstaller. 

- Make sure you have stopped all the servers / processes running before starting the DeInstaller.

In this post we will see how to DeInstall Oracle Weblogic Server

[Read More]

Steps to create a new domain on Weblogic Server

Weblogic Server Domain Configuration Wizard - Points to remember :

- Adding " " in Unix/Linux decreases the amount of time it takes for the Configuration Wizard to create or update a domain.

- Quick Start Configuration Wizard can be used only to configure the various sample domains, such as MedRec and the Examples Server, in your WebLogic Server installation.

- You can start Quick Start Configuration Wizard in two ways :

1. Select the Automatically Launch Quick Start Configuration Wizard option on the Installation Complete screen of the WebLogic Server installer.

2. Run the config.cmd / script located in ORACLE_HOME/oracle_common/common/bin as follows : " config.cmd -target=config-oneclick " in windows and " -target=config-oneclick " in Linux.

- Prior to manually running the Configuration Wizard in Quick Start mode, you must set the CONFIG_JVM_ARGS environment variable to specify the full path and JAR file name for each template that you want to use for the domain.

- To set CONFIG_JVM_ARGS on a Windows system:

set CONFIG_JVM_ARGS="-DuserTemplates=C:/Oracle/Middleware/wlserver/common/


export CONFIG_JVM_ARGS="-DuserTemplates=/Oracle/Middleware/wlserver/common/

- Domain can be created using GUI mode or using WLST.

- There is silent mode installation only for WLS 12.1.2 installation and not for WLS 12.1.2 domain creation.

- Nodemanager can now be configured in domain configuration wizard.

In this post we will see how to create a new Weblogic Server domain using DomainConfigurationWizard.

[Read More]

Thursday Aug 15, 2013

Steps to install Oracle Weblogic Server

What's new in Weblogic Server :

- JDK is no longer bundled with Weblogic Server Installers

- There are two types of installers :

1. generic installers
2. zip distribution ( intended for development use only ) Remember - this is not patchable..!!

- New GUI ( Graphical User Interface )

- No console mode installation for weblogic.

- SmartUpdate / bsu is deprecated. We need to use OPatch to install patches from now on.

 - Nodemanager can now be configured at domain level / host(machine) level.

- You can install Weblogic Server in silent mode, but there is no option to create a domain using silent mode.

- WLS installer GUI works fine in Unix environment when connected via VNC, however there are few issues seen when using other third party X-Windows clients. 

- Only 64bit machines are supported with WLS 12.1.2.

- WLS 12.1.2 is certified for use only with JDK 1.7

- Server Templates and Dynamic Clusters are introduced in this release. 

and many more..... 

In this post we will see how to install Weblogic Server 

[Read More]

Saturday Jul 20, 2013

Steps to configure Kerberos / SPNEGO / NTLM authentication with Weblogic Server running on Oracle JDK :

What is Kerberos ? 

Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

It is primarily a client–server model and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

The Kerberos protocol name is based on the three- headed dog figure from Greek mythology known as Kerberos.

The three heads of Kerberos comprise the Key Distribution Center (KDC), the client user and the server with the desired service to access. 

The KDC is installed as part of the domain controller and performs two service functions: the Authentication Service (AS) and the Ticket-Granting Service (TGS).

Have a look at the following link if you are configuring Kerberos with WLS running on IBM JDK (AIX machine) :

In this post we will see how to configure Single sign-on (SSO) using Kerberos in Weblogic Server. 

[Read More]

Oracle Fussion Middleware - WebLogic


« July 2016