Breaking off the ADF/OPSS series… OVD (Oracle Virtual Directory) guru Mark Wilcox gave me this really helpful tip that it’s worth sharing. It can save you folks...
Breaking off the ADF/OPSS series… OVD (Oracle Virtual Directory) guru Mark Wilcox gave me this really helpful tip that it’s worth sharing. It can save you folks quite a bit of headache. Scenario: you have configured an OVD authentication provider in WLS, but you cannot login with any user from OVD in WLS Console, even the user being a member of an Administrators group in the backend LDAP directory. When you try it, you end up with an “Authentication Denied” error. And if you...
Breaking off the ADF/OPSS series… OVD (Oracle Virtual Directory) guru Mark Wilcox gave me this really helpful tip that it’s worth sharing. It can save you folks quite a bit of headache. Scenario: you...
Introduction In OPSS Artifacts Life Cycle in ADF Applications, I’ve explained how to change the default behavior for migration of authorization policies when...
Introduction In OPSS Artifacts Life Cycle in ADF Applications, I’ve explained how to change the default behavior for migration of authorization policies when deploying applications. Revisiting it, I’ve said that one can specify the MERGE value for jps.policystore.migration param-name in weblogic-application.xml and that is particularly useful in some deployments where more than one application have to share the same policy context (or policy stripe). A real use case is when a...
Introduction In OPSS Artifacts Life Cycle in ADF Applications, I’ve explained how to change the default behavior for migration of authorization policies when deploying applications. Revisiting...
Introduction After writing about users and groups migration, it looked to me we should also talk about the life cycle of other important entities in secured ADF...
Introduction After writing about users and groups migration, it looked to me we should also talk about the life cycle of other important entities in secured ADF applications. When you enable security in an ADF application, you see a couple of new artifacts in your JDeveloper workspace, namely jps-config.xml, jazn-data.xml and cwallet.sso. Have you ever wondered what their purpose is, their life cycle and how they relate to WLS domain security configuration? This article is...
Introduction After writing about users and groups migration, it looked to me we should also talk about the life cycle of other important entities in secured ADF applications. When you enable security...
When you run an ADF web application directly from JDeveloper, it starts its embedded WLS and deploys the application. In such context, JDeveloper has a very...
When you run an ADF web application directly from JDeveloper, it starts its embedded WLS and deploys the application. In such context, JDeveloper has a very convenient feature when dealing with users and groups defined in the application's jazn-data.xml file. They get deployed along with the application into WLS embedded LDAP server, provided the Users and Groups check box is selected in the Application Properties Deployment window, as shown right below: Then by simply asking...
When you run an ADF web application directly from JDeveloper, it starts its embedded WLS and deploys the application. In such context, JDeveloper has a very convenient feature when dealing with users...
Introduction It has been somewhat a common practice replicating the same java key store across interacting WLS domains so that web services clients and web...
Introduction It has been somewhat a common practice replicating the same java key store across interacting WLS domains so that web services clients and web services can chat with message protection (WSS - Web Services Security). In that case, OWSM (Oracle Web Services Manager) is able to default to the private key stored in the key store to encrypt the symmetric key used for message encryption/decryption. While that’s acceptable in developments environments, it might not be...
Introduction It has been somewhat a common practice replicating the same java key store across interacting WLS domains so that web services clients and web services can chat with message...
Introduction This article shows how to securely propagate a user identity to a portlet, have this identity asserted and authorized to view the portlet. WSRP...
Introduction This article shows how to securely propagate a user identity to a portlet, have this identity asserted and authorized to view the portlet. WSRP (Web Services Remote Portlets) are web services. In Oracle Fusion Middleware, the way of enabling identity propagation and authentication is via OWSM (Oracle Web Services Manager) policies. The concept is no different that securing any regular web service. Portlets authorization is handled by the OPSS (Oracle Platform...
Introduction This article shows how to securely propagate a user identity to a portlet, have this identity asserted and authorized to view the portlet. WSRP (Web Services Remote Portlets) are...
Introduction I got a call yesterday asking me to help a customer trying to get SPNEGO/Kerberos working between Windows desktops and WebLogic server. Yes,...
Introduction I got a call yesterday asking me to help a customer trying to get SPNEGO/Kerberos working between Windows desktops and WebLogic server. Yes, Kerberos again. After talking through what they're trying to accomplish today I found that they may have started out on the wrong foot to begin with. Here's (more or less) what they told me they're trying to accomplish: We have an app deployed in WebLogic and we want users that are in the domain to be able to access that app...
Introduction I got a call yesterday asking me to help a customer trying to get SPNEGO/Kerberos working between Windows desktops and WebLogic server. Yes, Kerberos again. After talking through...
Introduction When setting up Subversion recently to use with my various JDeveloper and NetBeans installations here, there and everywhere, I wanted to browse my...
Introduction When setting up Subversion recently to use with my various JDeveloper and NetBeans installations here, there and everywhere, I wanted to browse my repositories from Chrome (my main day to day browser) on Mac OS X (my main day to day OS). But, my Subversion installation is using HTTPS with a self-signed certificate, so I had to tell Chrome how to understand it. Main Article The process is as follows: Open the offending site in Chrome Click on little bang icon at...
Introduction When setting up Subversion recently to use with my various JDeveloper and NetBeans installations here, there and everywhere, I wanted to browse my repositories from Chrome (my main day to...
Introduction Back in January I posted an answer to the question: How do I have OAM do Kerberos or Integrated Windows Authentication if the user's machine is in...
Introduction Back in January I posted an answer to the question: How do I have OAM do Kerberos or Integrated Windows Authentication if the user's machine is in the Domain and just show an HTML form login if it's not? In that post, as in the past I've always pointed people in the Right Direction and let them fill in the blanks themselves. This week I had to actually go get it working and given all the effort it took me I have a sneaking suspicion that most people listen to my...
Introduction Back in January I posted an answer to the question: How do I have OAM do Kerberos or Integrated Windows Authentication if the user's machine is in the Domain and just show an HTML...
