This isn't the "official" solution, but a quick note on how I jury rigged my logging to get it working. Both the OES WebLogic SM and the Enterprise Manager seem...
This isn't the "official" solution, but a quick note on how I jury rigged my logging to get it working. Both the OES WebLogic SM and the Enterprise Manager seem to use log4j to do their logging. Since the SM spins up first you will see the normal sorts of things you'd expect in the OES SM's log file as the SM WebLogic server boots. Then suddenly the log juts stops. This is because the Enterprise Manager app (EM) re-initializes the log4j system with its own config file. To...
This isn't the "official" solution, but a quick note on how I jury rigged my logging to get it working. Both the OES WebLogic SM and the Enterprise Manager seem to use log4j to do their logging....
I've been working on a project recently that includes SOAP clients submitting messages via JMS and HTTP to Oracle Service Bus (OSB). OSB is supposed to validate...
I've been working on a project recently that includes SOAP clients submitting messages via JMS and HTTP to Oracle Service Bus (OSB). OSB is supposed to validate the assertion, perhaps do some transformations on the SOAP, and then send the message off to some backend service. I'll probably talk about the last two thirds of the solution at some point in the future, but it's the first third that has raised a bunch of questions that other people probably have too. Before I go...
I've been working on a project recently that includes SOAP clients submitting messages via JMS and HTTP to Oracle Service Bus (OSB). OSB is supposed to validate the assertion, perhaps do...
Breaking off the ADF/OPSS series… OVD (Oracle Virtual Directory) guru Mark Wilcox gave me this really helpful tip that it’s worth sharing. It can save you folks...
Breaking off the ADF/OPSS series… OVD (Oracle Virtual Directory) guru Mark Wilcox gave me this really helpful tip that it’s worth sharing. It can save you folks quite a bit of headache. Scenario: you have configured an OVD authentication provider in WLS, but you cannot login with any user from OVD in WLS Console, even the user being a member of an Administrators group in the backend LDAP directory. When you try it, you end up with an “Authentication Denied” error. And if you...
Breaking off the ADF/OPSS series… OVD (Oracle Virtual Directory) guru Mark Wilcox gave me this really helpful tip that it’s worth sharing. It can save you folks quite a bit of headache. Scenario: you...
Introduction In OPSS Artifacts Life Cycle in ADF Applications, I’ve explained how to change the default behavior for migration of authorization policies when...
Introduction In OPSS Artifacts Life Cycle in ADF Applications, I’ve explained how to change the default behavior for migration of authorization policies when deploying applications. Revisiting it, I’ve said that one can specify the MERGE value for jps.policystore.migration param-name in weblogic-application.xml and that is particularly useful in some deployments where more than one application have to share the same policy context (or policy stripe). A real use case is when a...
Introduction In OPSS Artifacts Life Cycle in ADF Applications, I’ve explained how to change the default behavior for migration of authorization policies when deploying applications. Revisiting...
Introduction After writing about users and groups migration, it looked to me we should also talk about the life cycle of other important entities in secured ADF...
Introduction After writing about users and groups migration, it looked to me we should also talk about the life cycle of other important entities in secured ADF applications. When you enable security in an ADF application, you see a couple of new artifacts in your JDeveloper workspace, namely jps-config.xml, jazn-data.xml and cwallet.sso. Have you ever wondered what their purpose is, their life cycle and how they relate to WLS domain security configuration? This article is...
Introduction After writing about users and groups migration, it looked to me we should also talk about the life cycle of other important entities in secured ADF applications. When you enable security...
When you run an ADF web application directly from JDeveloper, it starts its embedded WLS and deploys the application. In such context, JDeveloper has a very...
When you run an ADF web application directly from JDeveloper, it starts its embedded WLS and deploys the application. In such context, JDeveloper has a very convenient feature when dealing with users and groups defined in the application's jazn-data.xml file. They get deployed along with the application into WLS embedded LDAP server, provided the Users and Groups check box is selected in the Application Properties Deployment window, as shown right below: Then by simply asking...
When you run an ADF web application directly from JDeveloper, it starts its embedded WLS and deploys the application. In such context, JDeveloper has a very convenient feature when dealing with users...
Introduction It has been somewhat a common practice replicating the same java key store across interacting WLS domains so that web services clients and web...
Introduction It has been somewhat a common practice replicating the same java key store across interacting WLS domains so that web services clients and web services can chat with message protection (WSS - Web Services Security). In that case, OWSM (Oracle Web Services Manager) is able to default to the private key stored in the key store to encrypt the symmetric key used for message encryption/decryption. While that’s acceptable in developments environments, it might not be...
Introduction It has been somewhat a common practice replicating the same java key store across interacting WLS domains so that web services clients and web services can chat with message...
Introduction This article shows how to securely propagate a user identity to a portlet, have this identity asserted and authorized to view the portlet. WSRP...
Introduction This article shows how to securely propagate a user identity to a portlet, have this identity asserted and authorized to view the portlet. WSRP (Web Services Remote Portlets) are web services. In Oracle Fusion Middleware, the way of enabling identity propagation and authentication is via OWSM (Oracle Web Services Manager) policies. The concept is no different that securing any regular web service. Portlets authorization is handled by the OPSS (Oracle Platform...
Introduction This article shows how to securely propagate a user identity to a portlet, have this identity asserted and authorized to view the portlet. WSRP (Web Services Remote Portlets) are...
Introduction I got a call yesterday asking me to help a customer trying to get SPNEGO/Kerberos working between Windows desktops and WebLogic server. Yes,...
Introduction I got a call yesterday asking me to help a customer trying to get SPNEGO/Kerberos working between Windows desktops and WebLogic server. Yes, Kerberos again. After talking through what they're trying to accomplish today I found that they may have started out on the wrong foot to begin with. Here's (more or less) what they told me they're trying to accomplish: We have an app deployed in WebLogic and we want users that are in the domain to be able to access that app...
Introduction I got a call yesterday asking me to help a customer trying to get SPNEGO/Kerberos working between Windows desktops and WebLogic server. Yes, Kerberos again. After talking through...
