Tuesday, February 21, 2017

Active Directory Authenticator Configuration with Weblogic or AD Integration with Weblogic

Terminologies

CN: Common name =Users, Groups, Container, Computer
OU: Organisational Unit=Organisation Name
DC:Domain Component=Domain

Domain Controller: A domain controller is a server that is running a version of the Windows Server operating system and has Active Directory Domain Services installed.

Step 1) Create Users & Groups in Default AD container Users.


             Below snapshot shows i have created

             Users: jagan
                        john
                        scott

             Group: testgroup

Users jagan, john & scott are member of testgroup



Step 2) Create Active Directory Authenticator


Login to Wls console ==> Click on Security Realms ==> Click on myrealms ==> Click on Providers ==> Click on New ==> Enter below details & Click on OK

Name: TestADAuthenticator
Type: ActiveDirectoryAuthenticator



Step 2) Set the Control Flag to OPTIONAL to TestADAuthenticator 


Click on newly created AD Authenticator TestADAuthenticator ==> Configuration ==> Common
==> set Control Flag to OPTIONAL ==> Click on Save



Step 3) Now do the Provider Specific configuration for TestADAuthenticator 


Click on newly created AD Authenticator TestADAuthenticator ==> Configuration ==> Provider Specific ==> Provide Below Details & Click on Save

Host: 192.168.113.129
Port: 389
Principal: cn=jagan,cn=Users,dc=abs,dc=com
Credential: xxxxxxx
Confirm Credential: xxxxxxx
User Base DN: cn=Users,dc=abs,dc=com
Group Base DN: cn=Users,dc=abs,dc=com



Step 4) Place the TestADAuthenticator  at the top in providers table


Go to Providers table ==> Click on Reorder ==> select TestADAuthenticator   ==> Using up arrow place TestADAuthenticator  the at the top ==>Click on OK



Step 5) Set the DefaultAuthenticator Control Flag to OPTIONAL 

Go  To Providers Table ==> Click on DefaultAuthenticator ==> Configuration ==> Common ==>set Control Flag to OPTIONAL ==> Click on Save



Step 5) Restart the AdminServer


 cd /oracle/Middleware/user_projects/domains/base_domain/bin
./stopWebLogic.sh
nohup ./startWebLogic.sh &

Step 6) Login with user weblogic & check whether AD Users and Groups are imported or not.


Login to WLS console ==> Click on Security Realm==> Click on myrealms ==> Click on Users & Groups Tab==> Click on Users  ==> Click on Groups

Users:



Group:


Step 7) Assign the role to testgroup by adding it to role condition.

Login to WLS console ==> Click on Security Realm==> Click on myrealms ==> Click on Roles & Policy ==> Expand Global Roles ==> Exapnd Roles ==> Click on "View Role Conditions" against Admin ==> Click on "Add Condition"




Select Group against "Predicate List:" ==> Click on Next



Enter testgroup against "Group Argument Name:" ==> Click on Add ==>Click on Finish



 Click on Save



Step 8) Now logout from weblogic user and use the AD user jagan for login.







Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)