Tuesday, June 2, 2009

WebLogic authentication with Siteminder

We have encountered this issue while setting up siteminder on weblogic 9.2
Once the request is authenticated through policy server/siteminder, weblogic would ask for login again.

This is because, for WebLogic Server versions 9.2 and later, client requests that use HTTP BASIC authentication must pass WebLogic Server authentication, even if access control is not enabled on the target resource.

The corresponding configMbean flag is enforce-valid-basic-auth-credentials and default is "true".
We would have to set this to "false" to disable default weblogic authentication.
For some reason, this does not seem to be configurable through Admin console.
We would have to edit config.xml as:

Link to BEA docs

2 comments:

suresh said...

Very well written and useful

Sathiya said...

Your material is really useful and simple to understand..thanks and apprepriate your effort and intention to share ur knowledhe with others - Sathiya