File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes BEA/Weblogic and the fly likes Weblogic, active directory and smart card authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Weblogic, active directory and smart card authentication" Watch "Weblogic, active directory and smart card authentication" New topic
Author

Weblogic, active directory and smart card authentication

Ed Ward
Ranch Hand

Joined: Jan 30, 2006
Posts: 147
Hi there.
I have a scenario where I need to change how Weblogic authenticates users. Currently it is using its internal LDAP only. This means all users, passwords and groups are managed within the app server.

The proposed scenario is to use Active Directory and smart cards. Effectively removing all users and passwords from the Weblogic LDAP.
The general flow would go as follows:

1. User requests secure resource via browser
2. Java applet is downloaded to client which reads smart card
2a. Applet prompts for PIN to ensure the owner of the card is making the request.
2b. If sucessful PIN validation, then extract username from card and return it to Weblogic.
3. Weblogic then authenticates the user in Active Directory.

I've read quite a bit of documentation and am either overlooking something or simply not understanding it.

My question is, when Weblogic authenticates the username against Active Directory, is it going to also attempt to validate a password or some other credential?

At this point, the only reason to authenticate agains the AD is to get authorize the user based on their group membership.

I feel like I'm missing one or two steps.

Thanks in advance.

Ed.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Weblogic, active directory and smart card authentication