This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes BEA/Weblogic and the fly likes Weblogic, active directory and smart card authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Weblogic, active directory and smart card authentication" Watch "Weblogic, active directory and smart card authentication" New topic

Weblogic, active directory and smart card authentication

Ed Ward
Ranch Hand

Joined: Jan 30, 2006
Posts: 147
Hi there.
I have a scenario where I need to change how Weblogic authenticates users. Currently it is using its internal LDAP only. This means all users, passwords and groups are managed within the app server.

The proposed scenario is to use Active Directory and smart cards. Effectively removing all users and passwords from the Weblogic LDAP.
The general flow would go as follows:

1. User requests secure resource via browser
2. Java applet is downloaded to client which reads smart card
2a. Applet prompts for PIN to ensure the owner of the card is making the request.
2b. If sucessful PIN validation, then extract username from card and return it to Weblogic.
3. Weblogic then authenticates the user in Active Directory.

I've read quite a bit of documentation and am either overlooking something or simply not understanding it.

My question is, when Weblogic authenticates the username against Active Directory, is it going to also attempt to validate a password or some other credential?

At this point, the only reason to authenticate agains the AD is to get authorize the user based on their group membership.

I feel like I'm missing one or two steps.

Thanks in advance.

I agree. Here's the link:
subject: Weblogic, active directory and smart card authentication
It's not a secret anymore!