This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Weblogic, active directory and smart card authentication

 
Ed Ward
Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there.
I have a scenario where I need to change how Weblogic authenticates users. Currently it is using its internal LDAP only. This means all users, passwords and groups are managed within the app server.

The proposed scenario is to use Active Directory and smart cards. Effectively removing all users and passwords from the Weblogic LDAP.
The general flow would go as follows:

1. User requests secure resource via browser
2. Java applet is downloaded to client which reads smart card
2a. Applet prompts for PIN to ensure the owner of the card is making the request.
2b. If sucessful PIN validation, then extract username from card and return it to Weblogic.
3. Weblogic then authenticates the user in Active Directory.

I've read quite a bit of documentation and am either overlooking something or simply not understanding it.

My question is, when Weblogic authenticates the username against Active Directory, is it going to also attempt to validate a password or some other credential?

At this point, the only reason to authenticate agains the AD is to get authorize the user based on their group membership.

I feel like I'm missing one or two steps.

Thanks in advance.

Ed.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic