Skip to Main Content
WebLogic: The Definitive Guide
book

WebLogic: The Definitive Guide

by Jon Mountjoy, Avinash Chugh
February 2004
Intermediate to advanced content levelIntermediate to advanced
848 pages
27h 25m
English
O'Reilly Media, Inc.
Content preview from WebLogic: The Definitive Guide

Creating an Identity Assertion Provider

Imagine that you have some external system — say, a Java client or perhaps even an external web server — that authenticates a user, and you now want this user to participate in actions involving WebLogic. Furthermore, you don’t want WebLogic to reauthenticate the user. Rather, you want to use some token generated by the external system to be used as an automatic WebLogic login. This is fairly typical of many single sign-on scenarios. The key to implementing this is to use an Identity Assertion Provider. Let’s look at how you can implement such a scenario.

We are going to take as an example an external Java client that has presumably performed some user authentication, and who now needs to transfer this identity to WebLogic in order to access a protected web application. First of all, let’s configure the web application to use identity assertion. Do this by setting the login-config to use a CLIENT-CERT authorization method. As this is standard J2EE, you will need to create a web.xml file with something such as the following in it:

<security-constraint>
  <!-- web resource collection omitted -->
  <auth-constraint>
    <description>nyse</description>
    <role-name>mysecrole</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>CLIENT-CERT</auth-method>
  <realm-name>myrealm</realm-name>
</login-config>
<security-role>
  <role-name>mysecrole</role-name>
</security-role>

Now let’s imagine we have a client (written in whatever language ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Building Microservices with Spring Boot, Second Edition

Building Microservices with Spring Boot, Second Edition

Josh Long / Phillip Webb
Spring Microservices in Action, Second Edition

Spring Microservices in Action, Second Edition

John Carnell, Illary Huaylupo Sanchez
Kubernetes: Up and Running, 2nd Edition

Kubernetes: Up and Running, 2nd Edition

Brendan Burns, Joe Beda, Kelsey Hightower
Learn OpenShift

Learn OpenShift

Denis Zuev, Artemii Kropachev, Aleksey Usov

Publisher Resources

ISBN: 059600432XErrata Page