• Post Reply Bookmark Topic Watch Topic
  • New Topic

Help: LDAP Authentication x RMI  RSS feed

 
Mauricio Silva
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using Oracle Internet Directory (OID) for authentication and authorization of the users of mine applications J2EE. However, I have some difficulties to make the authentication when I need to make a communication RMI between two applications in differents OC4J instances.
I configured a properties file ('jndi.properties') in an "client application" to make a call RMI for a SessionBean of a "server application".
<!-- jndi.properties -->
java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory
java.naming.provider.url=ormi://server/app
java.naming.security.principal=<user>
java.naming.security.credentials=<password>
dedicated.connection=true
<!-- end -->
When the "Server Application" makes the authentication in a XML file (jazn-data.xml or principals.xml), this communication (authentication) works, and "client application" obtains to recoup the information of the OID through the "server application".
But, when I configure the "server application" to make the authentication in the OID (changing the orion-application.xml with 'jazn provider=ldap'), I receive the following error: "error Lookup: javax.naming.AuthenticationException: Invalid username/password ".
<!-- orion-application.xml >
...
<jazn provider="LDAP" location="ldap://<server>:<porta>" default-realm="jazn.com">
<jazn-web-app auth-method="SSO"/>
</jazn-->
...
<!-- end -->
I believe problem still around the permission that I need to grant to User in the OID, that reflect the jazn-policy following:
<!-- jazn-data.xml -->
...
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<realm-name>jazn.com</realm-name>
<type>user</type>
<class>oracle.security.jazn.spi.xml.XMLRealmRole</class>
<name>jazn.com/myUser</name>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>com.evermind.server.rmi.RMIPermission</class>
<name>login</name>
</permission>
</permissions>
</grant>
</jazn-policy>
...

Observe that the User/Password specified in the properties file (jndi.properties) exists in the OID and that this problem ONLY happens when I need to make communication RMI between two applications.
Can anybody help me ?
Mauricio Silva.
 
Michael Ernest
High Plains Drifter
Sheriff
Posts: 7292
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see how this problem has anything to do with RMI.
 
Mauricio Silva
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem ONLY occurr with RMI communication.
Did you learn ?
 
Raja Ramesh Kumar
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are also facing the same problem. Can anybody provide the solution to this.

Thanks in advance

regards,
Raja Ramesh Kumar M
 
Patrick Sculley
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem is that RMI cannot authenticate against form or SSO based authentication mechanisms (the same holds true for SOAP). What you need is basic HTTP authentication using LDAP. Oracle says that this is not supported in this release (10.1.2) of JAZN/iAS, however, I don't see why someone couldn't develop a custom authentication module similiar to a Third Party Authentication Module (TPAM).
 
Patrick Sculley
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you deploy your web app to OC4J, the working copy of orion-application.xml under (.../application-deployments) is updated with
<jazn-web-app auth-method="SSO"/>
The unsupported mehtod for accomlishing this is to remove this line from the deployed orion-application.xml. This will enable JAZN-LDAP to operate with BASIC HTTP Authentication. As stated above, this type of authentication is required for SOAP, Web Services, RMI..
 
Marilyn de Queiroz
Sheriff
Posts: 9079
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This issue is specific to Oracle. I'm moving the thread to the "Oracle/OAS" forum. Here.
[ June 05, 2005: Message edited by: Marilyn de Queiroz ]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!