• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Weblogic, active directory and smart card authentication

Ranch Hand
Posts: 147
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there.
I have a scenario where I need to change how Weblogic authenticates users. Currently it is using its internal LDAP only. This means all users, passwords and groups are managed within the app server.

The proposed scenario is to use Active Directory and smart cards. Effectively removing all users and passwords from the Weblogic LDAP.
The general flow would go as follows:

1. User requests secure resource via browser
2. Java applet is downloaded to client which reads smart card
2a. Applet prompts for PIN to ensure the owner of the card is making the request.
2b. If sucessful PIN validation, then extract username from card and return it to Weblogic.
3. Weblogic then authenticates the user in Active Directory.

I've read quite a bit of documentation and am either overlooking something or simply not understanding it.

My question is, when Weblogic authenticates the username against Active Directory, is it going to also attempt to validate a password or some other credential?

At this point, the only reason to authenticate agains the AD is to get authorize the user based on their group membership.

I feel like I'm missing one or two steps.

Thanks in advance.

    Bookmark Topic Watch Topic
  • New Topic