Configuring Active Directory Authenticator with Weblogic Server

Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and rolemapping.Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.These providers can be Out Of the Box Providers provided by WLS or Custom Providers which can be plugged in. I’ll discuss that in some other article.

These are some of the providers


WLS does provide an out of the box provider for Active Directory.
These are the steps to configure it.
Step 1). Open Active Directory Console

Step 2). Create a User

Step 3). Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.

Step 4). Go to Weblogic Server and Create an Active Directory Authentication Provider

Step 5) Under Provider Specific, provide the following values, leave the others as default.

Propagate Cause For Login Exception ( checked)
Principal :CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com
User Base Dn : CN=Users,DC=faisal,DC=bea,DC=com
Credential : XXXXXX
Group Base Dn: CN=Users,DC=faisal,DC=bea,DC=com

You should see the following in the config.xml

<sec:authentication-provider xsi:type=”wls:active-directory-authenticatorType”>
<sec:name>ActiveDirectory</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:principal>CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com</wls:principal>
<wls:user-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{3DES}YoOwqSH1jxsOlvUmAYOENw==</wls:credential-encrypted>
<wls:group-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:group-base-dn>
</sec:authentication-provider>

Step 6) Change the control flag of the Active Directory Authenticator and the Default Authenticator to SUFFICIENT

Step 7) Restart your server. Go to myrealm. You should be able to see the users and groups from the Active Directory.

Latest Comments

  1. bill December 9, 2010
  2. Daniel Chasle February 11, 2011
    • Administrator February 11, 2011
  3. Mangesh Khairnar March 3, 2011
    • Administrator March 3, 2011
  4. Mangesh Khairnar March 3, 2011
    • Administrator March 3, 2011
  5. Mangesh Khairnar March 3, 2011
    • Administrator March 3, 2011
  6. Mangesh Khairnar March 4, 2011
    • Administrator March 5, 2011
  7. Mangesh Khairnar March 5, 2011
    • Administrator March 5, 2011
  8. Mangesh Khairnar March 5, 2011
    • Administrator March 5, 2011
  9. Stewart Meyer April 15, 2011
    • Administrator April 16, 2011
  10. Pradeep May 12, 2011
    • Administrator May 14, 2011
  11. Pradeep May 16, 2011
  12. sally May 31, 2011
  13. Sonnet June 7, 2011
  14. Sonnet June 9, 2011
  15. Spyros July 21, 2011
    • Administrator July 22, 2011
  16. Saiju February 7, 2012
    • Administrator February 8, 2012
  17. doug February 23, 2012
    • Administrator March 23, 2012
  18. natalya.luke July 20, 2012
    • Administrator August 21, 2012
  19. neeraj gang September 10, 2012
    • Administrator September 29, 2012
  20. Paul December 27, 2012
  21. Rajesh February 5, 2013
    • Administrator February 17, 2013
      • ashish patil September 30, 2014
  22. Iman March 31, 2013
    • Administrator January 16, 2014
  23. Garima Dubey June 2, 2014
    • Administrator June 2, 2014
  24. Angeliki August 5, 2014
    • Administrator September 8, 2014
  25. Balaji April 10, 2015
    • Administrator April 10, 2015

Leave a Reply