Monthly Archive: September 2013

Mutual Authentication with Weblogic Server

Mutual authentication is a process in which the Server sends its certificate to the client ( thin client / fat client) and the client validates the certificates, then the server requests for a certificate from the client and validates it.

In this example we have created a .pfx certificate which contains the public and the private keys. We installed the pfx certificate in the browser.




Then we exported the public key and imported it into the trust store of Weblogic Server.

C:\bea103\wlserver_10.3\server\lib>keytool -v -import -keystore DemoTrust.jks -f
ile Fabrizio.cer -alias fabrizio -storepass DemoTrustKeyStorePassPhrase
Owner: CN=Fabrizio
Issuer: CN=Fabrizio
Serial number: 0
Valid from: Fri May 15 20:02:49 IST 2009 until: Mon May 13 20:02:49 IST 2019
Certificate fingerprints:
MD5: 6B:45:89:C2:F0:4A:35:EB:8C:54:06:9F:5C:F1:D4:DB
SHA1: CE:2F:81:25:73:E0:52:77:C2:48:0E:70:FC:52:AE:3E:66:C6:33:9B
Signature algorithm name: MD5withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
[Storing DemoTrust.jks]

Created a user Fabrizio in the Default Authenticator


Configured the DefaultIdentityAsserter to process X509 Tokens

Home >Summary of Security Realms >myrealm >Providers >DefaultIdentityAsserter

Active Types: X.509


Provider Specific
Trusted Client Principals: Fabrizio
Default User Name Mapper Attribute Type: CN
Use Default User Name Mapper : Checked


Enabled SSL Port


Configured the Server to request for Client Certificates.

AdminServer > SSL > Advanced

Hostname Verification: None
Two Way Client Cert Behavior: Client Certs Requested and Enforced


Deployed an application that uses CLIENT-CERT authentication and accessed it. Will cover the details of such an application in another post.

access the protected application

Once we select the appropriate certificate we were able to access the application.

Please let us know if you have any queries related to the configuration or require additional details.

Wonders Team

Clustering in WebSphere Application Server

Clustering is a very critical aspect of any middleware enterprise application. It provides capabilities of high availability by providing fail over and load balancing mechanism.

This post is a sample demonstration of configuring a cluster in WebSphere Application Server Network Deployment 7.0.


Deployment Manager Profile created using profile management tools.



1. Create Cluster definition.

Log into WAS Admin console — > Servers — > Clusters — > WebSphere application server clusters.

Clustering in WebSphere

Clustering in websphere

Clustering in websphere


2. Create cluster members.

Provide the details about the cluster members.

Clustering in WebSphere


Define the node on which the cluster member would reside.

Also define whether the server would be generated based on a server template.

You can add additional members to the cluster.

Clustering in WebSphere


Once the cluster is created successfully, it would be in stopped state by default.

3. Make sure the node agent is started.

Go to System administration from left panel — > Node agents — > Check the status.


Clustering in WebSphere

Clustering in WebSphere


If the Node Agent is not  started, you can execute the below script to start the same.


4. Start the cluster.




Further reading:


Some common issues while configuring a cluster in WebSphere Application Server.



Cluster member MyServer1 will not be started because the Node Agent on node Node02 is not active. Cluster members can be started individually from the cluster member collection panel.


Make sure you start the Node Agent.


The node agent on node Node02 must be started to perform the restart operation. Node agents in stopped state cannot be started from the console.


You would need to start the node agent from command line as below.





Caused by: ADMU7707E: Failed while trying to determine the Windows Service name for server: nodeagent; probable error executing WASService.exe: ADMU7709E: Unexpected exception while processing server: nodeagent; exception = Cannot run program “D:\Softwares\bin\WASService.exe”: CreateProcess error=740, The requested operation requires elevation.



Check whether the node agent service is present or not. If not create a node agent service as below.


WAS_HOME\bin> wasservice -add Dmgr01_NodeAgent

-servername server1 -profilePath “D:\Softwares\profiles\Dmgr01”

-wasHome “D:\Softwares” -logFile “D:\Softwares\profiles\Dmgr01\logs\nodeagent\startNode.log”

-logRoot “D:\Softwares\profiles\Dmgr01logs\nodeagent” -restart true -startType automatic



The node LTADKAW7Node01 is not synchronized with the master configuration. This may prevent cluster member MyServer1 from starting correctly.

Remedy: Synchronize the node.



Wonders team 🙂




Weblogic Dynamic Cluster configuration

This is a new feature available in Weblogic 12c (12.1.2).

Dynamic cluster contains one or more dynamic servers. It allows you to add a new server dynamically at peak loads.  This would eliminate the need of adding the managed server manually to a cluster.  The businesses can define number of servers that needs to be added dynamically anticipating the peak loads.

The concept of dynamic cluster is based on a single shared server template.

For further reading on server template please refer the below post.


  1. Configured machine .


You can create the setup in two ways.

  1. From Administration console
  2. Using WLST


I. Using Administration console:

1. Login into the administration console  — >  Cluster  — > Click on new — > Select Dynamic Cluster from the drop down.


Weblogic Dynamic Cluster

Weblogic Dynamic Cluster


2. Select the messaging mode and define number of servers you would need at the peak load.

You can either create a new server template or use an already existing one.

Dynamic Cluster-NoOfServers

Dynamic Cluster-NoOfServers



3. Associate dynamic servers with machines.

Note: Associating dynamic servers with machines is essential if you intend to use the Node Manager and the Administration Console (or WLST) to start servers.


Weblogic Dynamic Cluster-Machine

Weblogic Dynamic Cluster-Machine



4. Specify Listen port bindings:

You would need to define port bindings for only one dynamic server, and each subsequent server will be given an incremental port.

Weblogic Dynamic Cluster

Weblogic Dynamic Cluster

weblogic Dynamic Cluster

weblogic Dynamic Cluster


Weblogic Dynamic Cluster Details

Weblogic Dynamic Cluster Details


This would create a server template based on the dynamic cluster configuration, which can be reused.

Dynamic Cluster Server Template

Dynamic Cluster Server Template




II . Using WLST:

You can use the below WLST to create a dynamic cluster.

# This example demonstrates the WLST commands needed to create a dynamic cluster
# (dynamic-cluster). The dynamic cluster utilizes a server template    
# dynamic-cluster-server-template. To keep this example simple, error handling
# was omitted.




# Create the server template for the dynamic servers and set the attributes for
# the dynamic servers. Setting the cluster is not required.






# Create the dynamic cluster and set the dynamic servers.





# Dynamic server names will be dynamic-server-1, dynamic-server-2, ...,
# dynamic-server-10.


# Listen ports and machines assignments will be calculated. Using a round-robin
# algorithm, servers will be assigned to machines with names that start with
# dyn-machine.


# activate the changes



Further  reading:


Wonders Team 🙂