Friday, December 11, 2009

ADF Security Across Multiple WebLogic Managed Servers

While working with ADF Security I have noticed interesting behavior - if multiple applications are deployed on the same Managed Server, its enough to authenticate and authorize once and then security context will be transfered to another applications (something similar to Single-Sign-On). However, if same applications are deployed on different Managed Servers - user will be asked to enter login credentials again. Let's show this by examples.

I have created Countries application, where I have defined developer and support Application Roles:



Second application - Locations, contains only developer role:



I have configured two managed servers - dev1 and dev2:



Countries application is deployed on dev1:



While Location application is deployed on dev2:



Now I login into Countries with user scott/welcome1:



Both authentication and authorization is successful:



From the same Web browser session I open second application called Locations, and I will be asked now for username and password again:



Let's change target deployment for Locations application to dev1, same target where Countries are deployed:



Now Locations will be opened within the same browser session without asking to provide username/password again:



If I would try to login into Countries with another user, who is assigned with support role, but not developer role:



I will get authorization error while trying to open Locations:


10 comments:

Renan Monteiro's Sharepoint said...

Hello,

do you have any link to easily configure a managed web server to run ADF Applications???

Creating a Server is easy but how to configure it to essentially run my ADF app???

Thanks,
Renan.

Andrej Baranovskij said...

Hi Renan,

Hope this will help - http://andrejusb.blogspot.com/2009/09/hint-for-oracle-adf-application.html

Regards,
Andrejus

Renan Monteiro's Sharepoint said...

Thanks for the answer, it will help me in the future but now I'm getting some Authentication error when trying to start the server by StartManagedServer.cmd...

How did you created a managed Server without specifying a machine???

I'm getting a error message when trying to start my newly created server by Admin Console:
"This server is not associated to a Machine"

Andrej Baranovskij said...

You are implementing cluster?

Regards,
Andrejus

Renan Monteiro's Sharepoint said...

No, I'm running everything in StandAlone mode...
It worked for me now, but I created a Machine and opened the NodeManager, so I can start the Application.

By command-line(StartManagedServer.cmd server http://localhost:7003/) I'm getting a Security Error that I can't figure out. Tried the boot.properties thing but doesn't seens to work.

Do you need to start NodeManager every time you want to start ManagerServer ??? I get a PermGen error every time I execute a task on it(on Managed Server, like app deploy or undeploy)

Thanks,
Renan.

Renan Monteiro's Sharepoint said...

I finally deployed my second app to my managed server BUT I can't get authorization to see any page on managed server, only on default server(I choose to target two servers) even using anonymous-role on jazn-data.xml I get error 401 on my ManagedServer...

I deployed the JDBC(the one that is used in the Authentication Provider) to the other server too...

I don't know what is hapenning, I'm using SQLAuthenticator as my Provider to log-in.

Andrej Baranovskij said...

Hi,

Does it work for you with Default Authenticator? You getting error only with SQL Authenticator?

Regards,
Andrejus

Anonymous said...

Hello,

Is there a way to propagate the security context across the managed servers? I have two apps deployed in different managed servers and want to setup authentication between them.

Thanks
Vidya

Juan said...

Hi Andrejus,
Is there a way to propagate the security context across the managed servers?
I have three apps deployed in different managed servers. I can login to the main app (menu app) and I can open the other app without problem (in new tab A). Then I open the third app (new tab B), and opens ok. But If I get focus to the second app (tab A), a session expired alert pops up.

Thank you.

Anonymous said...

@Juan,
I have the same problem, with ADF 12.2.1.1
Two ADF secured applications, deployed on separate managed server.
@Andrejus, any solution for this?