SlideShare una empresa de Scribd logo

WebLogic authentication debugging

Descargar como PPTX, PDF
Maarten Smeets
Maarten Smeets

Login information and group memberships (identity) often are centrally managed in Enterprises. Many systems use this information to, for example, achieve Single Sign On (SSO) functionality. Surprisingly, access to the Weblogic Server Console and applications is often not centrally managed. I will explain why centralizing management of these identities, in addition to increased security, quickly starts reducing operational cost and even increases developer productivity. During a demonstration, I will introduce several methods for debugging authentication using an external authentication provider in order to lower the bar to apply this pattern. This technically oriented presentation is especially useful for people working in operations managing Weblogic Servers.

Tecnología
1 de 40
OGh Oracle Fusion Middleware Experience 2016 bij FIGI Zeist Maarten Smeets, 16-02-2016 Debugging WebLogic authentication
Introduction • About AMIS – Located in the Netherlands – Oracle Award winning partner • About me – Senior Oracle Integration Consultant – Experience with Oracle SOA Suite since 2007 – Well certified (SOA, BPM, Java, SQL, PL/SQL among others) – Author more than 100 blog articles (http://javaoraclesoa.blogspot.com) @MaartenSmeetsNL https://nl.linkedin.com/in/smeetsm
4 Oracle Virtual Technology Summit http://www.oracle.com/technetwork/community/developer-day/index.html March 8, 2016, 18:30:00 CET • Database Application Development • Oracle DB12c Performance • MySQL • Java EE, Microservices and JPA • All about Java 8! • The Internet of Things • WebLogic 12.2.1 and Java EE • Operating Systems and Virtualization • Storage,SPARC, and Software Development
Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
6 Why use an external Identity Store? Application WLS SOA WLS OSB WLS ADF WLS WCC • An application uses company internal users • Often internal users are already present in an Identity Store • Management organization in place • Single environment to manage users • Single account per user
7 Introduction OPSS Oracle Identity Store solutions • Oracle Unified Directory – Embedded Berkeley Database – LDAP proxy – Much faster read/write than ODSEE – Provides LDAP virtualization – Elastic scaling – Strategic Directory Server product – Designed to address current and future on-premise, mobile, and cloud needs • Oracle Directory Server Enterprise Edition – ODSEE 5.2 and 6.3 are in Sustaining Support – No new fixes will be created • Oracle Virtual Directory – Provides virtualization of different sources – OUD does not replace OVD • Oracle Internet Directory – Uses external Oracle DB – Used with Fusion Applications https://blogs.oracle.com/OracleIDM/entry/why_customers_should_upgrade_directory
Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
Introduction OPSS Identity Store Providers Authentication Authorization Credential Store Framework User / Role Service Provider Interface Layer OPSS APIs WebLogic Server JavaEE application Java SE application
Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
What to debug Identity Store WebLogic Console Application Authentication API Virtualization Platform security jps-config.xml jps-config-jse.xml system-jazn-data.xml config.xml web.xml weblogic.xml LDAP queries SSL/TLS Role mappings Organizational Units Authentication provider
Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
13 Debug Weblogic authentication using an external client • Using an external client Apache Directory Studio
14 Debug WebLogic authentication Embedded LDAP
15 Debug WebLogic authentication Embedded LDAP • Login using: Bind DN / User: cn=Admin • Running by default on the AdminServer port • Check out cn=Config for LDAP server properties
16 Debug WebLogic authentication Embedded LDAP • Notice the use of dynamic groups
17 Debug WebLogic authentication Embedded LDAP • Notice the use of dynamic groups
18 Debug WebLogic authentication Authentication provider configuration • Select the authentication provider (as specific as possible) • JAAS Control flags • LDAP connection details • LDAP search behavior – Users – Static groups – Dynamic groups • Cache settings
19 Debug WebLogic authentication using Weblogic Console • JAAS Control flags – SUFFICIENT: if authentication is passed, no other authentication providers are evaluated. If it fails, they are – REQUIRED: the authentication provider is always called and authentication must succeed – OPTIONAL: passing authentication of this provider is optional. If all providers are optional, one needs to pass – REQUISITE: authentication has to succeed on this provider. After that providers of lower priority are evaluated
20 Debug Weblogic authentication Cache settings • How to uniquely identify an LDAP entry. The GUID Attribute • The GUID Attribute is used as cache key • Provider specific – OUD, OpenLDAP, ApacheDS: entryuuid – Active Directory: objectguid – OVD, OID: orclguid • Misconfiguration can lead to first login fail, second login success (cache issues)
21 Debug Weblogic authentication using Weblogic Console • Connection to external provider works • Server trust is established • User query works • Validating authentication details works
22 Debug Weblogic authentication using Weblogic Console • Dynamic group object class works • Group Base DN works • User Dynamic Group DN Attribute works • Dynamic Group Name Attribute works
23 Debug Weblogic authentication using log files LDAP connections LDAP queries
24 Demo • Embedded LDAP • How to create a user in an LDAP server • How to configure WebLogic server to use the server • Debug authentication using the console • Debug the authentication using the log files
Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
Debug application authentication Identity Store WebLogic Console Application Authentication API Authentication provider Virtualization Platform security jps-config.xml jps-config-jse.xml system-jazn-data.xml config.xml web.xml weblogic.xml LDAP queries SSL/TLS Role mappings Organizational Units
27 OPSS configuration files in $DOMAIN_HOME/config/fmwconfig • Java Platform Security: jps-config.xml (Java EE), jps-config.jse.xml (Java SE) login modules, authentication providers, authorization policy providers, credential stores and auditing services • jazn-data.xml, system-jazn-data.xml – users, groups and authorization policies • cwallet.sso – credentials used by the application • adapters.os_xml – LibOVD plugin configuration
28 Debug application authentication LibOVD • Present since 11.1.1.4. Seen several patches since then. Lightweight OVD alternative supplied with WebLogic Server. • FMW components which use OPSS can only use the first LDAP authentication provider LibOVD provides virtualization • Configuration Edit <DOMAINDIR>/config/fmwconfig/jps-config.xml manually or from Enterprise Manager Plugin configuration in <DOMAINDIR>configfmwconfigovddefaultadapters.os_xml http://fusionsecurity.blogspot.nl/2012/06/libovd-when-and-how.html
29 Debug application authentication LibOVD configuration • <DOMAINDIR>/config/fmwconfig/jps-config.xml Provides login modules, authentication providers, credential stores
30 Debug application authentication LibOVD configuration • The OPSS API only queries static groups by default. Not dynamic groups. • Use the LibOVD dynamic group plugin to present dynamic groups like static groups (configuration in <DOMAINDIR>configfmwconfigovddefaultadapters.os_xml) • Requires that the dynamic group has both the GroupOfUniqueNames and GroupOfURL objectclasses • Only one structural class is allowed per LDAP object • Fix by setting the superclass of GroupOfURLs to GroupOfUniqueNames http://www.ateam-oracle.com/oracle-webcenter-and-dynamic-groups-from-an-external-ldap-server-part-1-of-2/
31 Debug application authentication LibOVD debugging • Can be used when ADFLogger is used in application • Can be used for specific Weblogic Server component debugging such as oracle.ods.virtualization for LibOVD
32 Debug application authentication ADF Security • Application configuration files – web.xml Defines authorization constraints (valid-users) and set-up OPSS policy provider (JpsFilter) – weblogic.xml Maps valid-users to OPSS principal users
33 Demo • Use basic authentication in an ADF application
34 Debug application authentication ADF Security • Application configuration files – jazn-data.xml Contains development users / roles Application roles are granted to enterprise roles / users (from the OPSS API which uses the authorization provider). Resource permissions are granted to application roles or enterprise roles. – Test with: Java: ADFContext.getCurrent().getSecurityContext().isUserInRole(“role”) EL: #{securityContext.userInRole[‘role']} Users Enterprise roles Application roles Permissions Grants weblogic.xml jazn-data.xml
35 Debug application authentication ADF Security • <DOMAINDIR>/config/fmwconfig/ system-jazn-data.xml – OOTB file based policy store – Users, groups, authorization policies – CredentialAccessPermission – Change while WebLogic is down or from EM!
36 Debug application authentication JVM parameters • JVM parameters: – -Djps.auth.debug=true to get AccessControlException among other useful messages – -Djps.auth.debug.verbose=true to get a lot of debug messages http://docs.oracle.com/cd/E23943_01/core.1111/e10043/jpsprops.htm#JISEC2229
37 Debug application authentication Business Process Management • Authenticate with a user • User is member of (authentication provider) groups • Groups are granted (application) roles and organization units • Business Process Management uses application roles and organization units
38 Debug application authentication The Identity Service • Can I authenticate the user? – authenticateUser • Can I determine groups? – getGroups http://HOST:PORT/integration/services/IdentityService/identity?WSDL <ORACLE_HOME>/soa/soa/modules/oracle.soa.workflow_11.1.1/bpm-services.jar • Can I determine granted roles? – getGrantedRolesToUser • Can I determine organizational units? – use the Java API
39 Conclusion • Many debugging options available – Looking at WebLogic Console or application behavior – Using an external client for your authentication provider – Debug logging in WebLogic Server console – Log configuration in Enterprise Manager Fusion Middleware Control – Isolated tests such as IdentityService calls or Java API’s • It is important to know what is between your application and your authentication provider to structure your debugging efforts and trace at which layer things go wrong • WebLogic Console is relatively easy to debug compared to for example LibOVD. Application side debugging is often also not very difficult.
WebLogic authentication debugging

Recomendados

Oracle Management Cloud
Oracle Management CloudOracle Management Cloud
Oracle Management CloudFabio Batista
 
Oracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateOracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateMarkus Michalewicz
 
Oracle Database Migration to Oracle Cloud Infrastructure
Oracle Database Migration to Oracle Cloud InfrastructureOracle Database Migration to Oracle Cloud Infrastructure
Oracle Database Migration to Oracle Cloud InfrastructureSinanPetrusToma
 
Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...
Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...
Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...Carlos Sierra
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesBobby Curtis
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeAlbert Suwandhi
 
Oracle Cloud Infrastructure – Compute
Oracle Cloud Infrastructure – ComputeOracle Cloud Infrastructure – Compute
Oracle Cloud Infrastructure – ComputeMarketingArrowECS_CZ
 

Recomendados

Oracle Management Cloud
Oracle Management CloudOracle Management Cloud
Oracle Management CloudFabio Batista
 
Oracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateOracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateMarkus Michalewicz
 
Oracle Database Migration to Oracle Cloud Infrastructure
Oracle Database Migration to Oracle Cloud InfrastructureOracle Database Migration to Oracle Cloud Infrastructure
Oracle Database Migration to Oracle Cloud InfrastructureSinanPetrusToma
 
Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...
Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...
Survey of some free Tools to enhance your SQL Tuning and Performance Diagnost...Carlos Sierra
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...Yevgeniy Brikman
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesBobby Curtis
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as CodeAlbert Suwandhi
 
Oracle Cloud Infrastructure – Compute
Oracle Cloud Infrastructure – ComputeOracle Cloud Infrastructure – Compute
Oracle Cloud Infrastructure – ComputeMarketingArrowECS_CZ
 
Editioning use in ebs
Editioning use in ebsEditioning use in ebs
Editioning use in ebsaioughydchapter
 
Error Management Features of PL/SQL
Error Management Features of PL/SQLError Management Features of PL/SQL
Error Management Features of PL/SQLSteven Feuerstein
 
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
"Certified Kubernetes Administrator Exam – how it was" by Andrii FedenishinKatherine Golovinova
 
Test your PL/SQL with utPLSQL
Test your PL/SQL with utPLSQLTest your PL/SQL with utPLSQL
Test your PL/SQL with utPLSQLDaniel Overby Hansen
 
Oracle Data Integrator
Oracle Data Integrator Oracle Data Integrator
Oracle Data Integrator IT Help Desk Inc
 
Oracle db performance tuning
Oracle db performance tuningOracle db performance tuning
Oracle db performance tuningSimon Huang
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQLAmazon Web Services
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxMaria Colgan
 
Oracle SQL Developer Tips & Tricks
Oracle SQL Developer Tips & TricksOracle SQL Developer Tips & Tricks
Oracle SQL Developer Tips & TricksJeff Smith
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
Oracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningOracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningBobby Curtis
 
Running OpenShift Clusters in a Cloudstack Environment
Running OpenShift Clusters in a Cloudstack EnvironmentRunning OpenShift Clusters in a Cloudstack Environment
Running OpenShift Clusters in a Cloudstack EnvironmentShapeBlue
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesYevgeniy Brikman
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerMaris Elsins
 
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...Aaron Shilo
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceJean-Philippe PINTE
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Dimitri Gielis
 
Oracle Cloud Infrastructure
Oracle Cloud InfrastructureOracle Cloud Infrastructure
Oracle Cloud InfrastructureMarketingArrowECS_CZ
 
Lessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeLessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeYevgeniy Brikman
 
SQL Tuning 101
SQL Tuning 101SQL Tuning 101
SQL Tuning 101Carlos Sierra
 
What should I do now?! JCS for WebLogic Admins
What should I do now?! JCS for WebLogic AdminsWhat should I do now?! JCS for WebLogic Admins
What should I do now?! JCS for WebLogic AdminsSimon Haslam
 
OAM Install & Config
OAM Install & ConfigOAM Install & Config
OAM Install & ConfigVigilant Technologies
 

Más contenido relacionado

La actualidad más candente

Error Management Features of PL/SQL
Error Management Features of PL/SQLError Management Features of PL/SQL
Error Management Features of PL/SQLSteven Feuerstein
 
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
"Certified Kubernetes Administrator Exam – how it was" by Andrii FedenishinKatherine Golovinova
 
Oracle db performance tuning
Oracle db performance tuningOracle db performance tuning
Oracle db performance tuningSimon Huang
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxMaria Colgan
 
Oracle SQL Developer Tips & Tricks
Oracle SQL Developer Tips & TricksOracle SQL Developer Tips & Tricks
Oracle SQL Developer Tips & TricksJeff Smith
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
Oracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningOracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningBobby Curtis
 
Running OpenShift Clusters in a Cloudstack Environment
Running OpenShift Clusters in a Cloudstack EnvironmentRunning OpenShift Clusters in a Cloudstack Environment
Running OpenShift Clusters in a Cloudstack EnvironmentShapeBlue
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesYevgeniy Brikman
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerMaris Elsins
 
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...Aaron Shilo
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceJean-Philippe PINTE
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Dimitri Gielis
 
Lessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeLessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeYevgeniy Brikman
 

La actualidad más candente (20)

Editioning use in ebs
Editioning use in ebsEditioning use in ebs
Editioning use in ebs
 
Error Management Features of PL/SQL
Error Management Features of PL/SQLError Management Features of PL/SQL
Error Management Features of PL/SQL
 
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
"Certified Kubernetes Administrator Exam – how it was" by Andrii Fedenishin
 
Test your PL/SQL with utPLSQL
Test your PL/SQL with utPLSQLTest your PL/SQL with utPLSQL
Test your PL/SQL with utPLSQL
 
Oracle Data Integrator
Oracle Data Integrator Oracle Data Integrator
Oracle Data Integrator
 
Oracle db performance tuning
Oracle db performance tuningOracle db performance tuning
Oracle db performance tuning
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQL
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
 
Oracle SQL Developer Tips & Tricks
Oracle SQL Developer Tips & TricksOracle SQL Developer Tips & Tricks
Oracle SQL Developer Tips & Tricks
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
 
Oracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningOracle GoldenGate Performance Tuning
Oracle GoldenGate Performance Tuning
 
Running OpenShift Clusters in a Cloudstack Environment
Running OpenShift Clusters in a Cloudstack EnvironmentRunning OpenShift Clusters in a Cloudstack Environment
Running OpenShift Clusters in a Cloudstack Environment
 
Reusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modulesReusable, composable, battle-tested Terraform modules
Reusable, composable, battle-tested Terraform modules
 
DB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource ManagerDB12c: All You Need to Know About the Resource Manager
DB12c: All You Need to Know About the Resource Manager
 
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
Exploring Oracle Database Performance Tuning Best Practices for DBAs and Deve...
 
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud ServiceOracle Cloud Storage Service & Oracle Database Backup Cloud Service
Oracle Cloud Storage Service & Oracle Database Backup Cloud Service
 
Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)Reporting with Oracle Application Express (APEX)
Reporting with Oracle Application Express (APEX)
 
Oracle Cloud Infrastructure
Oracle Cloud InfrastructureOracle Cloud Infrastructure
Oracle Cloud Infrastructure
 
Lessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure codeLessons learned from writing over 300,000 lines of infrastructure code
Lessons learned from writing over 300,000 lines of infrastructure code
 
SQL Tuning 101
SQL Tuning 101SQL Tuning 101
SQL Tuning 101
 

Destacado

What should I do now?! JCS for WebLogic Admins
What should I do now?! JCS for WebLogic AdminsWhat should I do now?! JCS for WebLogic Admins
What should I do now?! JCS for WebLogic AdminsSimon Haslam
 
Easy oracle & weblogic provisioning and deployment
Easy oracle & weblogic provisioning and deploymentEasy oracle & weblogic provisioning and deployment
Easy oracle & weblogic provisioning and deploymentBert Hajee
 
Oracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade Notları
Oracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade NotlarıOracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade Notları
Oracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade NotlarıM. Fevzi Korkutata
 
Weblogic configuration
Weblogic configurationWeblogic configuration
Weblogic configurationAditya Bhuyan
 
Learn Oracle WebLogic Server 12c Administration
Learn Oracle WebLogic Server 12c AdministrationLearn Oracle WebLogic Server 12c Administration
Learn Oracle WebLogic Server 12c AdministrationRevelation Technologies
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyJaap Poot
 
Advanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM AutomationAdvanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM AutomationM. Fevzi Korkutata
 
Upgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project Experiences
Upgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project ExperiencesUpgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project Experiences
Upgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project ExperiencesBruno Alves
 
Oracle Traffic Director - a vital part of your Oracle infrastructure
Oracle Traffic Director - a vital part of your Oracle infrastructureOracle Traffic Director - a vital part of your Oracle infrastructure
Oracle Traffic Director - a vital part of your Oracle infrastructureSimon Haslam
 
Oracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with LessOracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with LessEd Burns
 
End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...
End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...
End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...andrejusb
 
Oracle WebLogic Server: Remote Monitoring and Management
Oracle WebLogic Server: Remote Monitoring and ManagementOracle WebLogic Server: Remote Monitoring and Management
Oracle WebLogic Server: Remote Monitoring and ManagementRevelation Technologies
 
What's New in WebLogic 12.1.3 and Beyond
What's New in WebLogic 12.1.3 and BeyondWhat's New in WebLogic 12.1.3 and Beyond
What's New in WebLogic 12.1.3 and BeyondOracle
 
Performance Tuning Oracle Weblogic Server 12c
Performance Tuning Oracle Weblogic Server 12cPerformance Tuning Oracle Weblogic Server 12c
Performance Tuning Oracle Weblogic Server 12cAjith Narayanan
 
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012Arun Gupta
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...Frank Munz
 

Destacado (20)

What should I do now?! JCS for WebLogic Admins
What should I do now?! JCS for WebLogic AdminsWhat should I do now?! JCS for WebLogic Admins
What should I do now?! JCS for WebLogic Admins
 
OAM Install & Config
OAM Install & ConfigOAM Install & Config
OAM Install & Config
 
Easy oracle & weblogic provisioning and deployment
Easy oracle & weblogic provisioning and deploymentEasy oracle & weblogic provisioning and deployment
Easy oracle & weblogic provisioning and deployment
 
REST mit ADF
REST mit ADFREST mit ADF
REST mit ADF
 
Dynamicly Scale Weblogic in the private Cloud clusters
Dynamicly Scale Weblogic in the private Cloud clusters Dynamicly Scale Weblogic in the private Cloud clusters
Dynamicly Scale Weblogic in the private Cloud clusters
 
Oracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade Notları
Oracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade NotlarıOracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade Notları
Oracle WebLogic 12.2.1.1 Kurulum, Domain Oluşturma, Upgrade Notları
 
Weblogic configuration
Weblogic configurationWeblogic configuration
Weblogic configuration
 
Learn Oracle WebLogic Server 12c Administration
Learn Oracle WebLogic Server 12c AdministrationLearn Oracle WebLogic Server 12c Administration
Learn Oracle WebLogic Server 12c Administration
 
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancyAMIS Beyond the Horizon - High density deployments using weblogic multitenancy
AMIS Beyond the Horizon - High density deployments using weblogic multitenancy
 
Advanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM AutomationAdvanced WebLogic Monitoring: JMX and WLSDM Automation
Advanced WebLogic Monitoring: JMX and WLSDM Automation
 
Upgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project Experiences
Upgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project ExperiencesUpgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project Experiences
Upgrading to Oracle SOA 12.1 & 12.2 - Practical Steps and Project Experiences
 
Oracle Traffic Director - a vital part of your Oracle infrastructure
Oracle Traffic Director - a vital part of your Oracle infrastructureOracle Traffic Director - a vital part of your Oracle infrastructure
Oracle Traffic Director - a vital part of your Oracle infrastructure
 
Oow2016 review-iaas-paas-13th-18thoctober
Oow2016 review-iaas-paas-13th-18thoctoberOow2016 review-iaas-paas-13th-18thoctober
Oow2016 review-iaas-paas-13th-18thoctober
 
Oracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with LessOracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with Less
 
End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...
End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...
End-to-End Cloud: Oracle Java Cloud, Oracle Mobile Cloud Service, Oracle MAF,...
 
Oracle WebLogic Server: Remote Monitoring and Management
Oracle WebLogic Server: Remote Monitoring and ManagementOracle WebLogic Server: Remote Monitoring and Management
Oracle WebLogic Server: Remote Monitoring and Management
 
What's New in WebLogic 12.1.3 and Beyond
What's New in WebLogic 12.1.3 and BeyondWhat's New in WebLogic 12.1.3 and Beyond
What's New in WebLogic 12.1.3 and Beyond
 
Performance Tuning Oracle Weblogic Server 12c
Performance Tuning Oracle Weblogic Server 12cPerformance Tuning Oracle Weblogic Server 12c
Performance Tuning Oracle Weblogic Server 12c
 
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
WebLogic 12c Developer Deep Dive at Oracle Develop India 2012
 
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
What You Should Know About WebLogic Server 12c (12.2.1.2) #oow2015 #otntour2...
 

Similar a WebLogic authentication debugging

Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidpasalapudi
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureAtul Goyal
 
Oracle Identity and access management overview
Oracle Identity and access management overviewOracle Identity and access management overview
Oracle Identity and access management overviewkalikishoregomattam1
 
The Oracle Application Container Cloud as the Microservices Platform (APAC OU...
The Oracle Application Container Cloud as the Microservices Platform (APAC OU...The Oracle Application Container Cloud as the Microservices Platform (APAC OU...
The Oracle Application Container Cloud as the Microservices Platform (APAC OU...Lucas Jellema
 
Case Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldCase Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldForgeRock
 
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Alfredo Krieg
 
Oracle Cloud Native Application Development (Meetup, 20th January 2020)
Oracle Cloud Native Application Development (Meetup, 20th January 2020)Oracle Cloud Native Application Development (Meetup, 20th January 2020)
Oracle Cloud Native Application Development (Meetup, 20th January 2020)Lucas Jellema
 
Rajnish singh(presentation on oracle )
Rajnish singh(presentation on oracle )Rajnish singh(presentation on oracle )
Rajnish singh(presentation on oracle )Rajput Rajnish
 
Oracle database connection with the .net developers
Oracle database connection with the .net developersOracle database connection with the .net developers
Oracle database connection with the .net developersveerendramb3
 
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...Marcus Vinicius Miguel Pedro
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
Part 1 of the REAL Webinars on Oracle Cloud Native Application Development
Part 1 of the REAL Webinars on Oracle Cloud Native Application DevelopmentPart 1 of the REAL Webinars on Oracle Cloud Native Application Development
Part 1 of the REAL Webinars on Oracle Cloud Native Application DevelopmentLucas Jellema
 
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Lucas Jellema
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 

Similar a WebLogic authentication debugging (20)

AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware PublicationAMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
AMIS Oracle OpenWorld 2013 Review Part 2 - Platform Middleware Publication
 
Multiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oidMultiple ldap implementation with ebs using oid
Multiple ldap implementation with ebs using oid
 
OIM11g R2PS2 Architecture
OIM11g R2PS2 ArchitectureOIM11g R2PS2 Architecture
OIM11g R2PS2 Architecture
 
Oracle Identity and access management overview
Oracle Identity and access management overviewOracle Identity and access management overview
Oracle Identity and access management overview
 
The Oracle Application Container Cloud as the Microservices Platform (APAC OU...
The Oracle Application Container Cloud as the Microservices Platform (APAC OU...The Oracle Application Container Cloud as the Microservices Platform (APAC OU...
The Oracle Application Container Cloud as the Microservices Platform (APAC OU...
 
Case Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New WorldCase Study: Plus Retail - Moving from the Old World to the New World
Case Study: Plus Retail - Moving from the Old World to the New World
 
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
 
Plantilla oracle
Plantilla oraclePlantilla oracle
Plantilla oracle
 
Oracle Cloud Native Application Development (Meetup, 20th January 2020)
Oracle Cloud Native Application Development (Meetup, 20th January 2020)Oracle Cloud Native Application Development (Meetup, 20th January 2020)
Oracle Cloud Native Application Development (Meetup, 20th January 2020)
 
Rajnish singh(presentation on oracle )
Rajnish singh(presentation on oracle )Rajnish singh(presentation on oracle )
Rajnish singh(presentation on oracle )
 
Oracle database connection with the .net developers
Oracle database connection with the .net developersOracle database connection with the .net developers
Oracle database connection with the .net developers
 
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
Part 1 of the REAL Webinars on Oracle Cloud Native Application Development
Part 1 of the REAL Webinars on Oracle Cloud Native Application DevelopmentPart 1 of the REAL Webinars on Oracle Cloud Native Application Development
Part 1 of the REAL Webinars on Oracle Cloud Native Application Development
 
ITB2017 - Keynote
ITB2017 - KeynoteITB2017 - Keynote
ITB2017 - Keynote
 
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
Part 5 of the REAL Webinars on Oracle Cloud Native Application Development - ...
 
ow.ppt
ow.pptow.ppt
ow.ppt
 
ow.ppt
ow.pptow.ppt
ow.ppt
 
Ow
OwOw
Ow
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 

Más de Maarten Smeets

Google jib: Building Java containers without Docker
Google jib: Building Java containers without DockerGoogle jib: Building Java containers without Docker
Google jib: Building Java containers without DockerMaarten Smeets
 
Introduction to Anchore Engine
Introduction to Anchore EngineIntroduction to Anchore Engine
Introduction to Anchore EngineMaarten Smeets
 
R2DBC Reactive Relational Database Connectivity
R2DBC Reactive Relational Database ConnectivityR2DBC Reactive Relational Database Connectivity
R2DBC Reactive Relational Database ConnectivityMaarten Smeets
 
Performance Issue? Machine Learning to the rescue!
Performance Issue? Machine Learning to the rescue!Performance Issue? Machine Learning to the rescue!
Performance Issue? Machine Learning to the rescue!Maarten Smeets
 
Performance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMsPerformance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMsMaarten Smeets
 
Performance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMsPerformance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMsMaarten Smeets
 
VirtualBox networking explained
VirtualBox networking explainedVirtualBox networking explained
VirtualBox networking explainedMaarten Smeets
 
Microservices on Application Container Cloud Service
Microservices on Application Container Cloud ServiceMicroservices on Application Container Cloud Service
Microservices on Application Container Cloud ServiceMaarten Smeets
 
WebLogic Stability; Detect and Analyse Stuck Threads
WebLogic Stability; Detect and Analyse Stuck ThreadsWebLogic Stability; Detect and Analyse Stuck Threads
WebLogic Stability; Detect and Analyse Stuck ThreadsMaarten Smeets
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Machine learning with R
Machine learning with RMachine learning with R
Machine learning with RMaarten Smeets
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!Maarten Smeets
 
Oracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresOracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresMaarten Smeets
 
How to build a cloud adapter
How to build a cloud adapterHow to build a cloud adapter
How to build a cloud adapterMaarten Smeets
 

Más de Maarten Smeets (16)

Google jib: Building Java containers without Docker
Google jib: Building Java containers without DockerGoogle jib: Building Java containers without Docker
Google jib: Building Java containers without Docker
 
Introduction to Anchore Engine
Introduction to Anchore EngineIntroduction to Anchore Engine
Introduction to Anchore Engine
 
R2DBC Reactive Relational Database Connectivity
R2DBC Reactive Relational Database ConnectivityR2DBC Reactive Relational Database Connectivity
R2DBC Reactive Relational Database Connectivity
 
Performance Issue? Machine Learning to the rescue!
Performance Issue? Machine Learning to the rescue!Performance Issue? Machine Learning to the rescue!
Performance Issue? Machine Learning to the rescue!
 
Performance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMsPerformance of Microservice Frameworks on different JVMs
Performance of Microservice Frameworks on different JVMs
 
Performance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMsPerformance of Microservice frameworks on different JVMs
Performance of Microservice frameworks on different JVMs
 
VirtualBox networking explained
VirtualBox networking explainedVirtualBox networking explained
VirtualBox networking explained
 
Microservices on Application Container Cloud Service
Microservices on Application Container Cloud ServiceMicroservices on Application Container Cloud Service
Microservices on Application Container Cloud Service
 
WebLogic Stability; Detect and Analyse Stuck Threads
WebLogic Stability; Detect and Analyse Stuck ThreadsWebLogic Stability; Detect and Analyse Stuck Threads
WebLogic Stability; Detect and Analyse Stuck Threads
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
Machine learning with R
Machine learning with RMachine learning with R
Machine learning with R
 
WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!WebLogic Scripting Tool made Cool!
WebLogic Scripting Tool made Cool!
 
Oracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new featuresOracle SOA Suite 12.2.1 new features
Oracle SOA Suite 12.2.1 new features
 
How to build a cloud adapter
How to build a cloud adapterHow to build a cloud adapter
How to build a cloud adapter
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

WebLogic authentication debugging

  • 1. OGh Oracle Fusion Middleware Experience 2016 bij FIGI Zeist Maarten Smeets, 16-02-2016 Debugging WebLogic authentication
  • 2.
  • 3. Introduction • About AMIS – Located in the Netherlands – Oracle Award winning partner • About me – Senior Oracle Integration Consultant – Experience with Oracle SOA Suite since 2007 – Well certified (SOA, BPM, Java, SQL, PL/SQL among others) – Author more than 100 blog articles (http://javaoraclesoa.blogspot.com) @MaartenSmeetsNL https://nl.linkedin.com/in/smeetsm
  • 4. 4 Oracle Virtual Technology Summit http://www.oracle.com/technetwork/community/developer-day/index.html March 8, 2016, 18:30:00 CET • Database Application Development • Oracle DB12c Performance • MySQL • Java EE, Microservices and JPA • All about Java 8! • The Internet of Things • WebLogic 12.2.1 and Java EE • Operating Systems and Virtualization • Storage,SPARC, and Software Development
  • 5. Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
  • 6. 6 Why use an external Identity Store? Application WLS SOA WLS OSB WLS ADF WLS WCC • An application uses company internal users • Often internal users are already present in an Identity Store • Management organization in place • Single environment to manage users • Single account per user
  • 7. 7 Introduction OPSS Oracle Identity Store solutions • Oracle Unified Directory – Embedded Berkeley Database – LDAP proxy – Much faster read/write than ODSEE – Provides LDAP virtualization – Elastic scaling – Strategic Directory Server product – Designed to address current and future on-premise, mobile, and cloud needs • Oracle Directory Server Enterprise Edition – ODSEE 5.2 and 6.3 are in Sustaining Support – No new fixes will be created • Oracle Virtual Directory – Provides virtualization of different sources – OUD does not replace OVD • Oracle Internet Directory – Uses external Oracle DB – Used with Fusion Applications https://blogs.oracle.com/OracleIDM/entry/why_customers_should_upgrade_directory
  • 8. Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
  • 9. Introduction OPSS Identity Store Providers Authentication Authorization Credential Store Framework User / Role Service Provider Interface Layer OPSS APIs WebLogic Server JavaEE application Java SE application
  • 10. Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
  • 11. What to debug Identity Store WebLogic Console Application Authentication API Virtualization Platform security jps-config.xml jps-config-jse.xml system-jazn-data.xml config.xml web.xml weblogic.xml LDAP queries SSL/TLS Role mappings Organizational Units Authentication provider
  • 12. Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
  • 13. 13 Debug Weblogic authentication using an external client • Using an external client Apache Directory Studio
  • 15. 15 Debug WebLogic authentication Embedded LDAP • Login using: Bind DN / User: cn=Admin • Running by default on the AdminServer port • Check out cn=Config for LDAP server properties
  • 16. 16 Debug WebLogic authentication Embedded LDAP • Notice the use of dynamic groups
  • 17. 17 Debug WebLogic authentication Embedded LDAP • Notice the use of dynamic groups
  • 18. 18 Debug WebLogic authentication Authentication provider configuration • Select the authentication provider (as specific as possible) • JAAS Control flags • LDAP connection details • LDAP search behavior – Users – Static groups – Dynamic groups • Cache settings
  • 19. 19 Debug WebLogic authentication using Weblogic Console • JAAS Control flags – SUFFICIENT: if authentication is passed, no other authentication providers are evaluated. If it fails, they are – REQUIRED: the authentication provider is always called and authentication must succeed – OPTIONAL: passing authentication of this provider is optional. If all providers are optional, one needs to pass – REQUISITE: authentication has to succeed on this provider. After that providers of lower priority are evaluated
  • 20. 20 Debug Weblogic authentication Cache settings • How to uniquely identify an LDAP entry. The GUID Attribute • The GUID Attribute is used as cache key • Provider specific – OUD, OpenLDAP, ApacheDS: entryuuid – Active Directory: objectguid – OVD, OID: orclguid • Misconfiguration can lead to first login fail, second login success (cache issues)
  • 21. 21 Debug Weblogic authentication using Weblogic Console • Connection to external provider works • Server trust is established • User query works • Validating authentication details works
  • 22. 22 Debug Weblogic authentication using Weblogic Console • Dynamic group object class works • Group Base DN works • User Dynamic Group DN Attribute works • Dynamic Group Name Attribute works
  • 23. 23 Debug Weblogic authentication using log files LDAP connections LDAP queries
  • 24. 24 Demo • Embedded LDAP • How to create a user in an LDAP server • How to configure WebLogic server to use the server • Debug authentication using the console • Debug the authentication using the log files
  • 25. Agenda • Oracle Identity Stores • Introduction Oracle Platform Security Services (OPSS) • What to debug • How to debug WebLogic authentication • How to debug application authentication
  • 26. Debug application authentication Identity Store WebLogic Console Application Authentication API Authentication provider Virtualization Platform security jps-config.xml jps-config-jse.xml system-jazn-data.xml config.xml web.xml weblogic.xml LDAP queries SSL/TLS Role mappings Organizational Units
  • 27. 27 OPSS configuration files in $DOMAIN_HOME/config/fmwconfig • Java Platform Security: jps-config.xml (Java EE), jps-config.jse.xml (Java SE) login modules, authentication providers, authorization policy providers, credential stores and auditing services • jazn-data.xml, system-jazn-data.xml – users, groups and authorization policies • cwallet.sso – credentials used by the application • adapters.os_xml – LibOVD plugin configuration
  • 28. 28 Debug application authentication LibOVD • Present since 11.1.1.4. Seen several patches since then. Lightweight OVD alternative supplied with WebLogic Server. • FMW components which use OPSS can only use the first LDAP authentication provider LibOVD provides virtualization • Configuration Edit <DOMAINDIR>/config/fmwconfig/jps-config.xml manually or from Enterprise Manager Plugin configuration in <DOMAINDIR>configfmwconfigovddefaultadapters.os_xml http://fusionsecurity.blogspot.nl/2012/06/libovd-when-and-how.html
  • 29. 29 Debug application authentication LibOVD configuration • <DOMAINDIR>/config/fmwconfig/jps-config.xml Provides login modules, authentication providers, credential stores
  • 30. 30 Debug application authentication LibOVD configuration • The OPSS API only queries static groups by default. Not dynamic groups. • Use the LibOVD dynamic group plugin to present dynamic groups like static groups (configuration in <DOMAINDIR>configfmwconfigovddefaultadapters.os_xml) • Requires that the dynamic group has both the GroupOfUniqueNames and GroupOfURL objectclasses • Only one structural class is allowed per LDAP object • Fix by setting the superclass of GroupOfURLs to GroupOfUniqueNames http://www.ateam-oracle.com/oracle-webcenter-and-dynamic-groups-from-an-external-ldap-server-part-1-of-2/
  • 31. 31 Debug application authentication LibOVD debugging • Can be used when ADFLogger is used in application • Can be used for specific Weblogic Server component debugging such as oracle.ods.virtualization for LibOVD
  • 32. 32 Debug application authentication ADF Security • Application configuration files – web.xml Defines authorization constraints (valid-users) and set-up OPSS policy provider (JpsFilter) – weblogic.xml Maps valid-users to OPSS principal users
  • 33. 33 Demo • Use basic authentication in an ADF application
  • 34. 34 Debug application authentication ADF Security • Application configuration files – jazn-data.xml Contains development users / roles Application roles are granted to enterprise roles / users (from the OPSS API which uses the authorization provider). Resource permissions are granted to application roles or enterprise roles. – Test with: Java: ADFContext.getCurrent().getSecurityContext().isUserInRole(“role”) EL: #{securityContext.userInRole[‘role']} Users Enterprise roles Application roles Permissions Grants weblogic.xml jazn-data.xml
  • 35. 35 Debug application authentication ADF Security • <DOMAINDIR>/config/fmwconfig/ system-jazn-data.xml – OOTB file based policy store – Users, groups, authorization policies – CredentialAccessPermission – Change while WebLogic is down or from EM!
  • 36. 36 Debug application authentication JVM parameters • JVM parameters: – -Djps.auth.debug=true to get AccessControlException among other useful messages – -Djps.auth.debug.verbose=true to get a lot of debug messages http://docs.oracle.com/cd/E23943_01/core.1111/e10043/jpsprops.htm#JISEC2229
  • 37. 37 Debug application authentication Business Process Management • Authenticate with a user • User is member of (authentication provider) groups • Groups are granted (application) roles and organization units • Business Process Management uses application roles and organization units
  • 38. 38 Debug application authentication The Identity Service • Can I authenticate the user? – authenticateUser • Can I determine groups? – getGroups http://HOST:PORT/integration/services/IdentityService/identity?WSDL <ORACLE_HOME>/soa/soa/modules/oracle.soa.workflow_11.1.1/bpm-services.jar • Can I determine granted roles? – getGrantedRolesToUser • Can I determine organizational units? – use the Java API
  • 39. 39 Conclusion • Many debugging options available – Looking at WebLogic Console or application behavior – Using an external client for your authentication provider – Debug logging in WebLogic Server console – Log configuration in Enterprise Manager Fusion Middleware Control – Isolated tests such as IdentityService calls or Java API’s • It is important to know what is between your application and your authentication provider to structure your debugging efforts and trace at which layer things go wrong • WebLogic Console is relatively easy to debug compared to for example LibOVD. Application side debugging is often also not very difficult.

Notas del editor

  1. Recent awards: Oracle EMEA Middleware Partner of the Year, 3 times Oracle Netherlands Middleware partner of the year. One of the rare moments in the Netherlands when it isn’t raining.
  2. What to debug; understand the configuration required
  3. https://blogs.oracle.com/OracleIDM/entry/why_customers_should_upgrade_directory
  4. What to debug; understand the configuration required
  5. OPSS provides an abstraction layer application programming interfaces (APIs) that insulate developers from security and identity management implementation details (a developer does need to know and implement LDAP to use users and groups in his application)
  6. What to debug; understand the configuration required
  7. First part of the presentation is about the WebLogic Console to LDAP. Second part of about API to application. JPS, Java Platform Security and LibOVD virtualization. More specific what the configuration files do.
  8. What to debug; understand the configuration required
  9. Creating LDAP queries is errorprone and after most changes in authentication provider configuration, the server needs a restart
  10. Set the password of the Embedded LDAP in order to allow connecting to it. Great source of inspiration for configuring your own LDAP.
  11. Recommend using an external LDAP client. WebLogic Server requires restarts after changing authentication provider configuration. External client can be used to easily test queries. Apache Directory Studio is nice. Replace image
  12. Recommend using an external LDAP client. WebLogic Server requires restarts after changing authentication provider configuration. External client can be used to easily test queries. Apache Directory Studio is nice. Replace image
  13. A specific authentication provider because the generic LDAPAuthenticationProvider has some limitations. Cannot be the first authentication provider. Not supported in LibOVD. Changing configuration (such as LDAP queries) requires restart of the server -> config.xml. Testing the LDAP Connection During Configuration (12.2.1!) Similar to the JDBC connection testing, WebLogic Server tests the connection between the Authentication provider and the LDAP server. On the Provider Specific page, after you configure a new LDAP Authentication provider or make changes to an existing one, when you save your configuration changes, WebLogic Server tests the connection between this provider and the corresponding LDAP server. If the test succeeds, the configuration settings are saved and you may activate them. If the test fails, an error message is displayed indicating a problem. No configuration settings are saved.
  14. JAAS control flags. See http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG171. It is usual to have weblogic in the embedded LDAP, control flag set to sufficient and an external LDAP also set to sufficient. Components using the OPSS API without LibOVD only look at the first LDAP server (and only at static groups) so order is also important. When the user is not found, check if authentication provider containing the user is queried in the log. The order matters!
  15. Can be confirmed that the GUID Attribute is the cache key? Weblogic LDAPAuthenticator configuration; the GUID Attribute: http://javaoraclesoa.blogspot.nl/2014/12/weblogic-ldapauthenticator.html.
  16. Just by clicking around in the Weblogic Console, you can already detect several problems if present.
  17. If you can’t see users/groups, maybe the current user is not an Administrator but Monitor. Working does not mean it performs!
  18. You can see the LDAP server connection
  19. What to debug; understand the configuration required
  20. First LibOVD, then application security for ADF and BPM
  21. http://docs.oracle.com/cd/E25178_01/core.1111/e10043/idstoreadm.htm#JISEC9360 specifies LDAP idstore params. Not all work (JarScan + JD-GUI on WlsLdapIdStoreConfigProvider). Edit adapters.os_xml while WebLogic is down! OPSS API’s do not query dynamic groups by default: http://www.ateam-oracle.com/oracle-webcenter-and-dynamic-groups-from-an-external-ldap-server-part-2-of-2/. You can virtualize using LibOVD or OVD.
  22. Image from http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html. Application roles are granted to users or enterprise roles. Resource permissions are granted to application roles. Take care jazn-data.xml is merged into system-jazn-data.xml (but not testusers/roles) by ojdeploy. Ojdeploy can be called from Ant, Maven
  23. Also credential store access. This is the runtime policy store. http://secureandgo.blogspot.nl/2010/09/opss-artifacts-life-cycle-in-adf.html. If you want to use DB policy store instead of system-jazn-data.xml; https://redstack.wordpress.com/2011/10/29/soa11g-database-as-a-policy-store/
  24. http://www.redheap.com/2013/06/secure-credentials-in-adf-application.html
  25. Usually ADF and SOA/BPM run on individual servers. A good usecase to use the same authentication provider. SalesRep and BusinessPractices are
  26. Several other interesting API’s under soa-infra application. IdentityService (or FMW apps such as WCC)