I wrote my own custom authenticator and I want to use JAAS with it.
As far as I know, only default realm can be used with JAAS. So I added my authenticator
in addition to the default authenticator in myrealm and I set control flags to
SUFFICIENT in both authenticators.
I expect the authentication to succeed if any of those authenticators succeed.
During authentication I get error
javax.security.auth.login.FailedLoginException: Authenticaiton Failed: User XXX
denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImple.java:194)
It's ok, because the default LDAP doesn't have XXX user. But the problem is that
WL doesn't appear to run my authenticator at all (I put debug notes to check this).
What can be the problem ? Maybe I miss something?
Thanks in advance
Sufficient should work. Double check that both are marked as sufficient,
your provider
is defined in the default realm, and turn on debug - set the
DebugSecurityAtn="true" attribute
of the ServerDebug MBean. Then check out the log and see if the debug helps.
> Thanks in advance
>
to
subject = weblogic.security.services.Authentication.login("myrealm",new MyCallbackHandler(...));
Is it correct ?
Thanks
Marcin Stanski
Yes. The use of the Authentication class is needed to ensure that the
principals in the subject are
signed.
What is the problem you are still having?
Thanks for help
Marcin