Reputation: 22716
WebLogic: add a new custom authentication-providers via WLST throws a ClassNotFoundException
I am trying to add a new custom authentication-provider with a WLST online-mode script but I get a class not found exception despite I can see my provider on the WL console.
This is the situation:
- I have a JAR file, it contains a custom WebLogic authentication-provider.
- The JAR is copied under the
user_projects/domains/$DOMAIN_NAME/lib/directory. - I can see the custom auth provider on the WL console, appears in the list:
Home > Security Realms > myrealm > Providers > new> Type - I can add this custom provider by hand via WL Console.
But I need to automate this step so I have created a WLST script for this. The relevant part of the WLST is this:
# add a new authentication provider with name of MyCustomAuthProvider
cd('/SecurityConfiguration/' + _domainName + '/Realms/myrealm')
cmo.createAuthenticationProvider('MyCustomAuthProvider', 'aa.bb.cc.MyCustomAuthProvider')
cd('/SecurityConfiguration/' + _domainName + '/Realms/myrealm/AuthenticationProviders/MyCustomAuthProvider')
cmo.setControlFlag('OPTIONAL')
# reorder authentication providers
...
But this WLST throws the following exception:
java.lang.RuntimeException: java.lang.RuntimeException: java.lang.ClassNotFoundException: aa.bb.cc.MyCustomAuthProvider
So I did double-check to see whether the WL sees my custom auth provider:
wls:/offline> connect('weblogic', 'weblogic12', 't3://localhost:7001')
cd('/SecurityConfiguration/myDomain/Realms/myrealm')
ls()
The list I got is exactly the same as I expected: my class is on the list. This is the reason why I can add it using the web console.
This is the value of the AuthenticationProviderTypes:
java.lang.String[com.bea.security.saml2.providers.SAML2IdentityAsserter,
aa.bb.cc.MyCustomAuthProvider,
eblogic.security.providers.authentication.ActiveDirectoryAuthenticator,
weblogic.security.providers.authentication.CustomDBMSAuthenticator,
eblogic.security.providers.authentication.DefaultAuthenticator,
weblogic.security.providers.authentication.DefaultIdentityAsserter,
eblogic.security.providers.authentication.IPlanetAuthenticator,
weblogic.security.providers.authentication.LDAPAuthenticator,
weblogic.security.providers.authentication.LDAPX509IdentityAsserter,
weblogic.security.providers.authentication.NegotiateIdentityAsserter,
weblogic.security.providers.authentication.NovellAuthenticator,
weblogic.security.providers.authentication.OpenLDAPAuthenticator,
weblogic.security.providers.authentication.OracleIdentityCloudIntegrator,
weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticator,
weblogic.security.providers.authentication.OracleUnifiedDirectoryAuthenticator,
weblogic.security.providers.authentication.OracleVirtualDirectoryAuthenticator,
weblogic.security.providers.authentication.ReadOnlySQLAuthenticator,
weblogic.security.providers.authentication.SQLAuthenticator,
weblogic.security.providers.authentication.VirtualUserAuthenticator,
weblogic.security.providers.saml.SAMLAuthenticator,
weblogic.security.providers.saml.SAMLIdentityAsserterV2]
Everything looks perfect. But then why WLST throws a class not found exception while trying to create it?
This is crazy.
I have googled for this, but only the same issues I have found without a solution.
What I missed?
Upvotes: 0
Views: 1565
Answers (2)
Reputation: 109
At some point oracle has changed from using CLASSPATH to WLST_EXT_CLASSPATH to set the classpath for WLST. Oracle doesn't seem to have done a great job of documenting that this is the right env variable to use though. I found it by digging through the various sh scripts that wlst.sh calls, but this document for 12c refers to it, but seems to be the only place that it's mentioned.
I've tested this using 14.1.1 and a custom provider in the DOMAIN/lib/mbeantypes dir and it works (i.e. I can use WLST to configure a custom security provider as long as I set WLST_EXT_CLASSPATH first) but don't have 12c to test that it works there.
Upvotes: 1
Reputation: 22716
I added my JAR to the WLST classpath, but this did not help.
- I changed the
CLASSPATHvariable because thewlst.shexecutes a java command in the background so this standard variable must be considered. It did not work. - I added the
-cpJVM param manually to the java command that starts the WlST. It did not work.
The only workaround that worked for me is that the following:
- for WL console: copy the JAR that contains the custom authentication provider under
$ORACLE_HOME/user_projects/domains/$DOMAIN_NAME/lib/directory - for WLST: copy the JAR to
$ORACLE_HOME/wlserver/server/lib/mbeantypes/
The 2nd copy solved the class not found issue thrown by the WLST.
If you know a better, more standard way, please let me know.
Upvotes: 0
Related Questions
- Custom Authentication Provider Not Being Called
- Authentication Provider : SecurityProvider service class name for XXXX is not specified in WL 12.1.3.0.0
- User failed to be authenticated in WebLogic
- Where is the class AuthenticatedSubject for WebLogic's programmatic authentication?
- PasswordDigest authentication fails in JAX-WS client running in WebLogic
- How to enable WebLogic digest authentication with WLST
- Why is WLST not recognizing the user/password in the key and config file in connect() call?
- Authentication Provider does not appear in the list of Authenticators in WebLogic Server Version: 12.1.3.0.0
- Creating a Custom Authentication Provider in Oracle WebLogic Server 12.1.2.0.0
- Weblogic 12c: Unable to add security token for identity, but works standalone