Script to configure security realm in weblogic

Oracle Weblogic Server

Below script can be used to do following things:

1) Creation of default authenticator
2) Creation of default asserter
3) Creation of saml asserter
4) To setup default authorizer, validator adjudicator, role mapper and credential mapper
5) To configure ldap provider

Please modify the script according to your need.

import os
adminUrl = 'xxx'
domainName = 'xxx'
realmName = 'TPRealm'
ldapProviderName = 'SunOneLdap'
if os.environ.has_key('wlsUserID'):
wlsUserID = os.environ['wlsUserID']
if os.environ.has_key('wlsPassword'):
wlsPassword = os.environ['wlsPassword']
if os.environ.has_key('ADMIN_URL'):
adminUrl = os.environ['ADMIN_URL']
if os.environ.has_key('DOMAIN_NAME'):
domainName = os.environ['DOMAIN_NAME']

ldapConfig = os.environ['DOMAIN_HOME']+ '/scripts/ldap_provider_config'
ldapSecret = os.environ['DOMAIN_HOME']+ '/scripts/ldap_provider_config_secret'
ldapPrincipal = 'cn=root,dc=business,dc=social,dc=techpaste,dc=com';
ldapHost = 'ldap.techpaste.com';

print 'connecting to admin server....' + adminUrl + ' setting up the realm ' + realmName
connect( url=adminUrl, adminServerName='AdminServer')
edit()
startEdit()

## setup default authenticator:
cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName)
cmo.createAuthenticationProvider('DefaultAuthenticator', 'weblogic.security.providers.authentication.DefaultAuthenticator')
cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName + '/AuthenticationProviders/DefaultAuthenticator')
cmo.setControlFlag('SUFFICIENT')
save()
activate(block="true")
print('----------------------------------------------------------------------------')
print('default authenticator created . . .')
print('----------------------------------------------------------------------------')
edit()
startEdit()
cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName)
cmo.createAuthenticationProvider('DefaultIdentityAsserter', 'weblogic.security.providers.authentication.DefaultIdentityAsserter')
cd('/SecurityConfiguration/' + domainName + '/Realms/'+ realmName + '/AuthenticationProviders/DefaultIdentityAsserter')
set('ActiveTypes',jarray.array([String('AuthenticatedUser')], String))
save()
activate(block="true")

print('----------------------------------------------------------------------------')
print('default asserter created . . .')
print('----------------------------------------------------------------------------')

edit()
startEdit()

cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName)
cmo.createAuthenticationProvider('federation_saml_asserter', 'weblogic.security.providers.saml.SAMLIdentityAsserterV2')

save()
activate(block="true")

print('----------------------------------------------------------------------------')
print('saml asserter created . . .')
print('----------------------------------------------------------------------------')

 

edit()
startEdit()
cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName)
cmo.createAuthorizer('XACMLAuthorizer', 'weblogic.security.providers.xacml.authorization.XACMLAuthorizer')
cmo.createPasswordValidator('SystemPasswordValidator', 'com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator')
cmo.createAdjudicator('DefaultAdjudicator', 'weblogic.security.providers.authorization.DefaultAdjudicator')
cmo.createRoleMapper('DefaultRoleMapper', 'weblogic.security.providers.authorization.DefaultRoleMapper')
cmo.createCredentialMapper('DefaultCredentialMapper', 'weblogic.security.providers.credentials.DefaultCredentialMapper')
save()
activate(block="true")
print('----------------------------------------------------------------------------')
print('setup default authorizer, validator adjudicator, role mapper and credential mapper - done.')
print('----------------------------------------------------------------------------')

 

print('----------------------------------------------------------------------------')
print('configuring ldap provider . . . ')
print('----------------------------------------------------------------------------')
edit()
startEdit()
## setup the ldap provider . . .
cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName)
cmo.createAuthenticationProvider(ldapProviderName, 'weblogic.security.providers.authentication.OpenLDAPAuthenticator')
## configure the ldap provider . . .
cd('/SecurityConfiguration/' + domainName + '/Realms/' + realmName + '/AuthenticationProviders/' + ldapProviderName)
cmo.setControlFlag('SUFFICIENT')
cmo.setPrincipal(ldapPrincipal)
cmo.setHost(ldapHost)
setEncrypted('Credential', 'Credential_660775881', ldapConfig, ldapSecret)
cmo.setGroupBaseDN('ou=groups,dc=business,dc=social,dc=techpaste,dc=com')
cmo.setUserBaseDN('ou=users,dc=business,dc=social,dc=techpaste,dc=com')
print('----------------------------------------------------------------------------')
print('configuring ldap provider . . . done')
print('----------------------------------------------------------------------------')
save()
activate(block="true")
print 'disconnecting from admin server....'
disconnect()
exit()

 

In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.

Leave a Reply