19 Configuring the Virtual User Authentication Provider

This chapter explains how to configure the Virtual User Authentication provider, which you can use to authenticate users who are not defined in the identity store that is configured in the security realm.

This chapter includes the following sections:

• About the Virtual User Authentication Provider

• Adding the Virtual User Authentication Provider to the Security Realm

About the Virtual User Authentication Provider

You use the Virtual User Authentication provider as part of the overall capability supported in WebLogic Server to authenticate users who are not defined in the identity store with which the security realm is configured. Instead, you create a virtual user whose identity is based on select attributes contained in an X.509 certificate, such as in the Subject DN.

For complete details about configuring and using virtual user authentication in a WebLogic domain, see Authenticating a User Not Defined in the Identity Store.

Note:

Virtual user authentication is supported only on network ports that are configured for 2-way SSL, with listening servlets using CLIENT-CERT authentication.

Virtual user authentication is not supported in topologies where:

• SSL terminates at a front-end proxy

• Requests are forwarded to a WebLogic Server instance in which SSL has not been enabled

Adding the Virtual User Authentication Provider to the Security Realm

To add the Virtual User Authentication provider to the security realm using the WebLogic Server Administration Console, complete the following steps:

1. Select realm-name > Configuration > Providers > Authentication, and select New.
2. In the Create a New Authentication Provider page, enter a name for the provider, select VirtualUserAuthenticator in Type, and click OK.
3. Re-order the authentication providers so that the Virtual User Authentication provider is listed first. For information, see "Re-order Authentication providers" in Oracle WebLogic Server Administration Console Online Help.
4. Select the Virtual User Authentication provider, and in the Configuration > Common page, select SUFFICIENT in the Control Flag field.
5. Click Save.
6. Restart WebLogic Server to have the changes take effect.