Configure Authentication and Identity Assertion providers

WebLogic Server offers the following types of Authentication and Identity Assertion providers:

The WebLogic Authentication provider allows you to manage users and groups in one place, the embedded LDAP server. Note that the Administration Console refers to the WebLogic Authentication provider as the Default Authenticator.
Identity Assertion providers use token-based authentication. WebLogic Server provides the WebLogic Identity Assertion Provider (refered to in the Administration Console as the Default Identity Asserter), LDAP X.509 Identity Asserter, Negotiate Identity Asserter, and SAML Identity Asserter.
LDAP Authentication providers access external LDAP stores. WebLogic Server provides LDAP Authentication providers that access Open LDAP, Netscape iPlanet, Microsoft Active Directory and Novell NDS stores.
Note: You are not limited to these LDAP Authentication providers. To use an LDAP server other than the supported LDAP servers, choose the LDAP server type that has the closest defaults to the LDAP server you want to use and modify the attribute values accordingly.
DBMS Authentication providers access an external database management system. WebLogic Server provides for SQL Authentication Providers, Read-Only SQL Authentication Providers, and Custom DBMS Authentication Providers.
The WebLogic SAML Authentication provider enables authentication based on the Security Assertion Markup Language (SAML).
The NT Authentication provider for Windows NT domains.
The Realm Adapter Authentication provider accesses user and group information stored in compatibility security realms.

In addition, you can use a Custom Authentication provider which offers different types of authentication technologies. For more information, see Configure custom security providers.

Each security realm must have one at least one Authentication provider configured. The WebLogic Security Framework is designed to support multiple Authentication providers (and thus multiple LoginModules) for multipart authentication. Therefore, you can use multiple Authentication providers as well as multiple types of Authentication providers in a security realm. The Control Flag attribute determines how the LoginModule for each Authentication provider is used in the authentication process. For more information, see Set the JAAS control flag.

To configure an Authentication or Identity Assertion provider:

If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm).
Select Providers > Authentication and click New.
The Create a New Authentication Provider page appears.
In the Name field, enter a name for the Authentication provider.
From the Type drop-down list, select the type of the Authentication provider and click OK.
Select Providers > Authentication and click the name of the new Authentication provider to complete its configuration.
On the Configuration page for the Authentication provider, set the desired values on the Common and Provider-Specific tabs.
Repeat these steps to configure additional Authentication providers.
If you are configuring multiple Authentication providers, refer to Set the JAAS control flag.
To activate these changes, in the Change Center, click Activate Changes.
After you finish configuring Authentication providers, reboot WebLogic Server.

Administration Console Online Help

Configure Authentication and Identity Assertion providers