19 Configuring the Virtual User Authentication Provider

Use the Virtual User Authentication provider to authenticate users who are not defined in the identity store that is configured in the Oracle WebLogic Server security realm.

This chapter includes the following sections:

About the Virtual User Authentication Provider

You use the Virtual User Authentication provider as part of the overall capability supported in WebLogic Server to authenticate users who are not defined in the identity store with which the security realm is configured. Instead, you create a virtual user whose identity is based on select attributes contained in an X.509 certificate, such as in the Subject DN.

For complete details about configuring and using virtual user authentication in a WebLogic domain, see Authenticating a User Not Defined in the Identity Store.

Note:

Virtual user authentication is supported only on network ports that are configured for 2-way SSL, with listening servlets using CLIENT-CERT authentication.

Virtual user authentication is not supported in topologies where:

  • SSL terminates at a front-end proxy

  • Requests are forwarded to a WebLogic Server instance in which SSL has not been enabled

Adding the Virtual User Authentication Provider to the Security Realm

You can use the WebLogic Server Administration Console to add the Virtual User Authentication provider to a security realm.

To add and configure the Virtual User Authentication provider using the WebLogic Server Administration Console, complete the following steps:

  1. Select realm-name > Configuration > Providers > Authentication, and select New.
  2. In the Create a New Authentication Provider page, enter a name for the provider, select VirtualUserAuthenticator in Type, and click OK.
  3. Re-order the authentication providers so that the Virtual User Authentication provider is listed first. See Re-order Authentication providers in Oracle WebLogic Server Administration Console Online Help.
  4. Select the Virtual User Authentication provider, and in the Configuration > Common page, select SUFFICIENT in the Control Flag field.
  5. Click Save.
  6. Restart WebLogic Server to have the changes take effect.