1. Installation and Configuration Guide
  2. Configure External Authentication Providers
  3. Configure Active Directory and OpenLDAP Authentication Providers
  4. Set the JAAS Control Flag

Set the JAAS Control Flag

The Java Authentication and Authorization Service (JAAS) Control Flag attribute assigned to each provider defines whether users must be authenticated by that provider.

The default value for this attribute is "Optional," but for STA, Oracle recommends setting it to "Sufficient" for each provider, including the DefaultAuthenticator.

  1. Make sure you have locked the active security realm from other users (see Lock the WebLogic Server Active Security Realm).
  2. In the Settings for myrealm control bar, select the Providers tab.
  3. In the Authentication Providers table, select the active link for the provider you want to update.

    IMPORTANT: You must set the control flag for all authentication providers, including the DefaultAuthenticator. Do not perform this procedure for the DefaultIdentityAsserter.

    Provider link selected in Authentication Providers table
  4. In the Control Flag menu, select Sufficient.
    Control Flag menu with Sufficient selected

    The "Sufficient" setting indicates that if the provider successfully authenticates a user, no additional authentication is required, and if the provider cannot authenticate the user, authentication continues to the next provider in the list. See Fusion Middleware Securing Oracle WebLogic Server for descriptions of all options for this attribute.

  5. Click Save.Proceed to Ensure Proper Order of Authentication Providers