12 Configuring the WebLogic Authentication Provider

This chapter explains how to configure the WebLogic Authentication provider, also known as the DefaultAuthenticator.

This chapter includes the following sections:

About the WebLogic Authentication Provider

The WebLogic Authentication provider (also called the DefaultAuthenticator) uses WebLogic Server's embedded LDAP server to store user and group membership information and, optionally, a set of user attributes such as phone number, email address, and so on. This provider allows you to create, modify, list, and manage users and group membership in the WebLogic Server Administration Console. By default, most configuration options for the WebLogic Authentication provider are already defined. You should need to configure a WebLogic Authentication provider only when creating a new security realm. However, note the following:

  • The WebLogic Authentication provider is configured in the default security realm with the name DefaultAuthenticator.

  • User and group names in the WebLogic Authentication provider are case insensitive. For information about creating and managing users and groups in the WebLogic Server Administration Console, see "Manage users and groups" in the Oracle WebLogic Server Administration Console Online Help.

  • Ensure that all user names are unique.

  • Specify the minimum length of passwords defined for users that are stored in the embedded LDAP server, which you can by means of the Minimum Password Length option that is available on the Configuration > Provider Specific page for the WebLogic Authentication provider.

  • Users in the WebLogic Authentication provider can be modified to include a set of attributes. See Setting User Attributes.

  • If you are using multiple Authentication providers, set the JAAS Control Flag to determine how the WebLogic Authentication provider is used in the authentication process. See Using More Than One Authentication Provider.

Setting User Attributes

After you have defined a user in the WebLogic Authentication provider, you can set or modify for that user one more of the attributes listed in Table 12-1. These attributes conform to the user schema for representing individuals in the inetOrgPerson LDAP object class, described in RFC 2798.

Table 12-1 Attributes that Can Be Set for a User

Attribute Description

Two-letter ISO 3166 country code


Code for department to which the user belongs


Preferred name of the user


Numeric or alphanumeric identifier assigned to the user


Type of employment, which represents the employer to employee relationship


Facsimile (fax) telephone number


First name; that is, not surname (last name) or middle name


Home telephone number


Home postal address


Name of a locality, such as a city, county or other geographic region


Electronic address of user (email)


Mobile telephone number


Pager telephone number


Postal address at location of employment


Post office box


User's preferred written or spoken language


Full name of state or province


Physical location of user


User's telephone number in organization


Title representing user's job function

When you set a value for an attribute, the attribute is added for the user. Likewise, if you subsequently delete the value of an attribute, the attribute is removed for the user. The set of available attributes is limited to the preceding list, however. The attribute names cannot be customized.

These attributes can be managed for a user by operations on the UserAttributeEditorMBean, or viewed via operations on the UserAttributeReaderMBean.

For more information about setting, modifying, or viewing the attributes for a user created in the WebLogic Authentication provider, see "Manage values for user attributes" in Oracle WebLogic Server Administration Console Online Help.