Enable virtual user authentication

Before you begin

See Configure two-way SSL.
If you Enable automatic realm restart in the security realm, you do not need to restart WebLogic Server after enabling virtual user authentication.

Virtual user authentication is the means by which you can authenticate a user who is not defined in the identity store with which the security realm is configured, as explained in Authenticating a User Not Defined in the Identity Store.The subject corresponding to the virtual user is populated with information that is obtained from attributes in the user's certificate that is passed in when making the SSL connection to WebLogic Server.

To enable virtual user authentication:

If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
In the left pane, select Security Realms and click the name of the realm you are configuring.
Select Providers > Authentication and do one of the following:
- Click DefaultIdentityAsserter to modify the default WebLogic Identity Assertion provider already configured in the realm.
- Click New and create a new instance of the WebLogic Identity Assertion provider, as explained in Configure Authentication and Identity Assertion providers.
On the Configuration page for the Authentication provider, select the Common tab, and:
1. In the Active Types field, select the X.509 token type in the Available list box.
2. Click the right-arrow to move the X.509 token type to the Chosen list box.
Click Save.
Select the Provider-Specific tab and select both of the following:
- Virtual User Allowed
- Use Default User Name Mapper
Click Save.
To activate these changes, in the Change Center, click Activate Changes.

Result

Virtual users are enabled in the WebLogic Identity Assertion provider you have configured in the security realm.

After you finish

See Configure the Virtual User Authentication provider.

Administration Console Online Help

Enable virtual user authentication