Configuring the Virtual User Authentication Provider

17 Configuring the Virtual User Authentication Provider

Use the Virtual User Authentication provider to authenticate users who are not defined in the identity store that is configured in the Oracle WebLogic Server security realm.

This chapter includes the following sections:

About the Virtual User Authentication Provider

You use the Virtual User Authentication provider as part of the overall capability supported in WebLogic Server to authenticate users who are not defined in the identity store with which the security realm is configured. Instead, you create a virtual user whose identity is based on select attributes contained in an X.509 certificate, such as in the Subject DN.

For complete details about configuring and using virtual user authentication in a WebLogic domain, see Authenticating a User Not Defined in the Identity Store.

Note:

Virtual user authentication is supported only on network ports that are configured for 2-way SSL, with listening servlets using CLIENT-CERT authentication.

Virtual user authentication is not supported in topologies where:

SSL terminates at a front-end proxy
Requests are forwarded to a WebLogic Server instance in which SSL has not been enabled

Adding the Virtual User Authentication Provider to the Security Realm

You can use WebLogic Remote Console to add the Virtual User Authentication provider to a security realm.

To add and configure the Virtual User Authentication provider, follow the steps described in Configure an Authentication or Identity Assertion Provider in Oracle WebLogic Remote Console Online Help, making sure to select VirtualUserAuthenticator as the authentication provider type.
Re-order the authentication providers so that the Virtual User Authentication provider is listed first.
Set the JAAS control flag to SUFFICIENT. See Set the JAAS Control Flag in Oracle WebLogic Remote Console Online Help.
Save your changes.
Restart WebLogic Server.