Wednesday, September 26, 2012

Manully Change the WebLogic Security Authenticator Type

It's triggered by a configuration mistake on LDAP authenticator provider. I was trying to register the OpenLDAP store with Weblogic Server. But by mistake, I chose "LDAPAuthenticator" as the provider type  which should be "OpenLDAPAuthenticator".


















I didn't realize the mistake until I restarted the Admin server and got the errors - "JPS-00027: internal error You configured a generic WLS LDAPAuthenticator".


Caused By: oracle.security.jps.service.idstore.IdentityStoreException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: oracle.security.jps.JpsRuntimeException: JPS-00027: internal error You configured a generic WLS LDAPAuthenticator.
The identity store type cannot be determined. Please choose an LDAP Authentication provider that matches your LDAP server.
                at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getIdStoreConfig(LdapIdentityStoreProvider.java:199)
                at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.access$300(LdapIdentityStoreProvider.java:74)
                at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider$NoLibOvd.getInstance(LdapIdentityStoreProvider.java:246)
                at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:118)
                at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:74)
                Truncated. see log file for complete stacktrace
>
<Sep 26, 2012 11:03:39 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Sep 26, 2012 11:03:39 AM CDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Sep 26, 2012 11:03:39 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>


So the admin server cannot be started because of the wrong authenticator type. But here is how to manually change the authenticator type. Target $Domain_HOME/config/config.xml, you will find the following line:













The fix is to replace "wls:ldap-authenticatorType" with "wls:open-ldap-authenticatorType". What it does is to switch the authenticator type from LDAPAuthenticator to OpenLDAPAuthenticator. Here you go, start the admin server and the error is cleared.

13 comments:

Tarek Moukhtar said...

Thanks a million for the post :)

JayJay Zheng said...

You are most welcome!

Reminder said...

Thank you soo much
You are wonderful

Evan Evan said...

Thanx a billion

Anonymous said...

Thank you very much

Anonymous said...

this helped very much. thank you

Anonymous said...

saved my life, thanks!!!

Anonymous said...

Awesome...!

Michael Freeman said...

Saved me a lot of time!!! :)

Admir Nusinovic said...

Thanks a lot

Anonymous said...

Thanks a lot ...!!!

Uday Chauhan said...

Works well!!

Vasily Voronovich said...

great solution! Thank you!