Protecting WebLogic 10 Applications with Web Agent via reverse proxy

Document ID : KB000051281
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

I am protecting WebLogic 10 Applications with Web Agent located on a separate Apache Reverse Proxy. Once I am logged in by SiteMinder, I get an error 401 unauthorized by Weblogic, and if I refresh the screen, I get prompted by Weblogic to authenticate.

How can I integrate both ? Do I need to use ASA Agent on Weblogic?

Solution:

You can integrate both by disabling security on Weblogic 10 as setting this parameter:

enforce-valid-basic-auth-credentials

to false as:

<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>

in config.xml file. Then, SiteMinder Web Agent on the Apache Reverse Proxy will protect and manage authentication and authorization for your Applications.

If you need finer use of Weblogic and activating the security on it, you can then delegate the Authorization process to Weblogic installing on it the ASA Agent for Weblogic.