How to update Weblogic Security parameters from back-end
Problem: The WebLogic Server Administration Console does not display the all parameter settings (e.g.: enforce-valid-basic-auth-credentials). You can use WebLogic Scripting Tool (WLST) commands to check, and edit the value in a running server.
Solution: Please use following scripts and commands to update enforce-valid-basic-auth-credentials to FALSE
$MW_HOME/oracle_common/common/bin/wlst.sh <<EOF connect('weblogic','password','t3://wls_server.domain:7001') cd('SecurityConfiguration') cd('base_domain') ls() edit() startEdit() startEdit() cd('SecurityConfiguration') cd('base_domain') set('EnforceValidBasicAuthCredentials','false') save() activate() exit() EOF |
Output details:
# Login to weblogic Linux/Unix Server with installation owner (e.g.: weblogic user, assuming MW_HOME env is set) $MW_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands wls:/offline> connect('weblogic','password','t3://wls_server.domain:7001') connect('weblogic','password','t3://wls_server.domain:7001') Connecting to t3://wls_server.domain:7001 with userid weblogic ... Successfully connected to Admin Server "AdminServer" that belongs to domain "base_domain".
Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. wls:/base_domain/serverConfig/> cd('SecurityConfiguration') wls:/base_domain/serverConfig/SecurityConfiguration> cd('base_domain') wls:/base_domain/serverConfig/SecurityConfiguration/base_domain> ls() dr-- CertRevoc dr-- DefaultRealm dr-- JASPIC dr-- Realms dr-- SecureMode
-r-- AdministrativeIdentityDomain null -r-- AnonymousAdminLookupEnabled false -r-- BootAuthenticationMaxRetryDelay 60000 -r-- BootAuthenticationRetryCount 0 -r-- ClearTextCredentialAccessEnabled false -r-- CompatibilityConnectionFiltersEnabled false -r-- ConnectionFilter null -r-- ConnectionFilterRules null -r-- ConnectionLoggerEnabled false -r-- ConsoleFullDelegationEnabled false -r-- Credential ****** -r-- CredentialEncrypted ****** -r-- CrossDomainSecurityEnabled false -r-- DowngradeUntrustedPrincipals false -r-- DynamicallyCreated false -r-- EnforceStrictURLPattern true -r-- EnforceValidBasicAuthCredentials true -r-- ExcludedDomainNames null -r-- Id 0 -r-- IdentityDomainAwareProvidersRequired false -r-- Name base_domain -r-- NodeManagerPassword ****** -r-- NodeManagerPasswordEncrypted ****** -r-- NodeManagerUsername nodemanager -r-- NonceTimeoutSeconds 120 -r-- Notes null -r-- PrincipalEqualsCaseInsensitive false -r-- PrincipalEqualsCompareDnAndGuid false -r-- RemoteAnonymousJNDIEnabled true -r-- Tags null -r-- Type SecurityConfiguration -r-- UseKSSForDemo false -r-- WebAppFilesCaseInsensitive false
-r-x findDefaultRealm WebLogicMBean : -r-x findRealm WebLogicMBean : String(realmDisplayName) -r-x findRealms WebLogicMBean[] : -r-x freezeCurrentValue Void : String(attributeName) -r-x generateCredential [B : -r-x getInheritedProperties String[] : String[](propertyNames) -r-x isInherited Boolean : String(propertyName) -r-x isSet Boolean : String(propertyName) -r-x unSet Void : String(propertyName)
If the domain settings displayed, contains the following entry: -r-- EnforceValidBasicAuthCredentials true
Then you must set this entry to false. To set the entry to false, use the WLST commands as follows: wls:/base_domain/serverConfig/> edit() Location changed to edit tree. This is a writable tree with DomainMBean as the root. To make changes you will need to start an edit session via startEdit(). For more help, use help('edit').
wls:/base_domain/edit/> startEdit() Starting an edit session ... Started edit session, be sure to save and activate your changes once you are done. wls:/base_domain/edit/ !> cd('SecurityConfiguration') wls:/base_domain/edit/SecurityConfiguration !> cd('base_domain') wls:/base_domain/edit/SecurityConfiguration/base_domain !> set('EnforceValidBasicAuthCredentials','false') wls:/base_domain/edit/SecurityConfiguration/base_domain !> save() Saving all your changes ... Saved all your changes successfully. wls:/base_domain/edit/SecurityConfiguration/base_domain !> activate() Activating all your changes, this may take a while ... The edit lock associated with this edit session is released once the activation is completed.
The following non-dynamic attribute(s) have been changed on MBeans that require server re-start: MBean Changed : com.bea:Name=base_domain,Type=SecurityConfiguration Attributes changed : EnforceValidBasicAuthCredentials
Activation completed wls:/base_domain/edit/SecurityConfiguration/base_domain> disconnect() Disconnected from weblogic server: AdminServer wls:/offline> exit()
Exiting WebLogic Scripting Tool |
References
https://docs.oracle.com/middleware/1213/wls/WLSTC/reference.htm#WLSTC122
About Me
I have 20 years of thorough experience in the Information Technology industry, specializing in Oracle Database, Fusion Middleware, OBIEE, Oracle E-Business Applications, Hyperion, UPK, Oracle Cloud & Virtualization Administration using Oracle Development / Administration / Management / Training tools on different platforms across industry, including C&IP (Manufacturing, Supply Chain Planning), HCM, Financials, and TMT, with knowledge in Project Management, Application Strategy, Software Development Lifecycle (SDLC), and Application Testing (Unit, System, Integration, UAT, and Performance). I worked on number of projects, implementing custom and ERP/CRM Oracle applications and used AIM/ Macro-scope methodology Project Documentation and version control. I used IT Service Management (ITSM) guidelines and ITIL framework on projects to manage Oracle Infrastructure.
Feedback, Comments, Questions?
Please provide your valuable feedback/comments and let me know if any questions? Feel free to contact me for any ORACLE technology assistance.
Contact: +91-9930920689 | Amit.Garg@redcircle.in | Linkedin