How to implement container managed authentication with hashed password in weblogic 12c?

Question

Hi I have managed to implement container managed authentication in weblogic 12c with an SQLAuthenticator. I am successfully loging in with the users I create in the database when the password setting is set to PLAINTEXT in the provider specific sqlauthenticator settings and the database value is not encrypted.

If I am storing the user's password inside the database using the following code though I cannot login:

String encPass = "{SHA-1}" + new sun.misc.BASE64Encoder()
.encode(java.security.MessageDigest.getInstance("SHA1")
.digest(newUser.getPassword().getBytes()));

By providing the password "weblogic1" this value is stored in the db: {SHA-1}r49g3WeQasgoe6ODQ+5fa4Ic5tk=

In my SQLAuthenticator provider specific settings I have "Plaintext Passwords Enabled" set to false, "Password Style Retained" set to true, Password Algorithm: set to SHA-1.

When I run

request.login(email, password);

It throws the Authentication Failed exception...

What am I doing wrong?

Gregory Mallon Gregory Mallon · Accepted Answer · 2017-04-02T19:53:48

A little late, but I think I can answer this one for you.

From the sound of things, your code was in fact correct, however, as you discovered, your tables were not properly set up.

When configuring your RDBMS authentication, it is assumed that you have three tables in your DB, they are:

users (username, password, description)
groupmembers (group name, group member)
groups (group name, group description)

I expect you were mostly there, but lacking the description column for the "users" and "groups" tables was causing your problems.

You can check out this link from Oracle's online documentation for more info:

https://docs.oracle.com/cd/E21764_01/web.1111/e13707/atn.htm#SECMG195

How to implement container managed authentication with hashed password in weblogic 12c?

2 Answers