Authentication providers are the default authentication mechanism in WebLogic Server and application security is implemented using a custom authentication provider. The Default Configuration for Oracle WebLogic Server section in the Cúram Security Handbook guide should be consulted for further details on this.
The application and WebLogic Server support the use of alternative authentication mechanisms, such as an LDAP directory server or a single sign-on solution. WebLogic Server provides authentication providers that can be configured to work with LDAP directory servers and for single sign-on solutions the third party vendor often produces a custom authentication provider to work with WebLogic Server. Where an alternative provider is to be used for authentication the Cúram authentication provider should only verify that users are valid for authorization purposes.
To configure the Cúram provider for identity only authentication the curam.security.check.identity.only property should be set to true in the AppServer.properties file before the configure target is run. The additional authentication providers should be configured manually after the configure target has been run.
The Identity Only Authentication section in the Cúram Security Handbook guide should be referenced for further details on this.
An optional property is available that will enable logging for the Cúram authentication provider. This property curam.security.login.trace, when set to true, results in tracing information being added to the WebLogic Server log file during the authentication process. This property should be set in the AppServer.properties file before the configure target is run.