IdentityAsserter Creation Issue

[ds2000]

Hi Edwin,
I've come across a strange set of circumstances that may or may not be related to the module (I think the latter but maybe there is something I need to tweak to resolve it). This a Weblogic ADF domain without RCU.

We are trying to create an identity asserter via the module. This uses a custom JAR, the file is being loaded correctly and in WLST I can see the provider (nl.rsg.security.idms.providers.identity.IdmsIdentityAsserter)

cmo.getAuthenticationProviderTypes()
array(java.lang.String,['com.bea.security.saml2.providers.SAML2IdentityAsserter', 'nl.rsg.security.idms.providers.authentication.IdmsAuthenticator', 'nl.rsg.security.idms.providers.identity.IdmsIdentityAsserter', 'oracle.security.agent.access.filter.CloudSecurityAgentAsserter', 'oracle.security.jps.wls.providers.authentication.idm.CrossTenantAuthenticator', 'oracle.security.jps.wls.providers.trust.TrustServiceIdentityAsserter', 'oracle.security.wls.oam.providers.asserter.OAMIdentityAsserter', 'oracle.security.wls.oam.providers.authenticator.OAMAuthenticator', 'weblogic.security.providers.authentication.ActiveDirectoryAuthenticator', 'weblogic.security.providers.authentication.CustomDBMSAuthenticator', 'weblogic.security.providers.authentication.DefaultAuthenticator', 'weblogic.security.providers.authentication.DefaultIdentityAsserter', 'weblogic.security.providers.authentication.IPlanetAuthenticator', 'weblogic.security.providers.authentication.LDAPAuthenticator', 'weblogic.security.providers.authentication.LDAPX509IdentityAsserter', 'weblogic.security.providers.authentication.NegotiateIdentityAsserter', 'weblogic.security.providers.authentication.NovellAuthenticator', 'weblogic.security.providers.authentication.OpenLDAPAuthenticator', 'weblogic.security.providers.authentication.OracleIdentityCloudIntegrator', 'weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticator', 'weblogic.security.providers.authentication.OracleUnifiedDirectoryAuthenticator', 'weblogic.security.providers.authentication.OracleVirtualDirectoryAuthenticator', 'weblogic.security.providers.authentication.ReadOnlySQLAuthenticator', 'weblogic.security.providers.authentication.SQLAuthenticator', 'weblogic.security.providers.authentication.VirtualUserAuthenticator', 'weblogic.security.providers.saml.SAMLAuthenticator', 'weblogic.security.providers.saml.SAMLIdentityAsserterV2'])

When executing the wlst script within the module manually we see the following error

cmo.createAuthenticationProvider(name, providerclassname)
Traceback (innermost last):
  File "<console>", line 1, in ?
        at weblogic.management.jmx.MBeanServerInvocationHandler.newProxyInstance(MBeanServerInvocationHandler.java:645)
        at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:432)
        at com.sun.proxy.$Proxy60.createAuthenticationProvider(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)

java.lang.RuntimeException: java.lang.RuntimeException: java.lang.ClassNotFoundException: nl.rsg.security.idms.providers.identity.IdmsIdentityAsserterMBean

If I try to create the asserter manually in the console we get a different error that mentions schema verification failure. I can get around this error by ensuring both managed servers are shutdown. In this case, creating the asserter through the console works without error.

Back in WLST, if I ignore the error above and save() -> activatate() the asserter seems to be OK. It is almost like cmo.createAuthenticationProvider is trying to do something with the mbean that can only happen once a save and activate has happened. I'll open an SR with Oracle and feedback here if they have a solution.

Thanks

Dave