Weblogic Authors: Yeshim Deniz, Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal

Related Topics: Java IoT, Weblogic

Java IoT: Article

WLST and Security Configuration

Using WLST to configure some of the latest security provisions

WebLogic Server Scripting Tool (WLST) provides powerful command-line capability for system administrators and developers to configure WebLogic server environments. However, its usage and adoption does not reach its full potential, seen at many working places, due to various reasons. This article gives a detailed example of using WLST to configure some of the latest security provisions (SAML 2.0) of WebLogic server, and provides insights on how to overcome the possible hurdles which prevent one from using the tool.

Why WLST and What's Stopping You?
Now it's not difficult to do a little research yourself and find out WLST is useful for configuring WebLogic server and Jython/Python itself is a popular scripting language, so why WLST is not used, or at least not consistently used, in many WebLogic projects, considering it has existed for quite some time.

After all, the benefits of using a scripting language in the task of setting up a server seem very appealing, in comparison to doing it using GUI console:

  • Do it once, and use the same script for multiple servers or multiple project environments, e.g. development, integration testing, staging, production;
  • Script runs faster than manual configuration;
  • Script is less error-prone;
  • Script can be easily source controlled;
  • Script is more apt to be consolidated into enterprise standard.

So what's stopping you?

The first reason is Jython. To do WLST, you need to create Jython scripts. However, that's a gray area between system administration and programming. It involves knowing physical environment, WebLogic server structure and internal objects (MBeans), application needs and structures, and most importantly putting everything together using Jython script. Neither administrators nor developers are very comfortable with handling this task alone.

Another reason is why scripting if there's an easy to use GUI console. Even so, when you navigate the object tree within WLST, some objects or operations are not easily found. While within WebLogic GUI console, what you're looking for is more handily available.

Furthermore, although there's some information on using the tool, including a detailed command list within WebLogic document, you still need to do your own research to figure out the details when scripting specific components you want.

The following sections address those concerns, as well as walking through an example on setting up SAML 2.0 related security components.

Learning Jython (or Not)
Jython is the Java implementation of the Python scripting language. Scripting language usually provides a faster to development programming environment and has a task oriented nature.

But do you really need to spend the next several months learning a new language (if you don't already know) before using WLST? It's actually not necessary if you're already programming savvy (Java, Shell, etc.). As you will see from the example, the essential functions for configuration are easy to understand, and with the help of WebLogic documentation, the WLST commands can be easily practiced with WLST interactive mode to get familiar with. You may also do some recording at the same time so the commands can later be put into a script file. With that experience, it should help you to learn details of the Jython language more easily should the need arise.

Console or Scripting or Both
WebLogic GUI console is a convenient tool for making configurations. However, when it comes time to move configuration from one environment to another, it becomes cumbersome. Writing scripts, on the other hand, can help you easily add a specific component across various enterprise environments without much hassle.

But you're not familiar with navigating through the object tree within WLST yet. Sometimes you feel it's difficult to find an object or operation.

The trick here is to use console as guidance when writing scripts. The navigation sequence in GUI console doesn't match totally to that of the command line, but close enough in many cases. You can also use ls() and cmo() (WLST commands) constantly in combination with hints got from GUI console to guess what path you should take to write the next piece of script.

A Real Example
If you can read a little about WebLogic MBean structure and SAML 2.0 technology, e.g. through the references listed in the end, it may help you to understand this section better. However, it's not necessary if you just want to have more understanding of WLST and get confident to start your own script. The example here assumes WebLogic 10.3, but the same idea should apply to other versions as well. Also, it only covers SAML token consumer, and not the identity provider.

Let's start by defining some common variables:

user = ‘administrator'

pwd = 'password'

serverPath = 't3://localhost:7001'

domainName = ‘TestDomain'

idpMetaFile = '/idp/security/metadata.xml'

Note: the metadata.xml is provided by SAML identity provider, which could be another WebLogic server, or a third-party provider.

Next, connect to the server:

connect(user, pwd, serverPath)

Now, create the essential SAML identity asserter and authenticator:


rlmPath = ‘/SecurityConfiguration/' + domainName + ‘/Realms/myrealm'



saml2iaName = "SAML2IdentityAsserter"

samlauthName = "SAMLAuthenticator"

cmo.createAuthenticationProvider(saml2iaName, "com.bea.security.saml2.providers.SAML2IdentityAsserter")

cmo.createAuthenticationProvider(samlauthName, "weblogic.security.providers.saml.SAMLAuthenticator")







Tip: in the above script, it changes WLST scripting mode to EDIT before continuing with the real setup. Although it's not absolutely accurate, you can get the clue when you need to click "Lock & Edit" before making the same configuration in GUI console.

The configuration you just made requires server restart, do it using script or manually, depending on how you customized your server startup script. Reconnect to server within WLST console after server restarts.

Now let's configure a WEB SSO partner for the SAML identity asserter created earlier:

iaPath = 'SecurityConfiguration/' + domainName + '/Realms/myrealm/AuthenticationProviders/SAML2IdentityAsserter'

cd (iaPath)

metapartner = cmo.consumeIdPPartnerMetadata(idpMetaFile)




Then setup federation service, which is required when using SAML tokens:



cd ('/Servers/AdminServer/SingleSignOnServices/AdminServer')












Tip: in the above script, the path to the SSO object is not very obvious. If you look at GUI console, it's "Federation Services / SAML 2.0 General". A little imagination helps here.

Great, now you got SAML 2.0 security setup! Configure security policy for your application and you're good to go.

WLST Better than Console
Since WLST is a more direct way to configure WebLogic server, it actually provides the benefit of more accurate results as well. Weblogic console is an application by itself and naturally can contain defects. When you keep on scratching your head because you cannot figure out why a seemingly correct configuration does not work, check it using WLST to find out the reason.

One example is when configuring WSS partner for SAML identity asserter, the "bearer" confirmation method is set but does not work. When checking using WLST, This turns out to be a GUI console defect in WebLogic 10.3.

Hopefully by now you understand WLST is an important tool for enterprise server configuration and most importantly you can start using it at any point during your project life cycle. You probably already have the necessary knowledge to start using the tool.

This article provides you with some guidance and tips on how to use WLST. It does so by giving an example of configuring SAML 2.0 SSO security, which is more recent technology and there's less examples on it. It shall give you more confidence to start writing scripts on other components as well.


More Stories By John Yu

John Yu has worked many years in the software industry mainly using Java/J2EE and related technologies. He has served various roles and is passionate about writing structured high performing software applications.

@ThingsExpo Stories
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
Organizations do not need a Big Data strategy; they need a business strategy that incorporates Big Data. Most organizations lack a road map for using Big Data to optimize key business processes, deliver a differentiated customer experience, or uncover new business opportunities. They do not understand what’s possible with respect to integrating Big Data into the business model.
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...