I am trying to add a new custom authentication-provider with a WLST online-mode script but I get a class not found exception despite I can see my provider on the WL console.
This is the situation:
user_projects/domains/$DOMAIN_NAME/lib/ directory.Home > Security Realms > myrealm > Providers > new> TypeBut I need to automate this step so I have created a WLST script for this. The relevant part of the WLST is this:
# add a new authentication provider with name of MyCustomAuthProvider
cd('/SecurityConfiguration/' + _domainName + '/Realms/myrealm')
cmo.createAuthenticationProvider('MyCustomAuthProvider', 'aa.bb.cc.MyCustomAuthProvider')
cd('/SecurityConfiguration/' + _domainName + '/Realms/myrealm/AuthenticationProviders/MyCustomAuthProvider')
cmo.setControlFlag('OPTIONAL')
# reorder authentication providers
...
But this WLST throws the following exception:
java.lang.RuntimeException: java.lang.RuntimeException: java.lang.ClassNotFoundException: aa.bb.cc.MyCustomAuthProvider
So I did double-check to see whether the WL sees my custom auth provider:
wls:/offline> connect('weblogic', 'weblogic12', 't3://localhost:7001')
cd('/SecurityConfiguration/myDomain/Realms/myrealm')
ls()
The list I got is exactly the same as I expected: my class is on the list. This is the reason why I can add it using the web console.
This is the value of the AuthenticationProviderTypes:
java.lang.String[com.bea.security.saml2.providers.SAML2IdentityAsserter,
aa.bb.cc.MyCustomAuthProvider,
eblogic.security.providers.authentication.ActiveDirectoryAuthenticator,
weblogic.security.providers.authentication.CustomDBMSAuthenticator,
eblogic.security.providers.authentication.DefaultAuthenticator,
weblogic.security.providers.authentication.DefaultIdentityAsserter,
eblogic.security.providers.authentication.IPlanetAuthenticator,
weblogic.security.providers.authentication.LDAPAuthenticator,
weblogic.security.providers.authentication.LDAPX509IdentityAsserter,
weblogic.security.providers.authentication.NegotiateIdentityAsserter,
weblogic.security.providers.authentication.NovellAuthenticator,
weblogic.security.providers.authentication.OpenLDAPAuthenticator,
weblogic.security.providers.authentication.OracleIdentityCloudIntegrator,
weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticator,
weblogic.security.providers.authentication.OracleUnifiedDirectoryAuthenticator,
weblogic.security.providers.authentication.OracleVirtualDirectoryAuthenticator,
weblogic.security.providers.authentication.ReadOnlySQLAuthenticator,
weblogic.security.providers.authentication.SQLAuthenticator,
weblogic.security.providers.authentication.VirtualUserAuthenticator,
weblogic.security.providers.saml.SAMLAuthenticator,
weblogic.security.providers.saml.SAMLIdentityAsserterV2]
Everything looks perfect. But then why WLST throws a class not found exception while trying to create it?
This is crazy.
I have googled for this, but only the same issues I have found without a solution.
What I missed?
At some point oracle has changed from using CLASSPATH to WLST_EXT_CLASSPATH to set the classpath for WLST. Oracle doesn't seem to have done a great job of documenting that this is the right env variable to use though. I found it by digging through the various sh scripts that wlst.sh calls, but this document for 12c refers to it, but seems to be the only place that it's mentioned.
I've tested this using 14.1.1 and a custom provider in the DOMAIN/lib/mbeantypes dir and it works (i.e. I can use WLST to configure a custom security provider as long as I set WLST_EXT_CLASSPATH first) but don't have 12c to test that it works there.