How to connect to SQL Server from WebLogic using Windows AD Kerberos Authentication? -

How to connect to SQL Server from WebLogic using Windows AD Kerberos Authentication? -

i have weblogic 11g (10.3.6) on linux server , sql server 2012 on windows 2012. create connection pool sql server weblogic using windows active directory kerberos authentication.

i looking steps accomplish above. found info in bits , pieces looking clear steps. help appreciated.

i have access weblogic 10.3.3. version numbers according that. principals same.

login through console lock , edit. if isn't production mode server, won't need this. go services > jdbc > info sources , click "new". give name , jndi name. don't need mention jndi name of import one. also, take "database type" "ms sql server". next you'll have take driver. didn't observe distribute transactions in question. thus, i'm assuming won't need "xa" driver. again, didn't see global transactions in quesiotn. in next step, disable it. next info database; name, host's ip, , port. if have named instance, add together name after ip this: \\instance_name. since want utilize kerberos, don't come in username , password. in next step, need tell datasource utilize kerberos. add together ";authenticationmethod=kerberos" end of url field. connection properties separated ";". example, jdbc:sqlserver://192.168.10.56:17888;authenticationmethod=kerberos next, specify servers in domain have access datasource. basically, specifying datasource's target servers.

side notes , other of import settings:

when specify "authenticationmethod" connection property value of "kerberos", username or password ignored. your database server must administered same domain controller administers weblogic server. under $wl_home/server/lib find krb5.conf (kerberos configuration file containing values kerberos realm , kdc name realm) , open in text editor. specify scheme properties java.security.krb5.realm , java.security.krb5.kdc. in windows active directory, kerberos realm name windows domain name , kdc name windows domain controller name.

the application , driver code bases must granted security permissions in security policy file of java 2 platform. this:

grant codebase "file:/wl_home/server/lib/-" { permission javax.security.auth.authpermission "createlogincontext.ddtek-jdbc"; permission javax.security.auth.authpermission "doas" permission javax.security.auth.kerberos.servicepermission "krbtgt/your_realm@your_realm", "initiate"; permission javax.security.auth.kerberos.servicepermission "mssqlsvc/db_hostname:sqlserver_port@your_realm", "initiate"; };

where:

wl_home directory in installed weblogic server. your_realm kerberos realm (or windows domain) database host machine belongs. db_hostname host name of machine running database. sqlserver_port tcp/ip port on microsoft sql server instance listening.

i must though don't think searched hard enough. because wrote here came online documentation:

http://docs.oracle.com/cd/e12839_01/web.1111/e13753/mssqlserver.htm

sql-server-2012 weblogic kerberos