WebLogic Server Support Pattern: Investigating Domain Trust Issues
(Doc ID 1332288.1)
Last updated on OCTOBER 02, 2024
Applies to:
Oracle WebLogic Server - Version 10.0 and later Information in this document applies to any platform.
Purpose
Problem Description
Intercommunication between two WebLogic Server domains results in a security exception.
NOTE: Examples of exceptions can be found in this document.
Why does trust need to be set between WLS domains?
During intercommunication between two WebLogic Server domains, caller identity (or kernel identity) is propagated from one domain to another domain. Since the subject is already authenticated in the calling domain, there is no need to authenticate the subject again in the second domain (server). To establish this kind of relationship, trust must be set between domains. EJB, JMS invocation from one server to another server, use of run-as for servlet or run-as-identity principal for EJBs from one server to another server are some examples of where trust needs to be set between domains. This is a requirement for interoperability between two domains. If there is no transaction context propagation requirement between two domains, there is no need to set the trust between the domains.
Troubleshooting Steps
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!