Error adding enforce-valid-basic-auth-credentials to config.xml

Question

I tried adding

  <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>

inside the <security-configuration> tag in config.xml of weblogic server 12.1.3 After I add this line my weblogic server goes to shutdown whenever i start up my server.

is there something wrong? I have attached my config.xml contents below

            <domain-version>12.1.3.0.0</domain-version>
              <security-configuration>
                <name>mdm_domain</name>
                <realm>
                  <sec:authentication-provider xsi:type="wls:default-authenticatorType">
                    <sec:name>DefaultAuthenticator</sec:name>
                  </sec:authentication-provider>
                  <sec:authentication-provider xsi:type="wls:default-identity-asserterType">
                    <sec:name>DefaultIdentityAsserter</sec:name>
                    <sec:active-type>AuthenticatedUser</sec:active-type>
                  </sec:authentication-provider>
                  <sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
                    <sec:name>XACMLRoleMapper</sec:name>
                  </sec:role-mapper>
                  <sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
                    <sec:name>XACMLAuthorizer</sec:name>
                  </sec:authorizer>
                  <sec:adjudicator xsi:type="wls:default-adjudicatorType">
                    <sec:name>DefaultAdjudicator</sec:name>
                  </sec:adjudicator>
                  <sec:credential-mapper xsi:type="wls:default-credential-mapperType">
                    <sec:name>DefaultCredentialMapper</sec:name>
                  </sec:credential-mapper>
                  <sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
                    <sec:name>WebLogicCertPathProvider</sec:name>
                  </sec:cert-path-provider>
                  <sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
                  <sec:name>myrealm</sec:name>
                  <sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
                    <sec:name>SystemPasswordValidator</sec:name>
                    <pas:min-password-length>8</pas:min-password-length>
                    <pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
                  </sec:password-validator>
                </realm>
                <default-realm>myrealm</default-realm>
                <credential-encrypted>{AES}lWxYlHpEqfbODbLmeerJr6H86R6+lvszW466UpoYzuyh6X617HokRf/oKl3cZJM+JTXliBWwXFhAiC9G3JrbxYNBkXMUGqFSOicuMVJVD0tTCuTr6sfY7UPK9M40Vi4n</credential-encrypted>
                <node-manager-username>weblogic</node-manager-username>
                <node-manager-password-encrypted>{AES}loTlWUtqsyw7sq4ujEhLVDaHCv/s7k22k0KSacFO/Ww=</node-manager-password-encrypted>
                <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> 
              </security-configuration>

Answer 1

My answer comes probably too late to help you, but it may help other people.

I met the same issue, and adding the 'enforce-valid-basic-auth-credentials' tag seems not to be enough.

Then, I added this flag via WLST :

connect('weblogicUser','weblogicPassword','t3://localhost:7001')
edit()
startEdit()
cd('SecurityConfiguration/Your_Domain')
set('EnforceValidBasicAuthCredentials','false')
save()
activate()

(Do not forget to edit with your weblogicUser, weblogicPassword, weblogic url and your domain in the 'cd' command...)

And after restarting my server, I looked in the config.xml file, and another tag has been added. Now, my config.xml file looks like that :

    .........
    <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
    <use-kss-for-demo>true</use-kss-for-demo>
</security-configuration>
............

But this use-kss-for-demo tag may depend on your weblogic configuration. So I strongly advise you to use the WSLT way to update this flag.

Answer 2

If you get schema validation error, add tags as in below order.

<security-configuration>
......
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-
credentials>
<use-kss-for-demo>true</use-kss-for-demo>
</security-configuration>

Answer 3

Inside the weblogic below path - /app/weblogic/Oracle/Middleware/Oracle_Home/oracle_common/common/bin

script cane be written like below-
disableBasicAuth.py

connect('weblogic','password','t3://localhost:7001')
edit()
startEdit()
cd('SecurityConfiguration/<domain name>')
set('EnforceValidBasicAuthCredentials','false')
save()
activate()

After save. Run the Script like - ./wlst.sh disableBasicAuth.py

Above steps will solve basic auth interception by weblogic.