> Securing WebLogic Server

Securing WebLogic Server

     Previous  Next    Contents  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Introduction and Roadmap

Document Scope

Document Audience

Guide to This Document

Related Information

Security Samples and Tutorials

Security Examples in the WebLogic Server Distribution

Additional Examples Available for Download

New and Changed Security Features

Overview of Security Management

Security Realms in WebLogic Server

Security Providers

Security Policies and WebLogic Resources

WebLogic Resources

Deployment Descriptors and the WebLogic Server Administration Console

The Default Security Configuration in WebLogic Server

Configuring WebLogic Security: Main Steps

Methods of Configuring Security

What Is Compatibility Security?

Management Tasks Available in Compatibility Security

Customizing the Default Security Configuration

Why Customize the Default Security Configuration?

Before You Create a New Security Realm

Creating and Configuring a New Security Realm: Main Steps

Configuring WebLogic Security Providers

When Do You Need to Configure a Security Provider?

Reordering Security Providers

Configuring an Authorization Provider

Configuring the WebLogic Adjudication Provider

Configuring a Role Mapping Provider

Configuring the WebLogic Auditing Provider

Auditing ContextHandler Elements

Configuration Auditing

Enabling Configuration Auditing

Configuration Auditing Messages

Audit Events and Auditing Providers

Configuring a WebLogic Credential Mapping Provider

Configuring a PKI Credential Mapping Provider

PKI Credential Mapper Attributes

Credential Actions

Configuring a SAML Credential Mapping Provider

SAML Credential Mapping Providers in WebLogic Server

Configuring Assertion Lifetime

Relying Party Registry

Configuring the Credential Lookup and Validation Framework

CertPath Provider

Certificate Registry

Configuring a WebLogic Keystore Provider

Configuring Authentication Providers

Choosing an Authentication Provider

Using More Than One Authentication Provider

Setting the JAAS Control Flag Option

Changing the Order of Authentication Providers

Configuring the WebLogic Authentication Provider

Configuring LDAP Authentication Providers

Requirements for Using an LDAP Authentication Provider

Configuring an LDAP Authentication Provider: Main Steps

Accessing Other LDAP Servers

Dynamic Groups and WebLogic Server

Configuring Failover for LDAP Authentication Providers

LDAP Failover Example 1

LDAP Failover Example 2

Improving the Performance of WebLogic and LDAP Authentication Providers

Optimizing the Group Membership Caches

Configuring Dynamic Groups in the iPlanet Authentication Provider to Improve Performance

Optimizing the Principal Validator Cache

Configuring the Active Directory Authentication Provider to Improve Performance

Configuring RDBMS Authentication Providers

Common RDBMS Authentication Provider Attributes

Data Source Attribute

Group Searching Attributes

Group Caching Attributes

Configuring the SQL Authentication Provider

Password Attributes

SQL Statement Attributes

Configuring the Read-Only SQL Authenticator

Configuring the Custom DBMS Authenticator

Plug-In Class Attributes

Configuring a Windows NT Authentication Provider

Domain Controller Settings

LogonType Setting

UPN Names Settings

Configuring Identity Assertion Providers

How an LDAP X509 Identity Assertion Provider Works

Configuring an LDAP X509 Identity Assertion Provider: Main Steps

Configuring a Negotiate Identity Assertion Provider

Configuring a SAML Identity Assertion Provider

Asserting Party Registry

Certificate Registry

Ordering of Identity Assertion for Servlets

Configuring Identity Assertion Performance in the Server Cache

Configuring a User Name Mapper

Configuring a Custom User Name Mapper

Configuring Single Sign-On with Microsoft Clients

Overview of Single Sign-On with Microsoft Clients

System Requirements for SSO with Microsoft Clients

Single Sign-On with Microsoft Clients: Main Steps

Configuring Your Network Domain to Use Kerberos

Creating a Kerberos Identification for WebLogic Server

Configuring Microsoft Clients to Use Windows Integrated Authentication

Configuring a .NET Web Service

Configuring an Internet Explorer Browser

Configure Local Intranet Domains

Configure Intranet Authentication

Verify the Proxy Settings

Set Integrated Authentication for Internet Explorer 6.0

Creating a JAAS Login File

Configuring the Identity Assertion Provider

Using Startup Arguments for Kerberos Authentication with WebLogic Server

Verifying Configuration of SSO with Microsoft Clients

Configuring Single Sign-On with Web Browsers and HTTP Clients

Overview of SAML-Based Single Sign-On

Single Sign-on with SAML: Main Steps

Configuring a SAML Source Site for Single Sign-On

Configure SAML Credential Mapping Provider

Configure Source Site Federation Services

Configure Relying Parties

Configure Supported Profiles

Assertion Consumer Parameters

Replacing the Default Assertion Store

Configuring a SAML Destination Site for Single Sign-On

Configure SAML Identity Assertion Provider

Configure Destination Site Federation Services

Enable the SAML Destination Site

Set Assertion Consumer URIs

Configure SSL for the Assertion Consumer Service

Add SSL Client Identity Certificate

Configure Single-Use Policy and the Used Assertion Cache or Custom Assertion Cache

Configure Recipient Check for POST Profile

Configuring Asserting Parties

Configure Supported Profiles

Configure Source Site ITS Parameters

Configuring Relying and Asserting Parties with WLST

Migrating Security Data

Overview of Security Data Migration

Migration Concepts

Formats and Constraints Supported by WebLogic Security Providers

Migrating Data with WLST

Migrating Data Using weblogic.admin

Managing the Embedded LDAP Server

Configuring the Embedded LDAP Server

Embedded LDAP Server Replication

Viewing the Contents of the Embedded LDAP Server from an LDAP Browser

Exporting and Importing Information in the Embedded LDAP Server

LDAP Access Control Syntax

The Access Control File

Access Control Location

Access Control Scope

Access Rights

Attribute Permissions

Entry Permissions

Attributes Types

Subject Types

Grant/Deny Evaluation Rules

Configuring Identity and Trust

Private Keys, Digital Certificates, and Trusted Certificate Authorities

Configuring Identity and Trust: Main Steps

Supported Formats for Identity and Trust

Obtaining Private Keys, Digital Certificates, and Trusted Certificate Authorities

Common Keytool Commands

Using the CertGen Utility

Using Your Own Certificate Authority

Converting a Microsoft p7b Format to PEM Format

Obtaining a Digital Certificate for a Web Browser

Using Certificate Chains (Deprecated)

Storing Private Keys, Digital Certificates, and Trusted Certificate Authorities

Guidelines for Using Keystores

Creating a Keystore and Loading Private Keys and Trusted Certificate Authorities into the Keystore

Configuring Demo Certificates for Clients

How WebLogic Server Locates Trust

Configuring Keystores for Production

Configuring SSL

SSL: An Introduction

One-Way and Two-Way SSL

Setting Up SSL: Main Steps

Using Host Name Verification

Enabling SSL Debugging

SSL Session Behavior

Configuring RMI over IIOP with SSL

SSL Certificate Validation

Controlling the Level of Certificate Validation

Accepting Certificate Policies in Certificates

Checking Certificate Chains

Using Certificate Lookup and Validation Providers

How SSL Certificate Validation Works in WebLogic Server

Troubleshooting Problems with Certificate Validation

Using the nCipher JCE Provider with WebLogic Server

Specifying the Version of the SSL Protocol

Configuring Security for a WebLogic Domain

Enabling Trust Between WebLogic Server Domains

Enabling Cross Domain Security Between WebLogic Server Domains

Configuring Cross-Domain Security

Configuring a Cross-Domain User

Configure a Credential Mapping for Cross-Domain Security

Enabling Global Trust

Using Connection Filters

Using the Java Authorization Contract for Containers

Viewing MBean Attributes

How Passwords Are Protected in WebLogic Server

Protecting User Accounts

Using Compatibility Security

Running Compatibility Security: Main Steps

Limited Visibility of Compatibility Security MBeans

The Default Security Configuration in the CompatibilityRealm

Configuring a Realm Adapter Authentication Provider

Configuring the Identity Assertion Provider in the Realm Adapter Authentication Provider

Configuring a Realm Adapter Auditing Provider

Protecting User Accounts in Compatibility Security

Accessing 6.x Security from Compatibility Security

Security Configuration MBeans

SSLMBean

ServerMBean

EmbeddedLDAPMBean

SecurityMBean

SecurityConfigurationMBean

RealmMBean

WindowsNTAuthenticatorMBean

CustomDBMSAuthenticatorMBean

ReadonlySQLAuthenticatorMBean

SQLAuthenticatorMBean

DefaultAuditorMBean

Compatibility Security MBeans

UserLockoutManagerMBean

Other Security Provider MBeans


  Back to Top       Previous  Next