Administration Application Guide

Introduction to System Administration

About This Document

Audience

Product Documentation on the dev2dev Web Site

Overview of System Administration

Distributed Computing Security Infrastructure

Attributes

Security Protections for System Administration Tools

Administration Console

Failover and System Reliability

Understanding Failover

WebLogic Enterprise Security Failover Considerations

Failover Considerations for the Administration Server

Failover Considerations for the Database Server

Failover Considerations for a Security Service Module

Failover Considerations for a Service Control Manager

Understanding Database Replication

Database Replication in an Oracle Environment

Preparing for Oracle Database Replication

Master and Materialized View Site Requirements

Master Site Requirements

Materialized View Site Requirements

Requirements for the Machine Running the Replication Setup Scripts

Setting the Required Replication Setup Parameters

Setting Up Oracle Database Replication

Using Scripts to Set Up Oracle Database Replication

Setting Up Oracle Database Replication Manually

Using Scripts to Clean Up Oracle Database Replication

Cleaning Up the Oracle Database Replication Manually

Miscellaneous Oracle Database Replication Tasks

Database Replication in a Sybase Environment

Preparing for Sybase Database Replication

Privileges for the Primary and the Replicate ASE Servers

Primary ASE Server and Primary Database Requirements

Replicate ASE Server and Replicate Database Requirements

Requirements for the Machine Used to Run Sybase Database Replication Setup Scripts

Parameters Needed for Sybase Database Replication Setup

Setting Up Sybase Database Replication

Using Scripts to Set Up Sybase Database Replication

Setting Up Sybase Database Replication Manually

Setting up the Primary ASE Server and the Primary Database

Starting the ASE Replicator

Adding a Remote Server in Primary ASE Server for the Replicate ASE Server

Setting Up the Replicate ASE Server and the Primary Database

Setting up the Sybase Database Replication Process

Cleaning Up Sybase Database Replication

Using Scripts to Clean Up Sybase Database Replication

Cleaning Up the Sybase Database Replication Manually

Cleaning Up the Sybase Database Replication Process

Cleaning Up the Replicate ASE Server and Primary Database

Removing the Remote Server

Stopping ASE Replicator

Cleaning Up the Primary ASE Server and the Primary Sybase Database

Completing Sybase Database Replication Cleanup

Administration Policy

Security Roles

Dynamic Role Mapping

Understanding the Administration Policy

Admin Role

Deployer Role

Operator Role

Monitor Role

Everyone Role

Anonymous Role

Resources

Privileges

Context Attributes

Evaluation Functions

Authorization Queries

Enumerated Types

Default Admin Policy

Example Policy Customizations

Security Administration

Managing Security

Security Configuration

Resources

Resource Attribute

Privilege

Privilege Group

Identity

User

Group

Identity Attribute

Role

Role Policy

Policy

Policy Rule

Policy Inquiry

Policy Verification

Declarations

Deployment

What's Next?

Using the Console

Overview

Checking the Console Version Number

Setting Console Preferences

Starting the Administration Console

Logging out of the Administration Console

Using the Administration Console

Getting Help

Configuring the Administration Server for Failover

Additional BEA Documentation Available on the Internet

Starting and Stopping Services

Starting and Stopping Administration Server Processes On Windows

Starting and Stopping Administration Server Processes on Unix

Starting and Stopping Security Service Module Processes

Starting and Stopping Processes on Windows

Starting and Stopping Processes on UNIX

Start-Up Option on Linux Platforms

Configuring Secure Sockets Layer for a Production Environment

Some SSL Basics

Private Keys, Digital Certificates, and Trusted Certificate Authorities

One-Way SSL Versus Two-Way SSL

How WebLogic Enterprise Security Locates Trust

Configuring SSL

Obtaining Private Keys, Digital Certificates, and Trusted Certificate Authorities

Creating a Keystore and Loading Private Keys and Trusted Certificate Authorities

Common Keytool Commands

Using the ImportPrivateKey Utility

Configuring Keystores

Configuring One-Way SSL

Configuring Two-Way SSL

SSL Certificate Validation

Setting the Level of Certificate Validation

Checking Certificate Chains

Troubleshooting Problems with Certificates

Specifying the Version of the SSL Protocol

Enabling Single Sign On

Configuring Single Sign On with Microsoft Clients

Requirements

Enabling a Web Service or Web Application

Configuring the SPNEGO Provider

Editing the Descriptor File

Configuring the Active Directory Authentication

Configure the Active Directory Authentication Provider

Configure the Client .NET Web Service

Configure the Internet Explorer Client Browser

Configure the Sites

Configure Intranet Authentication

Verify the Proxy Settings

Set the Internet Explorer 6.0 Configuration Settings

Security Configuration

Overview

Security Configuration

Understanding the Service Control Manager

Configuring a Service Control Manager

Understanding the Security Service Module

Configuring a Security Service Module

Binding a Security Service Module to a Service Control Manager

Unbinding a Security Service Module from a Service Control Manager

Configuring Security Providers

Configuring an Authentication Provider

Changing the Order of Authentication Providers

Setting the JAAS Control Flag

Configuring an Open LDAP Authentication Provider

Configuring a Windows NT Authentication Provider

Configuring an Active Directory Authentication Provider

Configuring an iPlanet LDAP Authentication Provider

Configuring Failover for LDAP Authentication Providers

Configuring a Novell LDAP Authentication Provider

Configuring Failover for the Database Authentication Provider

Configuring a Database Authentication Provider

Oracle Database Configuration

Sybase Database Configuration

Specifying SQL Query Strings and Provider Extensions

Configuring an ALES Identity Assertion Provider

Configuring a SAML Identity Assertion Provider

Configuring a Single Pass Negotiate Identity Asserter

Configuring an X.509 Identity Assertion Provider

Configuring an ALES Credential Mapping Provider

Configuring a Database Credential Mapper

Configuring Failover for the Database Credential Mapper Provider

Configuring a SAML Credential Mapping Provider

Configuring an ASI Authorization Provider

Using the asipasswd Utility to Configure the Metadirectory Password

Configuring an ASI Adjudication Provider

Configuring an ASI Role Mapping Provider

Configuring a Resource Deployment Audit Provider

Configuring a Log4j Audit Channel Provider

Configuring a Custom Security Provider

Deleting a Security Provider

Configuring a WebLogic Server Security Service Module

Configuring the WebLogic Security Providers

Configuring the WebLogic Authentication Provider

Configuring the WebLogic Authorization Provider

Configuring a WebLogic Role Mapping Provider

Configuring the WebLogic Credential Mapping Provider

Performance and Caching

Understanding Authorization Caching

Configuring Authorization Caching

Authorization Caching Expiration Functions

Deployment

Understanding Deployment

Distributing Policy

Distributing Configuration

Distributing Structural Changes

Viewing Distribution Results

Viewing Deployment Status

Provider Extensions

What is a Provider Extension?

Authorization and Role Mapping Extensions

Using Java-Based Plug-ins

Using the Java-based Plug-in Interfaces

Resource Converter

Attribute Retriever

Attribute Converter

Using Language Extensions

Building an Extension

Deploying the Extension

Using the Extension

Custom Audit Plug-ins

Using the Custom Audit Plug-in

Audit Plug-in Renderer Class

Database Authentication Plug-in

Audit Events

What is an AuditEvent?

What Events are Audited?

Custom Audit Context Extensions

Audit Event Interfaces and Audit Events

AuditAtnEvent

AuditAtzEvent

AuditCredentialMappingEvent

AuditMgmtEvent

AuditPolicyEvent

AuditRoleDeploymentEvent

AuditRoleEvent

Admin Policy Audit Events

Additional Audit Event Interfaces

Authentication - AuditAtnEvent

Policy Deployment - AuditPolicyDeployEvent

Policy Undeployment - AuditPolicyUndeployEvent

Policy Events - AuditPolicyEvent

Role Mapping - AuditRoleEvent

Role Deployment - AuditRoleDeployEvent

Role Undeployment - AuditRoleUndeployEvent

Predicate Events - AuditPredicateEvent

ContextHandler Object

PolicyAdministrationEvent

Using Custom Audit Providers

Function Reference

Function Pointers

*CredFunc() - Custom Credential Function Pointer

Description

Syntax

Parameters

Returns

Example

See Also

*EvalFunc() - Custom Evaluation Function Pointer

Syntax

Parameters

Returns

Example

See Also

*ShutdownFunc () - Custom Shutdown Function Pointer

Syntax

Parameters

Returns

Example

See Also

*PluginInitFunc() - Plug-in Initialization Function Pointer

Syntax

Parameters

Returns

Example

registerCustomCredentialFunction() - Register Credential Function

Syntax

Parameters

Returns

Example

See Also

registerCustomEvaluationFunction() - Register Evaluation Function

Syntax

Parameters

Returns

Example

See Also

registerShutdownFunction() - Register Shutdown Function

Syntax

Parameters

Returns

Example

See Also

Session Class

Session::SetAttribute() - Append AttributeValue Object

Syntax

Parameters

Returns

Example

See Also

Session::getAttribute() - Get AttributeValue Object from Attribute

Syntax

Parameters

Returns

Example

See Also

Session::getEvalResult() - Get Evaluation Result

Syntax

Parameters

Returns

Example

See Also

Session::appendReturnData() - Return Evaluation Results

Syntax

Parameters

Returns

Example

See Also

Session::getDomainName() - Get Domain Name for the Session

Syntax

Parameters

Returns

Example

See Also

Session::getLocationName() - Get Location Name for Session

Syntax

Parameters

Returns

Example

See Also

Session::getApplicationName() - Get Application Name for Session

Syntax

Parameters

Returns

Example

See Also

Session::getUserID() - Get User Name for Session

Syntax

Parameters

Returns

Example

See Also

AttributeValue Class

Single Value

Lists of Values

Methods Common to Both Types

Internal Methods

AttributeValue::addValue() - Add and Set a String List Attribute Value

Syntax

Parameters

Returns

Example

See Also

AttributeValue::AttributeValue() - Constructor

Syntax

Parameters

Returns

Example

See Also

AttributeValue::entries() - Count Number of List Elements

Syntax

Parameters

Returns

Example

See Also

AttributeValue::getValue() - Get Single Attribute Value

Syntax

Parameters

Returns

Example

See Also

AttributeValue::has() - Check If Value is Already Present in a List

Syntax

Parameters

Returns

Example

See Also

AttributeValue::IsList() - Is Attribute Value an Indexed List?

Syntax

Parameters

Returns

Example

See Also

AttributeValue::IsSingle() - Is Attribute Value a Single Value?

Syntax

Parameters

Returns

Example

See Also

AttributeValue::isUndefined() - Is Attribute Value an undefined object?

Syntax

Parameters

Returns

Example

See Also

AttributeValue::setValue() - Set Single Attribute Value

Syntax

Parameters

Returns

Example

See Also

AttributeValue::removeAt() - Remove Indexed List Attribute Value

Syntax

Parameters

Returns

Example

See Also

AttributeValue::removeValue() - Remove Named List Attribute Value

Syntax

Parameters

Returns

Example

See Also

AttributeValue::size() - Count Number of List Elements

Syntax

Parameters

Returns

Example

See Also

AttributeValue [ ] Operator - Returns the Value of an Indexed String List Element

Contact BEA |  Feedback |  Privacy  |