Administration Application Guide
|
 |
 |
|
|
 |
 |
The Administration Console is a web browser-based, graphical user interface you use to manage application security and configure the BEA WebLogic Enterprise Security security service modules. Each module manages a separate policy domain that contains its own set of security providers. You deploy and manage your resources and policies as part of that policy domain.
These topics describe the types of console preferences you can set when working with the Administration Console. You can set the following preferences to control how the console displays information:
For information on how to use the console, see Using the Administration Console.
Secure Sockets Layer (SSL) provides secure two-way connections by allowing the Administration Application to communicate with other components over a network connection to authenticate by encrypting the data exchanged. Authentication allows a server and optionally a client to verify the identity of the application on the other end of a network connection. Encryption makes data transmitted over the network intelligible only to the intended recipient. For detailed information on how to configure SSL, see Configuring Secure Sockets Layer for a Production Environment.
To check the version of the Administration Console:
The Preferences tab allows you to customize the way the Administration Console displays information. This is very useful if your policy database contains a large amount of data. By defining filter strings and restricting the page size, you can limit the information displayed on a page. Preferences are saved automatically in a cookie on your local machine so they are remembered between sessions. You can define the number of records displayed on a page for any of the policy elements, based on:
Filter String - the default pattern to search for when retrieving policy elements
Page Size - the number of items displayed per page of results
To set the Administration Console preferences:
The Console Preferences page displays three tabs labeled Preferences, Failover and About. The Preferences tab allows you to customize the way the Administration Console displays information.
You can use special wildcard symbols to abbreviate names in searches, queries, and constraints. A wildcard behaves exactly like a file wildcard in DOS or Windows.
An asterisk (*) represents zero or more characters. For example, in a search, *Order would find the JobOrder but not JobOrders.
A question mark represents exactly one character. For example, a search for J?oe will find both JDoe and Jpoe but not JFloe.
Brackets [ ] mean match any character inside the brackets. For example, [Aac]* matches Apple, apple, and cat, but does not match Cat.
The default number of items displayed on a page is set to 50, except for Policies (inquiries and verifications), and Role Policies which is set to 20. If there are more items on the page than can fit on the screen, a scroll bar appears on the right side of the page. You can slide the scroll bar to view the policy elements on the page. To page through the entire collection of results, click the page up and page down buttons.
Note: If you want to restore the default settings for all policy elements, click Reset.
To ensure that your transactions are securely encrypted, the Administration Console uses Secure Socket Layers (SSL) to communicate with the administration server.
To start the Administration Console:
hostname - the Domain Name Server (DNS) name or IP address of the Administration Server.
port - the port number through which the administration server connects.
asi - the default virtual name for the Administration Console.
The Administration Console is configured to use demo certificates to connect to the Administration Server the first time. Secure Sockets Layer (SSL) provides secure two-way connections by allowing the Administration Application to communicate with other components over a network connection, encrypting the data exchanged. Authentication allows a server and optionally a client to verify the identity of the application on the other end of a network connection. Encryption makes data transmitted over the network intelligible only to the intended recipient. For detailed information on how to configure SSL, see Configuring Secure Sockets Layer for a Production Environment.
When the login page appears, enter a Username and the Password that is granted to one of the security roles with a login privilege.
If this is the first time you are logging into the console, enter the default Username (system) and Password (weblogic). Default administrators are configured on install and can be used for the initial login. Once you have started the console, you should set up additional administrative users or configure an Authentication provider to authenticate console users to an external authentication source such as LDAP or Microsoft Windows NT, and update the administration policy accordingly. You should also change the Username and Password for the system user.
The Administration Console allows administrators to edit configurations or perform other operations based on security roles granted by the administration policy. If your security role does not permit editing of configuration data, for example, the data is displayed in the Administration Console but is not editable. If you try to perform an operation that is not permitted, the Administration Console displays an Access Denied error. For information on the default security roles, see Administration Policy.
To log out of the Administration Console, do one of the following:
-or-
in the upper-right hand corner of the browser. This section describes the various components of the Administration Console and how to use them.
Figure 5-1 Administration Console Layout
|
The left panel of the Administration Console contains a navigation tree that you use to move from one console page to another. By selecting (left-clicking) a node (often referred to as a folder) in the tree, you can access the console pages related to that node, which then appear in the right panel of the console. If a node in the tree is preceded by a plus sign (+), you can click on the plus sign to expand the tree and access additional nodes. |
|
|
The name of the host or the IP address of the Administration Server, the corresponding port number, and the enterprise domain name. |
|
|
The page being displayed. Some pages display one or more tabs where you configure your policy or security service module. After you select a node or folder from the navigation tree, a list of objects that you can configure appears as either a branch of the tree or as a series of tabs in the right panel of the console. When you open a Security Configuration folder, one or more Service Control Manager folders appear, displaying the names of each Security Service Module you have configured and bound. Opening a Security Service Module folder displays the security providers for that module: Adjudication, Auditing, Authentication, Authorization, Credential Mapping and Role Mapping. When you create a new provider, the provider tab displays a page containing one or more tabs (two of these tabs are called General and Details). These tabs contain the configuration attributes or controls for defining your security providers. You change configuration data by editing the attributes displayed in the right panel. After you make your changes, you must click the Apply button before the changes take effect. Some attributes are displayed in a light gray indicating that you cannot change the value. An attribute may or may not be editable depending on the value of another attribute. Opening other policy element folders, such as Roles, Policy or Identity, allows you to manage those policy elements and design your authorization policy. Most tabs and pages have buttons that define what actions you can perform (New, Add, Edit, Delete, Apply). See the online help for details on how to use any page, tab, or button. Each page saves your results if you navigate to another page, and then returns you to that page. However, any data that you entered on that page, like provider configuration information, is not retained unless you save it by clicking the Apply button. |
|
|
The banner includes the name of the product and the following icons: The Administration Console home page is the first page displayed in the right panel when you start the console. You can always display this page by clicking the Home page icon in the banner area of the console. From this page, you can navigate quickly to the pages you use most frequently. You can also use the Navigation Tree to access these pages. The Help button displays the Administration Console online help. See Getting Help for additional assistance on this topic. Note: Context sensitive help is not supported in the Administration Console. The Refresh button refreshes the current page that you are working on, as well as all other data cached by the console. If you add a new policy element and it does not appear in the list immediately, you may need to click Refresh. The ASK BEA button displays the BEA customer support web page. You can use this page to submit a question directly to our customer support personnel, obtain answers through our FAQ, access additional documentation for your product, or join one of our news groups. The Close button provides a shortcut that lets you log you out of the Administration Console. |
Documentation on how to use the Administration Console is included with the product. To get help, click the Help button 
in the upper right-hand corner of the banner.
When you click the Help button, a new browser window opens containing help for the Administration Console. The text appearing in the right frame of the help window describes the functionality of the console page you have selected and may contain links to other related tasks.
Use the left frame of this window (the Navigation Tree) to navigate to other help topics using the Table of Contents, the alphabetical Index, or the Search function.
Use the <<<Back>> or <<Fwd>>> buttons to step through previously viewed pages.
For a list of general topics, click the Contents button and select a topic from the list displayed. The text of that topic appears in the right frame and a table of contents containing links to headings under that topic appears in the left frame.
Use the Print button to print the current topic.
You can install two administration servers: a primary and a secondary. The secondary administration server is only used as a backup when the primary becomes unavailable. You must install the secondary server before you can configure it for backup purposes. For information on installing a secondary server, see the BEA WebLogic Enterprise Security Administration Application Installation Guide.
To configure the Administration Server for failover:
This tab allows you to configure this Administration Server as either a primary or a secondary (backup) Administration Server. If this is a secondary server, you must specify all parameters so the primary server can be located and can periodically request a list of trusted entities. This mechanism keeps the primary and secondary synchronized so that the secondary server can be designated as the primary Administration Server if necessary. If this is a primary server, you don't need to do anything except ensuring that the Primary option is checked.
Additional documentation is also available on the BEA e-docs web site. Many help pages include links to related topics on the e-docs web site. These links are preceded with the label (e-docs). An Internet connection is necessary to view this documentation. BEA product documentation, along with other information about BEA software, is available from the BEA dev2dev web site: http://dev2dev.bea.com.
|
|
|
Home Page 
Refresh
BEA E-support