e-docs > WebLogic Server > Administration Console Online Help > Security

Administration Console Online Help

 Previous Next Contents Index  

 

Default Identity Asserter --> General

Tasks     Additional Documentation     Attributes

Overview

Use this tab to configure an Identity Assertion provider for a security realm. JAAS LoginModules seek proof of an entity's identity based on usernames/passwords or identification devices inside the request; identity assertion involves establishing a client's identity through the use of client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username. Identity Assertion providers support perimeter authentication by passing tokens in HTML headers or cookies.

By default, the WebLogic Identity Assertion provider is configured. The WebLogic Identity Assertion provider supports identity assertion using X509 certificates and Common Secure Interoperability version 2 (CSIv2).

You can use a Custom Identity Assertion provider instead of the WebLogic Identity Assertion provider. For a Custom Identity Assertion provider to be available in the WebLogic Server Administration Console, the MBean JAR file for the provider must be in the WL_HOME\lib\mbeantypes directory.

Tasks

Choosing an Authentication Provider

Additional Documentation

(Requires an Internet connection.)

Introduction to WebLogic Security

Managing WebLogic Security

Programmimg WebLogic Security

Developing Security Providers for WebLogic Server

Securing a WebLogic Server Deployment

Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0

Security FAQ

The Security page in the WebLogic Server documentation

Attributes

Attribute Label

Description

Value Constraints

Name

The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.

Attribute: Name

Configurable: yes

Readable: yes

Writable: yes

Description

A short description of the WebLogic Identity Assertion provider.

Attribute: Description

Default: "Provider that performs identity assertion for certs and CSIv2"

Readable: yes

Version

The version number of the WebLogic Identity Assertion provider.

Attribute: Version

Default: "1.0"

Readable: yes

User Name Mapper Class Name

The name of the Java class that maps X509 digital certificates and X501 distinguished names to WebLogic user names.

Attribute: UserNameMapperClassName

Readable: yes

Trusted Client Principals

The list of trusted client principals to use in CSIv2 identity assertion. The wildcard character (*) can be used to specify all principals are trusted. If a client is not listed as a trusted client principal, the CSIv2 identity assertion fails and the invoke is rejected.

Attribute: TrustedClientPrincipals

Readable: yes

Supported Types

The token types supported by the WebLogic Identity Assertion provider.

Attribute: SupportedTypes

Default: new String[] { weblogic.security.spi.IdentityAsserter.AU_TYPE, weblogic.security.spi.IdentityAsserter.X509_TYPE, weblogic.security.spi.IdentityAsserter.CSI_PRINCIPAL_TYPE, weblogic.security.spi.IdentityAsserter.CSI_ANONYMOUS_TYPE, weblogic.security.spi.IdentityAsserter.CSI_X509_CERTCHAIN_TYPE, weblogic.security.spi.IdentityAsserter.CSI_DISTINGUISHED_NAME_TYPE }

Readable: yes

Active Types

The token types that are currently active.

Attribute: ActiveTypes

Readable: yes


 

Back to Top Previous Next