> Integrating ALES with Application Environments

Integrating ALES with Application Environments

     Previous  Next    Contents  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Introduction

Document Scope and Audience

Guide to this Document

Related Documentation

Contact Us!

Securing ALES Components

Using the Administration Console

Default Database Objects

Creating a New Admin User

ALES Resources

Administrative Operations

Privileges

Context Attributes

Evaluation Functions

Authorization Queries

Enumerated Types

ALES Identities

Default Role Mapping Policies

Default Authorization Policies

Viewing Authorization Policies

Setting Up Application Security Administrators

Overview

Establishing a Resource Parent for the Application

Create Administrative Users

Identity Directories

Users and Groups

Policies for Application-Level Administration

Integrating ALES with Applications

Overview

Security Service Modules

SSM Security Providers

Integrating ALES with Other BEA Applications

Configuring the Web Server SSM

Understanding the Web Server SSMs

Web Server SSM Overview

Web Server Environmental Binding

Web Server SSM Features

Web Single Sign-on Capabilities

What is Web Single Sign-On?

Single Sign-On Use Cases

Single Sign-On with ALES Identity Assertion

Authentication Service Features

Authorization Service Features

Auditing Service Features

Role Mapping Features

Credential Mapping Features

Administration Features

Session Management Features

Configuration Features

Web Server Constraints and Limitations

Web Server SSM Integration Tasks

Configuring and Deploying Policy for the Web Server SSM

Creating Resources

Creating Policies

Modifying Admin and Everyone Role Mapping Policies

Configuring the Application Deployment Parent

Configuring the ALES Identity Assertion and Credential Mapping Providers

Distributing Policy and Security Configuration

Configuring the Web Server Environmental Binding

Configuring the Environmental Binding for the Microsoft IIS Web Server

Configuring the Microsoft IIS Web Server Binding Plug-In File

Configuring the NamePasswordForm.acc File for the IIS Web Server

Deploying and Testing the IIS Web Server Sample Application

Configuring the Environmental Binding for the Apache Web Server

Downloading and Installing the Apache Web Server

Configuring the ALES Module

Configuring the NamePasswordForm.html File for the Apache Web Server

Deploying and Testing the Apache Web Server Sample Application

Configuring Web Single Sign-on with ALES Identity Assertion

Configuring Web Server SSMs to Web Server SSMs for SSO

Configuring Web Server SSMs to WebLogic Server SSMs for SSO

Configuring Web Server SSM Properties

Session Settings

Authentication Settings

Mapping JAAS Callback Type to Form and Form Fields

Role Mapping Settings

Credential Mapping Settings

Naming Authority Settings

Logging Level Setting

Environment Variables Accessible Using CGI

Configuring the Web Services SSM

Overview of the Web Services SSM

ssmWorkshop

ssmNET

javaWebServiceClient

XACMLClient

Web Services Security Service APIs

Authentication Service

Authorization Service

Auditing Service

Role Mapping Service

Credential Service

Configuring and Deploying Policy for the Web Services SSM

Binding the Web Services SSM to a Web Services Client

Configuring SSL in the Web Services SSM

Configuring One-Way SSL

Configuring Two-Way SSL

Configuring a WS-SSM for Two-Way SSL

Configuring a Web Services Client for Two-Way SSL

Adding New Identity Assertion Types

Configuring the WebLogic Server 8.1 SSM

Location of the WebLogic Server Domain

Modifying the startWebLogic File

Defining Security Properties

Starting and Stopping Processes

Additional Post-Installation Considerations

Setting the Boot Login for WebLogic Server

Creating a WebLogic Boot Policy

Creating the User Identity

Creating Resources for WebLogic Server

Grant Server Resource to Admin Role

Grant Admin Role to WebLogic User/Group

Binding the Resource to the ASI Authorization Provider

Distributing the Policies to the Security Service Module

Creating a WebLogic Console Policy

Protecting Resources

Protecting a Cluster of WebLogic Servers

Security Configuration

Resource Configuration

Policy Configuration

Configuring the WebLogic Server 9.x SSM

Overview of the WebLogic Server 9.x SSM

Prerequisites for Configuring the WebLogic Server 9.x SSM

Configuring the WebLogic Server 9.x SSM: Main Steps

Console Extension for Security Providers in the WLS 9.x Console

Modifying the startWebLogic File

Configuring Security Providers for the WebLogic Server 9.x SSM

Configuring a WLS 9.x Security Realm for ALES

Using the WebLogic Server Console to Configure Security Providers

Using the ALES Administration Console to Configure Security Providers

Integrating with WebLogic Portal

Introduction

Integration Features

Supported Use-case Scenario

Constraints and Limitations

Integration Pre-Requisites

Integrating with WebLogic Portal 9.2: Main Steps

Creating the Portal Application Security Configuration

Using the WebLogic Server Console to Configure Security Providers

Modifying the Portal Server startWeblogic File

Integrating with WebLogic Portal 8.1: Main Steps

Creating the Portal Application Security Configuration

Binding the Security Configuration

Distributing the Security Configuration

Creating an Instance of the Security Service Module

Enrolling the Instance of the Security Service Module

Modifying the Portal Server startWeblogic File

Creating the security.properties File

Replacing the Portal p13n_ejb.jar File

Replacing the Portal p13n_system.jar File

Replacing the DefaultAuthorizerInit.ldift File

Configuring Policy for the Portal Application

Creating the Identity Directory and Users

Configuring Resources and Privilege

Creating the Realm Resource

Creating the Shared Resources

Creating the Console Resources

Creating the PortalApp Resources

Creating the Role Mapping Policy

Creating Authorization Policies

Policy for Visitor Entitlements to Portal Resources

Configuring Policy for Desktops

Configuring Policy for Books

Configuring Policy for Pages

Configuring Policy for Portlets

Configuring Policy for Look and Feels

Defining Policy for Portlets using Instance ID

Discovering Portal Application Resources

Distributing Policy and Security Configuration

Starting the WebLogic Portal Server

Configuring Portal Administration to Use the WebLogic Authenticator

Using Portal Administration Tools to Create a Portal Desktop

Accessing the Portal Application

Integrating with AquaLogic Data Services Platform

Introduction

Integration Features

Supported Use-case Scenario

Constraints and Limitations

Integration Pre-Requisites

Integrating with AquaLogic Data Services Platform: Main Steps

Enabling Elements for Access Control

Creating the WebLogic Server SSM Configuration

Binding the SSM Configuration

Distributing the SSM Configuration

Creating an Instance of the Security Service Module

Enrolling the Instance of the Security Service Module

Creating the WebLogic Server startWebLogicALES File

Creating the security.properties File

Configuring Policy for Data Services

Creating the Identity Directory and Users

Configuring Resources and Privilege

Creating the RTLApp Application Resources

Creating the ALDSP Resources

Creating the Role Mapping Policies

Creating Authorization Policies

Discovering Data Services

Distributing Policy and SSM Configuration

Starting the WebLogic Server

Accessing the ALDSP Application

Integrating with AquaLogic Service Bus

Introduction

Integrating with AquaLogic Service Bus: Main Steps

Integration Pre-Requisites

Creating the WebLogic Server SSM Configuration

Create an Instance of the Security Service Module

Enroll the Instance of the Security Service Module

Enable the Console Extension for Security Providers in the WLS 9.x Console

Modify the startWebLogic File

Configure ALES Security Providers in the WebLogic Administration Console

Configure the Security Realm

Configure a Database Authenticator

Configure an ASI Authorization Provider

Replace the Default Adjudicator with the ASI Adjudicator

Configure an ASI Role Mapper

Activate Changes

Configure ALES Security Providers in the ALES Administration Console

Create the weblogic User

Create a New SSM Configuration

Bind the Configuration to the SCM

Configuring Resources and Policies for ALSB

Configuring ALSB Resources

Creating a Regular Resource

Creating a Virtual Resource

Creating a Resource Binding Application and Distribution Point

Creating a Resource Tree

Discovering Services

Configuring ALSB Policies

Authorization Policy Examples

Role Mapping Policy Examples

Distribute Changes

Verify the Configuration Using the Performance Auditing Provider

Configure the PerfDBAudit Provider

Restart the Domain

Generate Data

Enabling SAML-based Single Sign-On

Overview

Configuring ALES as a SAML Assertion Consumer

Configuring ALES as a SAML Assertion Producer

Enabling SPNEGO-based Single Sign-on

Configuring Single Sign-On with Microsoft Clients

Requirements

Enabling a Web Service or Web Application

Configuring the SPNEGO Security Provider

Editing the Descriptor File

Configuring Active Directory Authentication

Utility Requirements

Configuring and Verifying Active Directive Authentication

Configure the Active Directory Authentication Provider

Configure the Client .NET Web Service

Configure the Internet Explorer Client Browser

Configure the Sites

Configure Intranet Authentication

Verify the Proxy Settings

Set the Internet Explorer 6.0 Configuration Settings

Authorization Caching

Understanding Authorization Caching

Configuring Authorization Caching

Authorization Caching Expiration Functions


  Back to Top       Previous  Next