This chapter provides information about ALES built-in support for integration with specific environments.
ALES provides a number of built-in solutions for integration with the following environments:
Each of these integrations is based on an ALES Security Service Module.
Before a SSM can be integrated with a server, a SSM configuration that specifies the security providers must be created and the configuration must be bound to the SCM running on the same machine.
As shown in Figure 4-1, installation of ALES creates a default SCM configuration named adminconfig
that contains a SSM configuration and security providers used by the Administration Server itself.
If the SSM instance will be located on the same machine, you can use the SCM and create a SSM configuration under it. If on a separate machine, you must create a new SCM. For step-by-step instructions on managing SCM and SSM configurations, see the Administration Console help.
To create a SSM configuration:
The security providers needed depend on the requirements of the application. Installing a SSM deploys a JAR file that contains all ALES security providers. However, before any of the security providers can be used, you must use the Administration Console to configure them. You have the option of configuring either the security providers that ship with the product or custom security providers, which you may develop yourself or purchase from third-party security vendors. For more information on how to develop custom security providers, see Developing Security Providers for BEA AquaLogic Enterprise Security. For step-by-step instructions on managing providers, see the Administration Console help.
Note that the process of configuring security providers for the WebLogic Server 9.x SSM is different from that for other SSMs. For more information, see Configuring the WebLogic Server 9.x SSM.
Supports identity assertion using HTTP authentication tokens from the SPNEGO protocol. For more information, see Enabling SPNEGO-based Single Sign-on.
|
|
Accepts SAML assertions sent using the Browser POST Profile and returns the corresponding user. For more information, see Enabling SAML-based Single Sign-On.
|
|
Table 4-3 describes Authorization providers.
Table 4-4 describes Credential Mapping providers.
Returns a SAML assertion for an authenticated user. For more information, see Enabling SAML-based Single Sign-On.
|
|
Table 4-5 describes Role Mapping providers.
ALES includes two SSMs for integrating with WebLogic Server and other BEA applications:
The WebLogic Server SSMs integrate ALES with WebLogic Server and with BEA WebLogic Portal, AquaLogic Data Services Platform, and AquaLogic Service Bus. See the following chapters for more information about configuring ALES to work with those products: