> Integrating ALES with Application Environments > Integrating ALES with Applications

Integrating ALES with Application Environments

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Integrating ALES with Applications

This chapter provides information about ALES built-in support for integration with specific environments.

 

Overview

ALES provides a number of built-in solutions for integration with the following environments:

Each of these integrations is based on an ALES Security Service Module.

 

Security Service Modules

Before a SSM can be integrated with a server, a SSM configuration that specifies the security providers must be created and the configuration must be bound to the SCM running on the same machine.

As shown in Figure 4-1, installation of ALES creates a default SCM configuration named adminconfig that contains a SSM configuration and security providers used by the Administration Server itself.

If the SSM instance will be located on the same machine, you can use the SCM and create a SSM configuration under it. If on a separate machine, you must create a new SCM. For step-by-step instructions on managing SCM and SSM configurations, see the Administration Console help.

Figure 4-1 Default SCM

To create a SSM configuration:

  1. Open the Security Configuration folder.
  2. Select Unbound Configurations in the navigation tree and click on Create a new Security Service Module Configuration in the right page.
  3. On the General tab, complete the following fields and click Create.

    4. Table 4-1 SSM Configuration ID
    Field
    Description
    Configuration ID
    This entry must match the SSM configuration ID that is specified when the SSM instance is created on the server machine. The configuration ID is the means by which the SSM receives it configuration from the SCM.
    Description
    (Optional) A brief description of the SSM.

 

SSM Security Providers

The security providers needed depend on the requirements of the application. Installing a SSM deploys a JAR file that contains all ALES security providers. However, before any of the security providers can be used, you must use the Administration Console to configure them. You have the option of configuring either the security providers that ship with the product or custom security providers, which you may develop yourself or purchase from third-party security vendors. For more information on how to develop custom security providers, see Developing Security Providers for BEA AquaLogic Enterprise Security. For step-by-step instructions on managing providers, see the Administration Console help.

Note that the process of configuring security providers for the WebLogic Server 9.x SSM is different from that for other SSMs. For more information, see Configuring the WebLogic Server 9.x SSM.

Table 4-2 Authentication Providers 
Provider
Description
WebLogic Authenticator
Authenticate users with WebLogic's embedded LDAP directory.
ALES Identity Asserter
Supports web server authentication and single sign-on between web server SSMs. Use this provider in conjunction with the ALES Credential Mapper.
Database Authenticator
Authenticates users using the ALES relational database provider.
Single Pass Negotiate Identity Asserter
Supports identity assertion using HTTP authentication tokens from the SPNEGO protocol. For more information, see Enabling SPNEGO-based Single Sign-on.
SAML Identity Asserter
Accepts SAML assertions sent using the Browser POST Profile and returns the corresponding user. For more information, see Enabling SAML-based Single Sign-On.
Open LDAPAuthenticator
Authenticates users using an Open LDAP directory.
Active Directory Authenticator
Authenticates users using Active Directory.
NTAuthenticator
Authenticates users using Windows NT authentication.
iPlanet Authenticator
Authenticates users using an iPlanet LDAP directory.
Novell Authenticator
Authenticates users using a Novell LDAP directory.
X509 Identity Asserter
Supports identity assertion through an X.509 digital certificate, supporting ASN.1 encoding and decoding

Table 4-3 describes Authorization providers.

Table 4-3 Authorization Providers
Provider
Description
WebLogic Authorizer
Authorizes access to resources based on WebLogic security policy.
ASI Authorization Provider
Authorizes access to resources based on ALES security policy.

Table 4-4 describes Credential Mapping providers.

Table 4-4 Credential Mapping Providers
Provider
Description
Database Credential Mapper
Returns authentication credentials for a user (username and password) from a database.
SAML Credential Mapper
Returns a SAML assertion for an authenticated user. For more information, see Enabling SAML-based Single Sign-On.
ALES Identity Credential Mapper
Supports web server authentication and single sign-on between web server SSMs. Returns a ALES assertion for an authenticated user.
Weblogic Credential Mapper
Returns authentication credentials for a user (username and password) from the Weblogic LDAP directory.

Table 4-5 describes Role Mapping providers.

Table 4-5 Role Mapping Providers
Provider
Description
ASI Role Mapper
Returns a set or roles granted to a user on a protected resource based on ALES security policies.
Weblogic Role Mapper
Returns a set or roles granted to a user on a protected resource based on WebLogic security policies.

 

Integrating ALES with Other BEA Applications

ALES includes two SSMs for integrating with WebLogic Server and other BEA applications:

The WebLogic Server SSMs integrate ALES with WebLogic Server and with BEA WebLogic Portal, AquaLogic Data Services Platform, and AquaLogic Service Bus. See the following chapters for more information about configuring ALES to work with those products:


  Back to Top       Previous  Next