Release Notes
BEA WebLogic Enterprise Security Version 4.2 Release Notes for SP2
The following topics are covered is this section:
WebLogic Enterprise Security 4.2 Features and Changes
Welcome to BEA WebLogic Enterprise Security 4.2! As the world's leading application infrastructure company, BEA® supplies a complete platform for building, integrating, and extending J2EE applications to provide business solutions. Companies select the BEA WebLogic® PlatformTM as their underlying software foundation to decrease the cost of information technology, leverage current and future assets, and improve productivity and responsiveness.
Now, BEA is extending its Application Security Infrastructure by offering the BEA WebLogic Enterprise SecurityTM product line-a family of security solutions that provide enhanced application security and includes: policy-based delegated administration, authentication with single sign-on, consolidated auditing, and dynamic-role and policy-based authorization with delegation.
BEA WebLogic Enterprise Security products are designed with an open and flexible standards-based framework that enforces security through a set of security services. Resources and applications are protected by customizing these services to meet the specific requirements of your business.
This section covers the following topics:
What's New in BEA WebLogic Enterprise Security 4.2 SP2
The following topics describe what is new in this release:
Business Logic Manager API Support
In this release of WebLogic Enterprise Security, the Business Logic Manager (BLM) application programming interface (API) is supported. This centralized API is used for policy definition and provides programmatic access to the WebLogic Enterprise Security policy management infrastructure. This is a Java API that uses SOAP to communicate with the central management services. The API supports the majority of the functionality of the Administration Console (allowing for creating and management of users, groups, roles, resources, and resource policies); however, the BLM API does not support the distribution of either security configuration or policy. The Administration Console must be used for that purpose.
Support for New Types of Security Service Modules
In this release of WebLogic Enterprise Security, the following Security Service Modules (SSM) are supported:
- Microsoft Internet Information Services (IIS) 5.0 Web Server SSM (New)—Supported on the Microsoft Windows platform only.
- Apache 2.0.54 Web Server SSM (New)—Supported on Unix platforms only.
- Web Services SSM (New)
In this release, support continues for the following SSMs:
- WebLogic Server 8.1 SSM
- Java SSM
Support for Web Server Single Sign-on
In this release, Web server single sign-on (SSO) connections are supported. If a user authenticates to a Web server and then connects to another Web server in the same cookie domain, that user is not required to re-authenticate. Cross-domain SSO is not supported.
SSO is supported in the following use cases:
- Among Web server SSMs (bi-directional).
- From Web server SSMs to WebLogic Server 8.1 SSMs (uni-directional).
Support for Red Hat Advanced Server 3.0 (Update 4)
In this release, both the Administration Application and the Security Service Modules, with the exception of the IIS Web Server SSM, can be installed and used on the Red Hat Advanced Server 3.0 (Update) platform.
WebLogic Server 8.1 Service Pack Compatibility
The BEA WebLogic Enterprise Security Version 4.2 Service Pack 2 is certified as compatible with WebLogic Server 8.1, Service Pack 3 and Service Pack 4 (Service Packs 1 and 2 are not supported).
Supported Resources Types
In this release, the resource types listed in Table 1 are supported for each target system:
Table 1 Supported Resource Types
|
Target System
|
Supported Resource Types
|
|
Web Server
|
<url>
|
|
WebLogic Server 8.1
|
<url>, <ejb>, <jndi>, <com>, <svr>, <adm>, <jdbc>, <app>, <eis>, <jms>, <web>, <webservices>
|
|
WebLogic Portal 8.1
|
All WebLogic Server 8.1 resources plus <wlp>.
|
Supported Configurations
Table 2 lists the releases of BEA WebLogic Enterprise Security for each platform BEA supports. The BEA WebLogic Enterprise Security products run on the following platforms:
- Intel Pentium compatible with Microsoft Windows 2000 SP4 and later for Professional, Server, and Advanced Server
- SUN Microsystems Sparc with Solaris (version 8 or 9)
- Linux Red Hat Advanced Server 2.1 and 3.0 (Update 4)
Note: Windows XP is supported only as a platform to run the Administration Console. The Windows XP system display should be run in Classic Style to achieve compatibility with the Administration Console.
Table 2 lists the platform on which each WebLogic Enterprise core component is supported.
Table 2 WLES Core Components
|
Component
|
Platforms
|
|
Administration Console Browser
|
Microsoft Internet Explorer 6.0
|
|
Administration Server
|
Sun Solaris 8, 9 (32-bit)
Microsoft Windows 2000 SP4
Red Hat Advanced Server 2.1
Red Hat Advanced Server 3.0 Update 4 (32 bit)
|
|
Policy Store
|
Oracle 8.1.7, 9.2.0.5
Sybase 12.5
|
|
User Directory
|
Microsoft Windows NT Domain
Microsoft Active Directory1
SunONE Directory Server v5.2
Novell eDirectory v8.7.31
Open LDAP v2.2.24
Oracle 8.1.7 and 9.2.0.5
Sybase 12.5.2
|
Tab list the platforms on which each WebLogic Enterprise Security SSM is supported.
Table 3 WLES Security Service Modules (SSMs)
|
SSM
|
Platform Version(s)
|
Windows 2000
|
Solaris 8
|
Solaris 9
|
Red Hat AS 2.1
|
Red Hat AS 3.0 (Update 4)
|
|
IIS Web Server
|
IIS 5.0
|
Yes
|
No
|
No
|
No
|
No
|
|
Apache Web Server
|
ASF Apache 2.0.54
|
No
|
Yes
|
Yes
|
No
|
Yes
|
|
Web Services
|
NA
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
BEA WebLogic Platform
|
WLS 8.1 SP3, SP41
WLP 8.1 SP3, SP4
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Java
|
JDK 1.4.2
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
1.
Available with WLES 4.2 SP1 CP1.
Internationalization
WebLogic Enterprise Security 4.2 SP2 does not provide support for localization, either to support specific GUI languages or character code-sets. WebLogic Enterprise Security 4.2 SP2 has not been certified on internationalized operating systems or databases.
Known Issues in BEA WebLogic Enterprise Security 4.2 SP2
This section describes limitations in the current BEA WebLogic Enterprise Security, Version 4.2 Service Pack 2 and may include a possible workaround or fix, where applicable. If an entry includes a CR (Change Request) number, a possible solution may exist in a future BEA WebLogic Enterprise Security 4.2 release where BEA will provide vendor specific code to fix the problem. Refer to the CR number to conveniently track the solution as the problems are resolved.
Please contact your BEA Technical Support for assistance in tracking any unresolved problems. For contact information, see the section Contacting BEA Customer Support.
The following sections describe known issues in BEA WebLogic Enterprise Security 4.2 components:
Component Known Issues
Table 4 lists the known issues with the component.
Table 4 Component Known Issues
|
Change Request Numbers
|
Description
|
Release Fixed
|
|
CR106383
|
Printing the results of a Policy Inquiry or a Policy Verification may require clicking the Print button twice.
|
--
|
|
CR176792
|
When importing configuration data into the policy database, you must start a new instance of the Administration Console to view the imported configuration data.
|
|
|
CR203871
|
In a WebLogic Server Security Service Module that is using SPNEGO, a null pointer exception can occur if the Sun jgss security provider is not configured in the java.security file.
Workaround Add the following line to the jre/lib/security/java.security file: security.provider.5=sun.security.jgss.SunProvider
|
|
Installation Known Issues
Table 5 lists the known issues with the installation.
Table 5 Installation Known Issues
|
Change Request Number
|
Description
|
Release Fixed
|
|
CR241424
|
Uninstalling the WLES Administration Server and SCM does not remove the following directories:
Also, the uninstall program does not delete the following users and groups, which were created for WLES:
Workaround: Delete the directories, users and groups manually.
|
|
|
CR236155
|
On setup, the installer creates several users and groups (asiusers and asiadgrp). However, if the machine is in a domain or has a password policy, the installer will fail if the you enter a password that does not adhere to the domain password policy.
Workaround: Install the product on a stand-alone machine or check the password policy before you start the installer.
|
|
Administration Server Known Issues
Table 6 lists the known issues with the Administration Server.
Table 6 Administration Server Known Issues
|
Change Request Number
|
Description
|
Release Fixed
|
|
|
If out of memory or sluggish memory performance issues may occur with the Administration Application.
Workaround: Increase the heap size allocation (-Xmx512m) in the startWebLogic scripts.
|
--
|
|
CR241621
|
Sometimes Administration Console encounters socket write exceptions on WebLogic Server 8.1 SP4. These exceptions do not affect the functionality of the Administration Console.
|
|
Security Service Modules Known Issues
Table 7 lists the known issues with the Security Service Modules.
Table 7 Runtime Known Issues
|
Change Request Number
|
Description
|
Release Fixed
|
|
CR217354
|
The Security Service Module Start WLESarme menu option and the WLESarme.bat start command do not start the Security Service Module ARME process as a Windows service.
Workaround: On Windows platforms, use the Start WLESarme (console mode) menu option or the WLESarme.bat console command instead.
|
|
|
CR241207, CR241202, CR241200
|
Certain JAAS callbacks (textOutputCallback, languageCallback, choiceCallback, confirmationCallback) are not supported in SP2 Web Server SSMs.
|
|
|
CR241674
|
The SAMLXfer.shtml file is not in the IIS and Apache Web Server SSM kits. SAML SSO is not supported in the IIS and Apache Web Server SSMs for WLES 4.2 SP2, so the SAML parameters in the default.properties file for instances of IIS and Apache Web Server SSMs should not be used.
|
|
|
CR243097
|
Security Policy cannot be written against POST data, because the POST data is not currently being placed in the application context.
|
|
|
CR243751
|
Exceptions on ARME startup can be safely ignored.
You may see exceptions when starting an ARME process such as: !!!>>>Exception occurred while verifying signature for dir
Or: >>Exception /policyA: Unable to open file
|
|
Security Providers Known Issues
Table 8 lists the known issues with the security providers.
Table 8 Security Providers Known Issues
|
Change Request Number
|
Description
|
Release Fixed
|
|
CR178982
|
The Primary and Backup LDAP repositories must be configured to use the same distinguished name (DN).
|
--
|
|
CR178439
|
The ASI Authorization and ASI Role Mapping Engine are limited to four plug-in functions.
Workaround: If more extensions are needed, you need to implement, link, and initialize them.
|
--
|
Contacting BEA Customer Support
Your feedback on the product documentation is important to us. Send us e-mail at docsupport@bea.com if you have questions or comments. Your comments will be reviewed directly by the BEA professionals who create and update the product documentation.
In your e-mail message, please indicate that you are using the documentation for the BEA WebLogic Enterprise Security Version 4.2, SP2 release.
If you have any questions about this version of the BEA WebLogic Enterprise Security product, or if you have problems installing and running the product, contact BEA Customer Support through BEA Web Support at http://support.bea.com. You can also contact Customer Support by using the contact information provided on the Customer Support Card, which is included in the product package.
When contacting Customer Support, be prepared to provide the following information:
- Your name, e-mail address, phone number, and fax number
- Your company name and company address
- Your machine type and authorization codes
- The name and version of the product you are using
- A description of the problem and the content of pertinent error messages
