bea.com | products | dev2dev | support | askBEA |
|
e-docs > WebLogic Server > Administration Console Online Help > Compatibility Security |
Administration Console Online Help |
WebLogic Identity Assertion Provider-->Details
When using 2-way SSL, WebLogic Server verifies the digital certificate of the Web browser or Java client when establishing an SSL connection. However, the digital certificate does not identify the Web browser or Java client as a user in the WebLogic Server security realm. If the Web browser or Java client requests a WebLogic Server resource protected by a security policy, WebLogic Server requires the Web browser or Java client to have an identity. The WebLogic Identity Assertion provider allows you to define a user name mapper that maps the digital certificate of a client to a user in a WebLogic Server security realm.
This user name mapper is a class that implements the weblogic.security.providers.authentication.UserNameMapper interface. You can either write your own implementation and configure it in the Administration Console or use the default implementation provided by WebLogic Server.
The WebLogic Identity Assertion provider calls the user name mapper class for the following types of identity assertion token types:
The default user name mapper uses the attributes from the subject DN of the digital certificate or the distinguished name to map to the appropriate user in the WebLogic Server security realm. For example, the user name mapper can be configured to map a user from the Email attribute of the subject DN (smith@bea.com) to a user in the WebLogic Server security realm (smith).
Use this tab to activate the default user name mapper and specify which attributes in a digital certificates are used to create the username. The attributes on the tab are defined as follows:
Configure a custom user name mapper on the Weblogic Identity Assertion Provider-->General tab.
Configuring a WebLogic Identity Assertion Provider
Introduction to WebLogic Security
Developing Security Providers for WebLogic Server
Securing a WebLogic Server Deployment
Upgrading Security in WebLogic Server Version 6.x to WebLogic Server Version 7.0
The Security page in the WebLogic Server documentation