| Oracle® Fusion Middleware Security Overview 11g Release 1 (11.1.1) Part Number E12889-04 |
|
|
View PDF |
| Oracle® Fusion Middleware Security Overview 11g Release 1 (11.1.1) Part Number E12889-04 |
|
|
View PDF |
This chapter lists the most common security scenarios and tasks of interest to security administrators and developers. Links provide drill-down details on the concepts and how to implement security features in Oracle Fusion Middleware.
Topics include:
This section explains the products and deployment options for single sign-on in 11g Release 1 (11.1.1). Topics include:
Oracle Fusion Middleware supports many single sign-on options in 11g Release 1 (11.1.1). Oracle WebLogic Server provides single sign-on support through Security Assertion Markup Language (SAML) and Windows Native Authentication. In addition, identity assertion providers are also available for Oracle WebLogic Server to integrate with Oracle Access Manager which is the recommended enterprise-grade single sign-on solution from Oracle Identity Management. This offers a variety of choices for customers to choose from, depending on their needs.
See Also:
Configuring Single Sign-On in Oracle Fusion Middleware in the Oracle Fusion Middleware Application Security Guide
This section describes some common single sign-on scenarios in 11g Release 1 (11.1.1):
Setting up Oracle SOA or Oracle WebCenter 11g for the First Time
Setting up Oracle SOA or Oracle WebCenter 11g with existing Oracle Application Server
Setting up Oracle SOA or Oracle WebCenter 11g with 11g Portal, Forms, Reports or Discover
Setting up 11g Oracle Fusion Middleware with Oracle E-Business Suite
Delegating Authentication from Oracle Single Sign-On to Oracle Access Manager
This scenario involves setting up Oracle SOA or Oracle WebCenter 11g Release 1 (11.1.1) for the first time with no previous Release 10g Application Server deployments.
In this scenario the customer has no previous Oracle Application Server deployment. The recommended single sign-on solution is Oracle Access Manager which allows customer to use Oracle Internet Directory or other LDAP servers of choice as the user and group repository.
This scenario involves setting up Oracle SOA or Oracle WebCenter 11g Release 1 (11.1.1) with existing Oracle Application Server Release 10g deployment where Oracle Internet Directory and Oracle Single Sign-On are used.
The customer is currently using Oracle Internet Directory as the user and group repository and Oracle Single Sign-On as the single sign-on solution in the 10g deployment. The 11g Release 1 (11.1.1) Oracle SOA or Oracle WebCenter deployment continues to rely on this Oracle Internet Directory and Oracle Single Sign-On infrastructure for single sign-on and user repository.
Whether or not the customer has an existing 10g Oracle Application Server deployment, the 11g Release 1 (11.1.1) Portal, Forms, Reports and Discover only work with Oracle Internet Directory and Oracle Single Sign-On.
Because of the requirement in Section 5.1.2.3, "Setting up 11g Portal, Forms, Reports or Discover", this scenario also defaults to having Oracle Internet Directory and Oracle Single Sign-On as the recommended solution.
Oracle E-Business Suite 11/12 can integrate with Oracle Internet Directory and Oracle Single Sign-On. Where Oracle Internet Directory and Oracle Single Sign-On are used as an enterprise solution, they can continue to be used with 11g Release 1 (11.1.1) Oracle Fusion Middleware.
While many of the scenarios mandate Oracle Single Sign-On to be the single sign-on solution, it is possible to delegate the authentication to an Oracle Access Manager instance. The scenario positions Oracle Access Manager as the enterprise solution while supporting components that only integrate with Oracle Single Sign-On - by having Oracle Single Sign-On delegating all authentication requests to Oracle Access Manager. This is also known as the "bridge" solution and is applicable to all scenarios where Oracle Single Sign-On is mandatory. Please note that Oracle Internet Directory is required to be the user and group repository in all cases.
Table 5-1 lists the most common security tasks for the Oracle Fusion Middleware administrator, and the tool(s) used for each task.
Table 5-1 Common Security Tasks
| Frequency | Task Description | Tools | Notes |
|---|---|---|---|
|
One-time |
SSL enable Oracle HTTP Server, Oracle WebCache, Oracle Internet Directory, Oracle Virtual Directory and Oracle WebLogic Server |
Fusion Middleware Control for:
Keytool and WebLogic Server Administration Console for Oracle WebLogic Server |
|
|
Change Policy Store and Credential Store to Oracle Internet Directory |
Fusion Middleware Control, and Oracle Internet Directory commands |
||
|
Configure Oracle Access Manager as Single Sign-On for Oracle Fusion Middleware |
Fusion Middleware Control |
||
|
Configure Authenticators |
WebLogic Server Administration Console |
||
|
Set up keystore for Oracle Web Services Manager |
Java keytool utility |
||
|
Configure OPSS login modules (like Kerberos) for Oracle Web Services Manager |
Fusion Middleware Control |
||
|
Frequent |
Configure application security when deploying applications |
When deploying Oracle ADF or OPSS-based applications, use Fusion Middleware Control When deploying JavaEE applications, use WebLogic Server Administration Console |
|
|
Manage application role-to-enterprise group mapping after deploying application |
Fusion Middleware Control or WLST |
Applicable to Oracle ADF or OPSS-based applications. Can be scripted using WLST for frequent operations. |
|
|
Manage credentials used by the application |
Fusion Middleware Control or |
Applicable to Oracle ADF or OPSS-based applications. Can be scripted using |
|
|
Configure Oracle Web Services Manager policies for web services and clients |
Fusion Middleware Control |
||
|
Configure Oracle Web Services Manager client user credentials in OPSS Credential store |
Fusion Middleware Control or |
||
|
Attach/Detach Oracle Web Services Manager policies to web services and clients |
|||
|
Configure Audit Store |
|||
|
Configure Audit Policies |
Fusion Middleware Control or |
||
|
View audit reports for Fusion Middleware components |
Oracle Business Intelligence Publisher |
||
This section provides links to Oracle Fusion Middleware security documentation, including conceptual, administration, and development topics. Based on a develop-deploy-administer flow, it is organized in these sub-sections:
Developing with Oracle ADF
In the Oracle Fusion Middleware Documentation Library, see these items under Popular Tasks:
ADF Tasks
Security Tasks
Developing with Oracle Platform Security Services
Developing Authentication in the Oracle Fusion Middleware Application Security Guide
Developing Authorization in the Oracle Fusion Middleware Application Security Guide
Developing with the User and Role API in the Oracle Fusion Middleware Application Security Guide
Portlet Security
Securing Your WebCenter Application in the Oracle Fusion Middleware Developer's Guide for Oracle WebCenter
Programming Oracle WebLogic Server Security
Securing Web Applications in the Oracle Fusion Middleware Programming Security for Oracle WebLogic Server
Securing Enterprise JavaBeans (EJBs) in Oracle Fusion Middleware Programming Security for Oracle WebLogic Server
Developing Security Providers for Oracle WebLogic Server
Introduction to Developing Security Providers for WebLogic Server in the Oracle Fusion Middleware Developing Security Providers for Oracle WebLogic Server
Authentication Providers in the Oracle Fusion Middleware Developing Security Providers for Oracle WebLogic Server
Authorization Providers in the Oracle Fusion Middleware Developing Security Providers for Oracle WebLogic Server
Developing applications for Oracle Internet Directory, Oracle Directory Integration Platform, and Oracle Single Sign-On
Developing Applications for Oracle Identity Management in the Oracle Fusion Middleware Application Developer's Guide for Oracle Identity Management
Deploying JavaEE Applications
Deploying, Undeploying and Redeploying JavaEE Applications in the Oracle Fusion Middleware Administrator's Guide
Using Platform Security Services to Secure JavaEE applications
Manually Configuring JavaEE Applications to Use OPSS in the Oracle Fusion Middleware Application Security Guide
Security Administration in the Oracle Fusion Middleware Application Security Guide
Using JavaEE Security to Secure JavaEE Applications
Managing Security for Web Applications and EJBs in the Oracle WebLogic Server Administration Console Online Help
Using Declarative Security With Web Applications in Oracle Fusion Middleware Programming Security for Oracle WebLogic Server
Using Declarative Security With EJBs in Oracle Fusion Middleware Programming Security for Oracle WebLogic Server
Deploying Oracle Application Development Framework Applications
Deploying Secure Applications in the Oracle Fusion Middleware Application Security Guide
Managing Application Roles in the Oracle Fusion Middleware Application Security Guide
Managing Application Policies in the Oracle Fusion Middleware Application Security Guide
Securing Oracle WebLogic Server Web Services
When Should You Use Oracle WS-Security Policies? in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server
Configuring Message-Level Security in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server
Configuring Transport-Level Security in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server
Securing SOA Web Services
Understanding Oracle WSM Policy Framework in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services
Managing Web Services policies in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services
Attaching Policies to Web Services in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services
Configuring Policies in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services
Directory Administration
Getting Started With Oracle Internet Directory in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory
Getting Started with Administering Oracle Virtual Directory in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory
Directory Integration and Provisioning
Synchronization Using Oracle Directory Integration Platform in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform
Provisioning with the Oracle Directory Integration Platform in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform
Integrating with Third-Party Directories in the Oracle Fusion Middleware Administrator's Guide for Oracle Directory Integration Platform
High Availability
Configuring High Availability for Identity Management Components in the Oracle Fusion Middleware High Availability Guide
Java Applications
Oracle Single Sign-on - Configuring Oracle Single Sign-On in the Oracle Fusion Middleware Application Security Guide
Oracle Access Manager - Configuring Oracle Single Sign-On in the Oracle Fusion Middleware Application Security Guide
Oracle Identity Federation
Deploying Oracle Identity Federation in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation
Configuring Oracle Identity Federation in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation
Server Administration in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation
Coarse-Grained Authorization
OPSS Authorization and the Policy Store in the Oracle Fusion Middleware Application Security Guide
Fine-Grained Authorization
Creating an Entitlement Set in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Creating an Application Role in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Managing Delegated Applications in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Delegating With Administrator Roles in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Managing Application Resource Types in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Finding Objects with a Simple Search in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Mapping an External User to an Application Role in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
Mapping External Roles to an Application Role in the Oracle Fusion Middleware Administrator's Guide for Oracle Entitlements Server
SSL communication is available for Oracle Fusion Middleware components and applications in each tier:
SSL for the Web Tier
Enabling SSL for Oracle Web Cache Endpoints in the Oracle Fusion Middleware Administrator's Guide
Enabling SSL for Oracle HTTP Server Virtual Hosts in the Oracle Fusion Middleware Administrator's Guide
SSL for the Middle Tier
Configure SSL for Oracle WebLogic Server in the Oracle Fusion Middleware Administrator's Guide
Configure SSL for Oracle SOA Suite in the Oracle Fusion Middleware Administrator's Guide
Configure SSL for Oracle WebCenter in the Oracle Fusion Middleware Administrator's Guide
Configuring SSL for Oracle Identity and Access Management in the Oracle Fusion Middleware Administrator's Guide
SSL-enable Oracle Reports, Forms, Discoverer, and Portal in the Oracle Fusion Middleware Administrator's Guide
Client-side SSL for Applications in the Oracle Fusion Middleware Administrator's Guide
SSL for the Data Tier
Enabling SSL on Oracle Internet Directory Listeners in the Oracle Fusion Middleware Administrator's Guide
Enabling SSL on Oracle Virtual Directory Listeners in the Oracle Fusion Middleware Administrator's Guide
Configure SSL for the Database in the Oracle Fusion Middleware Administrator's Guide
Concepts and Administration
Introduction to Oracle Fusion Middleware Audit Framework in the Oracle Fusion Middleware Application Security Guide
Configuring and Managing Auditing in the Oracle Fusion Middleware Application Security Guide
Audit Reporting
For enterprise deployments, especially those taking advantage of the extensive auditing capabilities of Oracle Identity Management, it is highly recommended that you deploy a dedicated enterprise-class reporting solution. Oracle Business Intelligence Publisher provides such a solution with the flexibility, automation, and performance required for large-scale operations.
Several Oracle Identity Management components provide reports to enable you to keep track of audited events. See the following documents for details:
About Audit Reports and Oracle Business Intelligence Publisher in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service.
Oracle Adaptive Access Manager Reports Reference in the Oracle Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager.
Using Reporting Features in the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.
Using Audit Analysis and Reporting in the Oracle Fusion Middleware Application Security Guide.
See Also:
Oracle Business Intelligence Publisher Administrator's and Developer's Guide for details about about using and managing Oracle Business Intelligence Publisher.Managing Log Files and Diagnostic Data in the Oracle Fusion Middleware Administrator's Guide
Diagnosing Problems with Oracle WSM Policy Manager in the Oracle Fusion Middleware Security and Administrator's Guide for Web Services
|
 Copyright © 2001, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
