Contents

Title and Copyright Information

Preface

• Audience
• Related Documents
• Document Revision History
• Documentation Accessibility

1 Convergence Security Overview

• Basic Security Considerations
• Understanding the Convergence Environment
• Overview of Convergence Server Security
• Recommended Deployment Topologies
• Operating System Security
  • Firewall Port Configuration
• GlassFish Server Security
  • Accessing a Web Application Deployed on GlassFish Server
• Secure Sockets Layer (SSL)
  • Configuring SSL in Convergence
  • Configuring Authentication-Only SSL
  • Enabling SSL for Back-End Servers
  • Closing Non-SSL Connections
• LDAP Security

2 Performing a Secure Convergence Installation

• Installing Infrastructure Components Securely
• Installing Third-Party Service Applications Securely
• Credentials Needed to Install Convergence Components

3 Implementing Convergence Security

• Managing Security of Passwords
• Disabling SSLv3 on Front-End GlassFish Server Hosts
• Administering Encryption for Secure Authentication
• About Certificate-Based Authentication
  • Enabling SSL and Client Authentication for a Listener in GlassFish Server
  • Managing Certificates in GlassFish Server
    • Certificate Revocation Support in GlassFish Server
  • Configuring the Convergence Certificate Mapper
    • Mapper File Syntax
    • Mapper File Properties and Values
    • Sample certmap.conf Mapping
  • Enabling Certificate Authentication Support
• About Single Sign-On Security
• About Mail Encryption and Digital Signatures
• Detecting Security Attacks or Insecure System Use
  • Messaging Server Best Practices for Fighting Email Spam
  • Limiting Mail Delivery
  • Denying Denial of Service Attacks in Messaging Server
  • System Logging
• Securing Oracle Outside In Transformation Server

4 Security Considerations for Developers

• Writing a Custom Pluggable SSO Module
  • SSO Mechanism in Convergence
  • Implementing the Custom SSO Module
  • Configuration
    • About the sso.notifyserviceimpl Parameter
  • Custom SSO Implementation Example
  • Summary
• Writing a Custom Authentication Module
  • Basic Concepts
    • Convergence Authentication Framework
    • Contracts Defined by the Authentication Module
  • About the Sample Application
  • Implementing the Classes Required for the File-Based Authentication Store
  • How the Implementation Works
  • Compiling the Sample Custom Module
  • Configuring the Sample Custom Authentication Module
  • Deploying the Authentication Module in GlassFish Server
  • Debugging and Troubleshooting the Custom Authentication Module
  • Disabling the Custom Authentication Module
  • Summary

A Convergence Secure Deployment Checklist

• Secure Deployment Checklist