Go to primary content
Agile Product Lifecycle Management Security Guide
Release 9.3.6
E71146-01
Next
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Document Scope
1.1
Documentation Audience
1.2
Guide to this Document
2
Agile PLM Overview
3
Overview of Security Fundamentals
3.1
Basic Security Considerations
3.1.1
Keep Software Up-To-Date
3.1.2
Restrict Network Access to Critical Services
3.1.3
Follow the Principle of Least Privilege
3.1.4
Monitor System Activity
3.1.5
Keep Up To Date on Latest Security Information
4
Performing a Secure Agile PLM Installation
4.1
Understanding the Agile PLM Environment
4.2
Recommended Deployment Topologies
4.3
Determining Installation Flows Based on Security Needs
4.3.1
Agile Setup Without SSL or WSS Enabled
4.3.2
Agile Setup With Only SSL Enabled
4.3.3
Agile Setup With SSL and WSS Enabled
4.4
Prerequisites
Before Installing Agile PLM
4.4.1
Installing the Oracle Database Server
4.4.2
Installing Oracle Fusion Middleware 12.2.1.1
4.5
Installing Agile PLM
4.6
Optional Component Configuration
4.6.1
Configuring AutoVue (Optional)
4.6.2
Configuring MCAD Connectors (Optional)
5
Protecting Agile PLM Data
5.1
Password Policy
5.2
Configuring and Using Authentication
5.2.1
LDAP-based Authentication
5.2.2
SSO-based Authentication
5.2.3
Database-based Authentication
5.3
Configuring and Using Access Control
5.4
Configuring and Using Security Audit
5.4.1
User Monitor
5.4.2
History Tab
5.4.3
Log Files
6
Configuring SSL
6.1
Securing Agile PLM Application Using SSL
6.1.1
Generating WebLogic SSL Signature Key and Certificate Signing Request
6.1.2
Importing CA Certificate To WebLogic SSL Keystore
6.1.3
Generating WebLogic SSL Truststore
6.1.4
Configuring SSL on WebLogic Server
6.1.4.1
Configuring the Keystore on the Weblogic Server
6.1.4.2
Configuring the Identity of the WebLogic Server
6.1.4.3
Configuring SSL Listen Port for WebLogic Server
6.1.4.4
Verify SSL Configuration on WebLogic Server
6.1.4.5
Cluster Environment: Additional Configurations
6.1.5
Configuring SSL in the Agile PLM Application Server
6.1.5.1
HTTPOnly and SecureFlag Flags in agile.properties
6.2
Securing Agile PLM File Manager(s) Using SSL
6.2.1
Generating SSL Signature Key and Certificate Signing Request for File Manager
6.2.2
Importing CA Certificate To File Manager SSL Keystore
6.2.3
Configuring SSL on the File Manager
6.3
Configuring SSL on AutoVue Server
6.4
Configuring SSL on Distributed File Managers(DFMs)
6.5
Configuring SSL on AutoVue Client
7
Enabling Security for Web Services
7.1
Installing OWSM on the Agile Domain
7.2
Configuring WSS Policy for Agile PLM Web Services
7.3
Configuring Agile Server SAML Signature Key
7.4
Configuring WSS Policy for File Manager Web Services
7.4.1
Generating File Manager SAML Signature Key and Certificate Signing Request
7.4.2
Import Agile Server SAML Signature Certificate into File Manager Keystore
7.4.3
Import File Manager SAML Signature Certificate into Agile Server Keystore
7.4.4
Configure Trusted Issuer Using WSSConfigurator
7.4.4.1
Register Trusted SAML Issuer on Agile Server
7.4.4.2
File Manager Application SAML Configuration
7.5
Configuring WSS Policy For WSX
7.6
Configuring WSS Policy for Reference Object Web Service
7.6.1
Configure Server Policy for Reference Object WS
7.6.2
Configure Client Policy for Reference Object WS Client
8
Disabling Security
8.1
Disabling SSL
8.2
Disabling Web Services Security
A
Secure Deployment Checklist
B
Checklist for Configuring Web Services Security
B.1
A9 and File Manager Web Services Setup Checklist
B.2
Distributed File Manager Configuration Checklist
B.3
Autovue Configuration Checklist
C
SSL Security Configurations for Developers
C.1
SDK Client Configuration
C.1.1
Configuring SSL for SDK
C.2
Web Service Client Configuration
C.3
Web Service Extensions
D
WS Security Configurations for Developers
D.1
Configuring WSS for Web Service Client
D.1.1
Using Username Token Over SSL Policy
D.1.2
Using SAML Token Bearer Policy
D.1.2.1
Generate a SAML Signature Key
D.1.2.2
Configure SSL Certificate
D.1.2.3
Configure Sample Code
E
SSL Protocol and Signature Algorithm Changes
E.1
Signature Algorithm Changes
E.2
Deselecting SSL 3.0
E.2.1
Server Client Settings
E.2.1.1
Excluding SSL 3.0 on Oracle WebLogic Server 12c
E.2.1.2
Excluding SSL 3.0 on Tomcat 8.5
E.2.1.3
Excluding SSL 3.0 on WSS Configuration Tool Before Enabling WSS
E.2.2
User Client Settings
E.2.2.1
Disabling SSL 3.0 for Applets and Webstarts
E.2.2.2
Disabling SSL 3.0 for Java Applications
E.2.2.3
Disabling SSL 3.0 for Browsers
F
Setting up AutoVue 21.0.1 for HTTPS
F.1
Internet Explorer/Google Chrome
F.2
Mozilla Firefix
F.2.1
Using CCK2 to Import a Certificate
F.2.2
Using Certutil to Import a Certificate
F.3
Safari