This chapter describes the security standards supported by WebLogic Server 12.1.3.
This chapter includes the following topics:
WebLogic Server supports the security standards shown in Table 3-1.
Table 3-1 WebLogic Server Security Standards Support
| Standard | Version | Additional Considerations |
|---|---|---|
|
JAAS |
JAAS version depends on the Java SE version. See |
|
|
JASPIC |
1.0 |
|
|
JACC |
1.4 |
|
|
JCE |
1.4 RSA JCE: Crypto-J V6.1.1 JDK 7 JCE provider (SunJCE) is also supported. nCipher JCE is also supported. |
See Chapter 36, "Using JCE Providers with WebLogic Server". See |
|
JSSE |
Default SSL implementation based on JDK 7 Java Secure Socket Extension (JSSE). RSA JSSE is also supported |
See Chapter 39, "Using the JSSE-Based SSL Implementation". See Using the RSA JSSE Provider in WebLogic Server. Note: Although JSSE supports Server Name Indication (SNI) in its SSL implementation, WebLogic Server does not support SNI. |
|
Kerberos |
Version 5 |
See Chapter 21, "Configuring Single Sign-On with Microsoft Clients". |
|
LDAP |
v3 |
See Chapter 14, "Configuring LDAP Authentication Providers". Also see Chapter 28, "Managing the Embedded LDAP Server". |
|
SAML |
1.1, 2.0 |
See Chapter 23, "Configuring SAML 1.1 Services". See Chapter 24, "Configuring SAML 2.0 Services". |
|
SPNEGO |
Specified by |
See Chapter 21, "Configuring Single Sign-On with Microsoft Clients". |
|
SSL |
v3. (WebLogic Server does not support SSL 2.0.) |
See Chapter 38, "Specifying the SSL Protocol Version" for version-specific information. |
|
SSO |
Via Microsoft Clients Via SAML |
See Chapter 21, "Configuring Single Sign-On with Microsoft Clients". See Chapter 22, "Configuring Single Sign-On with Web Browsers and HTTP Clients Using SAML". |
|
TLS |
v1.0, v1.1, v1.2. |
Note: Oracle recommends the use of TLS V1.1 or later in a production environment. See Chapter 38, "Specifying the SSL Protocol Version" for version-specific information. |
|
X.509 |
v3 |
WebLogic Server supports 4096-bit keys. (4096-bit keys may require substantially more compute time for some operations.) Certificates generated with CertGen have a default 2048-bit key size. You specify the key size with the The WebLogic Server demo CA has a 2048-bit key length. As of JDK 7u40, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. |
|
xTensible Access Control Markup Language (XACML) |
2.0 |
See Chapter 7, "Configuring Authorization and Role Mapping Providers". |
|
Partial implementation of Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML |
2.0 Specified by |
Table 3-2 lists the supported FIPS versions and cipher suites.
Table 3-2 Cipher Suites and FIPS 140-2 Supported Versions
| Standard | Version | Additional Considerations |
|---|---|---|
|
FIPS 140-2 |
RSA Crypto-J V6.1.1 RSA SSL-J V6.1.2 RSA Cert-J V6.1.1 |
See Chapter 37, "Enabling FIPS Mode". You can also use the RSA JSSE and JCE providers in non-FIPS mode: |
|
Cipher Suites for JSSE JDK 7 |
The preferred negotiated cipher combination is AES + SHA2. |
The set of cipher suites supported by the JDK 7 SunJSSE is listed here: |
|
Cipher Suites for RSA JSSE |
Product Dependent |
|
|
Cipher suites supported in the (removed) WebLogic Server Certicom SSL implementation and the SunJSSE equivalent. |
Product Dependent |
Documented for backward compatibility. See Table 39-2. When using Certicom, WebLogic Server does not support SHA256 hashing, or signature algorithms that include SHA256. |