Go to main content
1/10
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
1
Services Gatekeeper Security Overview
Basic Security Considerations
Overview of Services Gatekeeper Security
Understanding the Services Gatekeeper Environment
Recommended Deployment Configurations
Securing Services Gatekeeper Components
Operating System Security
Database Security
Oracle Databases
MySQL Databases
WebLogic Server Security
Security Considerations for Relational Database Authentication Providers
Related Applications Security
External Firewall Security
Virtual Environments Security
2
Performing a Secure Services Gatekeeper Installation
Pre-Installation Configuration
Ensuring Services Gatekeeper Performance and Security
Security Considerations Related to User Privileges
Security Considerations Relating to Passwords
Installing Services Gatekeeper Securely
Securing the OAM MBeans
Administrative Groups
Administrative Service Groups
Configuring a Secure Domain for Services Gatekeeper
Post-Installation Configuration
Configure the Default Services Gatekeeper Communication Ports
Securing Single-Tier Communication
Securing Multi-Tier Communication
Encrypt Application Passwords
Configuring Application Password Encryption
Configuring SSL Communication
Configuring Clustered SSL Communication
Securing Partner Relationship Management Portals
Adding Custom Password Validators
Installing Java Cryptography Extension (JCE)
Securing Communication with Web-based Applications
Using Tunneled Parameters
3
Securing Network Traffic
Understanding How to Secure Network Traffic
Configuring Network Traffic Security with ApiFirewallMBean
Creating a List of Trusted APIs Using ApiConfigXml
Implementing Denial-of-Service Attack Protection with ApiFirewall
Protecting REST APIs with a White List of IP Addresses
Removing External Entity Reference Security
Implementing Network Traffic Security for APIs
Authenticating Users and Applications
Authenticating Applications
Authenticating Users
4
Securing Communication Services
Understanding Communication Services Traffic Security
Security Considerations for All Communication Services
Authorizing Access to Services with Single Sign-On
Authorizing Access to Services with SLAs
Authenticating and Authorizing Resources with OAuth
Securing SOAP-Based Communication
Setting up UsernameToken with Password Digest (Digest Authentication)
Setting up UsernameToken with X.509
Removing Outbound Web Security
Creating and Using a custom WS-Policy
Available default WS-Policies
Securing RESTful Web Services with SSL
Configuring Application-Facing Servers for SSL
Enabling and Configuring SSL for Each Application Tier Server
Adding Certificates to the Application Tier Servers and Applications
Securing Network-Facing Servers With Keystores
Securing Native Communication Services
5
Administering Services Gatekeeper Securely
Monitoring Your Services Gatekeeper Implementation
Backing Up and Restoring Services Gatekeeper Configuration Data
Security Considerations for Services Gatekeeper System Administrators
Securing Communication with Service Interceptors
Administering Partners
Setting Up the Partner Relationship Management Portals
6
Deploying Services Gatekeeper in a Demilitarized Zone
Overview and Recommended Configurations
Securing Services Gatekeeper Components in the DMZ
Securing Traffic Between the Internet and the Access Tier
Configuring a Firewall to Protect the Access and Portal Tiers
Hardening the Operating System
Hardening Oracle Linux 6
Hardening Oracle Solaris 11
Securing Traffic Between the Access and Portal Tiers
Encrypting RMI Traffic Between the Access Tier and the Network Tier
Securing Traffic between the Access Tier and the Network Tier
Configuring a Firewall Between the ATs/Portals and the NTs
Securing the Services Gatekeeper Administration Server
Restricting Administration Server to SSL
Securing the Database
Securing OBIEE in Services Gatekeeper
Securing Node Manager Access to Services Gatekeeper
Configuring Connection Filters Instead of a Firewalls
7
Securing Services Gatekeeper for PCI-DSS
Payment Card Industry - Data Security Standard Compliance
Understanding Services Gatekeeper Security
Installing Services Gatekeeper for PCI
Change the WebLogic Administrator Name and Use a Secure Password
Change the Partner Manager Administrative Username and Use a Secure Password
Implementing Services Gatekeeper for PCI
Protect Services Gatekeeper Components With Firewalls
Specify SSL-only Communication
Configure the Default Services Gatekeeper Communication Ports
Understanding Users, User Groups and their Access to System Components
Configure WebLogic Auditing to Monitor All Access to Network Resources
Configure User Lockout Features
Encrypt Application Passwords
Configure Web Services Securely
Scripting on this page enhances content navigation, but does not change the content in any way.