Table of Contents

• Title and Copyright Information
• Preface
  • Audience
  • Convention
  • Documentation Accessibility
  • Diversity and Inclusion
• 1 Convergence Security Overview
  • Basic Security Considerations
  • Understanding the Convergence Environment
  • Overview of Convergence Server Security
  • Recommended Deployment Topologies
  • Operating System Security
    • Firewall Port Configuration
  • Oracle WebLogic Server Security
    • Oracle WebLogic Server in Secure Mode
    • Accessing a Web Application Deployed on Oracle WebLogic Server
  • Secure Sockets Layer (SSL)
    • Configuring SSL in Convergence
    • Configuring Authentication-Only SSL
    • Enabling SSL for Back-End Servers
    • Disabling Non-SSL Connections for Application Servers
  • Directory Server Security
• 2 Performing a Secure Convergence Installation
  • Installing Infrastructure Components Securely
  • Installing Third-Party Service Applications Securely
  • Credentials Required to Install Convergence Components
• 3 Implementing Convergence Security
  • Managing Security of Passwords
  • Disabling SSLv3 on Front-End Oracle WebLogic Server Hosts
  • Administering Encryption for Secure Authentication
  • About Certificate-Based Authentication
    • Configuring the Convergence Certificate Mapper
      • Mapper File Syntax
      • Mapper File Properties and Values
      • Sample certmap.conf Mapping
    • Enabling Certificate Authentication Support
  • About Single Sign-On Security
  • About HTML Filtering
  • Detecting Security Attacks or Insecure System Use
    • Messaging Server Best Practices for Fighting Email Spam
    • Limiting Mail Delivery
    • Denying Denial of Service Attacks in Messaging Server
    • System Logging
  • Securing Oracle Outside In Transformation Server
• 4 Security Considerations for Developers
  • Writing a Custom Pluggable SSO Module
    • SSO Mechanism in Convergence
    • Implementing the Custom SSO Module
    • Configuration
      • About the sso.notifyserviceimpl Parameter
    • Custom SSO Implementation Example
    • Summary
  • Writing a Custom Authentication Module
    • Basic Concepts
      • Convergence Authentication Framework
      • Contracts Defined by the Authentication Module
    • About the Sample Application
    • Implementing the Classes Required for the File-Based Authentication Store
    • How the Implementation Works
    • Compiling the Sample Custom Module
    • Configuring the Sample Custom Authentication Module
    • Deploying the Authentication Module in the Oracle WebLogic Server
    • Debugging and Troubleshooting the Custom Authentication Module
    • Disabling the Custom Authentication Module
    • Summary
• A Convergence Secure Deployment Checklist
  • Secure Deployment Checklist