Table of Contents Table of Contents Title and Copyright Information Preface Audience Documentation Accessibility Diversity and Inclusion 1 UIM Security Overview Basic Security Considerations Understanding the UIM Environment Overview of UIM Security Recommended Deployment Scenarios Operating System Security Firewall Port Configuration Oracle Database Security Data Encryption Secure Database Connections SSL Authentication WebLogic Server Security Authorization WebLogic Resources Security Policies Secure Sockets Layer (SSL) Logging Security Oracle Security Documentation File Permissions 2 Performing a Secure UIM Installation Installing UIM Securely About Password Policies Post-Installation Configuration Setting Up User Accounts to Lock and Expire 3 Implementing UIM Security Configuring and Using Authentication Java Authentication and Authorization Service About Callback Handlers Configuring and Using Access Control Enabling Access for Specifications Configuring and Using Security Audit Logs Secure Access to UIM Web Services Managing UIM Security 4 Security Considerations for Developers About UIM Security Policies About Securing UIM APIs About Securing Entity Data About Securing Web Services A UIM Secure Deployment Checklist Secure Deployment Checklist