1.4 Application Server Security

This topic describes about application server security.

Refer to the Oracle Web Logic Security specification document to make the environment more safe and secured.

Oracle Banking Corporate Lending Process Management supports the following authentication schemes for the online web application.

• Standard LDAP Directory (For example, OUD/AD/Embedded Weblogic)
• SSO with OAM (Oracle Access Manager – Part of the Oracle Identity Management Suite)
• SAML assertions with a Service Provider protecting the resource and an Identity Provider.

Oracle Banking Corporate Lending Process Management supports the following authentication scheme for the API layer.

• OAuth (CLIENT CREDENTIALS) with OAM
• OAuth (CLIENT CREDENTIALS) without OAM

If the customer do not have OAM, they can use OAUTH without OAM or it is expected that the customer has an enterprise API Management Layer that protects Oracle Banking Corporate Lending Process Management API layer with the same controls (that is OAuth).

Support for SSL (Secure Transformation of Data)

Oracle Banking Corporate Lending Process Management should be configured that all HTTP connections to the application over SSL/TLS. In other words, all HTTP traffic in clear‌ is prohibited and only HTTPS traffic is allowed. It is highly recommended to enable this option in the production environment, especially when the WebLogic Server acts as the SSL terminator.