1. Oracle Banking Microservices Platform Foundation Installation Guide
  2. Security Configuration and Tools Installation

4 Security Configuration and Tools Installation

This topic provides the information about security configuration and tools installation.

Prerequisites

Before proceeding, do the following steps:

  • If the user wants to use LDAP for web application authentication with WebLogic as a provider for LDAP.

    Note:

    Refer to the WebLogic Embedded LDAP Setup section in ANNEXURE - 1 for the setup details.
  • If the user wants to use OAuth without OAM (Spring OAuth), do the below change in WebLogic configuration.
    • In the config.xml file of the concerned domain in WebLogic, add the following script at the end of security-configuration tag (just before the line </security-configuration>).
      <enforce-valid-basic-auth-credentials>false</enforce valid-basic-auth-credentials>

    To use the Standard LDAP directory authentication for Online Web Application authentication, make sure that the LDAP server details is given to the user as below:

    LDAP_URL, USER_STORE, LDAP_SERVER_CREDENTIAL_SALT, LDAP_SERVER_USER, LDAP_SERVER_BASE, LDAP_SERVER_CREDENTIAL, LDAP_USER_SEARCH_BASE, LDAP_USER_PREFIX, CORS_ALLOWED_ORGINS, LDAP_SERVER_CREDENTIAL_SALT etc.

Plato Security JWT

The Plato security module enables securing API microservices with JWT. The JWT are an open, industry standard RFC 7519 method for representing claims securely between two parties. The JWT is a compact, URL-safe means of representing claims transferred between two parties. The claims in the JWT are encoded as a JSON object, which is used as a payload of the JWS structure or as plain text of the JWE structure, enabling the claims to be digitally signed.

Plato Security Configuration (Online Web Application Authentication)

Oracle Banking Microservices Architecture recommend to create new schema for security to keep the security related database objects at one place. If the environment is configured for multi-tenant, we require a security schema per tenant.

All the Plato security configurations are maintained at SECURITY_CONFIG table Steps to configure in the table:
  1. In case of LDAP Directory Authentication, change the below KEY with the provided LDAP details:

    Table 4-1 LDAP Directory Authentication - Key Parameters

    KEY VALUE
    LDAP_SERVER_CREDENTIAL_SALT Enter LDAP server Credential salt e.g. 0.9482628451234567
    CORS_ALLOWED_ORGINS valid host names (comma delimited)
    LDAP_URL Enter LDAP Server URL.

    Example: ldap://wxy00abc:9001
    LDAP_SERVER_USER Enter LDAP Server USERID.

    Example: uid=admin
    LDAP_SERVER_BASE Enter LDAP server BASE.

    Example: dc=oracle,dc=com
    LDAP_SERVER_CREDENTIAL Enter LDAP server encrypted password using provided jwt algorithm.

    Example: m0o/F3UvlwvBSv5C/TSckA== (use plato encryption utlity to generate encrypted password)
    LDAP_USER_SEARCH_BASE Enter LDAP User search Base.

    Example: ou=people
    LDAP_USER_PREFIX Enter LDAP User Prefix.

    Example: uid
  2. In case of SSO Agent, change the below KEY with the provided LDAP details:

    Table 4-2 SSO Agent - Key Parameters

    KEY VALUE
    IS_SSO_CONFIGURED True
    CORS_ALLOWED_ORGINS valid host names (comma delimited)

User Store

Oracle Banking Microservices Architecture supports the following user stores for authentication Users Maintained at the table. Plato security can authenticate the users maintained at the table (APP_USER) in the security schema. However, this option is not recommended.