This chapter includes the following sections:
When Do You Need to Configure a Security Provider?
Before using the WebLogic Identity Assertion provider, define the active token type. See Configuring Identity Assertion Providers.
To map tokens to a user in a security realm, configure the user name mapper in the WebLogic Identity Assertion provider. See Configuring a WebLogic Credential Mapping Provider.
To use auditing in the default (active) security realm, configure either the WebLogic Auditing provider or a custom Auditing provider. See Configuring the WebLogic Auditing Provider.
To use HTTP and Kerberos-based authentication in conjunction with WebLogic Server. See Configuring Single Sign-On with Microsoft Clients.
To use identity assertion based on SAML assertions. See Configuring Single Sign-On with Web Browsers and HTTP Clients Using SAML.
To use certificate revocation. See Configuring the Certificate Lookup and Validation Framework.
To use an LDAP server other than the embedded LDAP server, configure one of the LDAP Authentication providers. An LDAP authentication provider can be used instead of or in addition to the WebLogic Authentication provider. See Configuring LDAP Authentication Providers.
To access user, password, group, and group membership information stored in databases for authentication purposes. See Configuring RDBMS Authentication Providers. The RDBMS Authentication providers can be used to upgrade from the RDBMS security realm.
To use Windows NT users and groups for authentication purposes. See Configuring the Windows NT Authentication Provider. The Windows NT Authentication provider is the upgrade path for the Window NT security realm.
When you create a new security realm, configure security providers for that realm. See Creating and Configuring a New Security Realm: Main Steps.
When you add a custom security provider to a security realm or replace a WebLogic security provider with a custom security provider, configure options for the custom security provider.
You can use either the WebLogic-supplied security providers or a custom security provider in a security realm. To configure a custom security provider, see Configure custom security providers in the Oracle WebLogic Server Administration Console Online Help.
Reordering Security Providers
Enabling Synchronization in Security Policy and Role Modification at Deployment
However, custom deployable Authorization and Role Mapping providers may or may not support parallel calls. If your custom deployable Authorization or Role Mapping providers do not support parallel calls, you need to disable the parallel security policy and role modification and instead enforce a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially. Otherwise, if a provider does not support parallel calls, it generates a
You can turn on this synchronization enforcement mechanism on in two ways:
Enabling the synchronization mechanism affects every deployable provider configured in the realm, including the WebLogic Server XACML providers. Enabling the synchronization mechanism may negatively impact the performance of these providers.
From the WebLogic Server Administration Console. Set the Deployable Provider Synchronization Enabled and Deployable Provider Synchronization Timeout controls for the realm.
The Deployable Provider Synchronization Enabled control enforces a synchronization mechanism that results in each application and module being placed in a queue and deployed sequentially.
The Deployable Provider Synchronization Timeout control sets or returns the timeout value, in milliseconds, for the deployable security provider synchronization operation. This is the maximum time a deployment cycle wants to wait in the queue when the previous cycle is stuck.
DeployableProviderSynchronizationTimeoutattributes of the
RealmMBean. From WLST, set the
DeployableProviderSynchronizationTimeoutattributes of the RealmMBean.
See RealmMBean in MBean Reference for Oracle WebLogic Server.