Table of Contents
- Title and Copyright Information
- Preface
- 
               
               Part I Overview of WebLogic Server Security Administration
                  
               
               
               - 1 Security Management Concepts
- 2 WebLogic Server Security Standards
- 
                     
                     
                        
                        3
                            Configuring Security for a WebLogic Domain
                     
                        
                     
                     
                     - Performing a Secure Installation of WebLogic Server
- Creating a WebLogic Domain for Production Use
- Securing the Domain After You Have Created It
- Obtaining Private Keys, Digital Certificates, and Trusted Certificate Authority Certificates
- Storing Private Keys, Digital Certificates, and Trusted Certificate Authority Certificates
- Protecting User Accounts
- Using Connection Filters
- Using JEP 290 in Oracle WebLogic Server
 
- 4 Customizing the Default Security Configuration
 
- 
               
               Part II Configuring Security Providers
                  
               
               
               - 5 About Configuring WebLogic Security Providers
- 6 Configuring Authorization and Role Mapping Providers
- 7 Configuring the WebLogic Auditing Provider
- 8 Configuring Credential Mapping Providers
- 9 Configuring the Certificate Lookup and Validation Framework
 
- 
               
               Part III Configuring Authentication Providers
                  
               
               
               - 10 About Configuring the Authentication Providers in WebLogic Server
- 11 Configuring the WebLogic Authentication Provider
- 
                     
                     
                        
                        12
                            Configuring LDAP Authentication Providers
                     
                        
                     
                     
                     - LDAP Authentication Providers Included in WebLogic Server
- Requirements for Using an LDAP Authentication Provider
- Configuring an LDAP Authentication Provider: Main Steps
- Accessing Other LDAP Servers
- Enabling an LDAP Authentication Provider for SSL
- Dynamic Groups and WebLogic Server
- Use of GUID and LDAP DN Data in WebLogic Principals
- Configuring Users and Groups in the Oracle Internet Directory and Oracle Virtual Directory Authentication Providers
- Example of Configuring the Oracle Internet Directory Authentication Provider
- Configuring Failover for LDAP Authentication Providers
- Configuring an Authentication Provider for Oracle Unified Directory
- Following Referrals in the Active Directory Authentication Provider
- Configuring Group Search in the LDAP Authentication Provider for Oracle Directory Server Enterprise Edition
- 
                           
                           Improving the Performance of LDAP Authentication Providers
                              
                           
                           
                           - Optimizing the Group Membership Caches
- Optimizing the Connection Pool Size and User Cache
- Configuring Dynamic Groups in the iPlanet Authentication Provider to Improve Performance
- Optimizing the Principal Validator Cache
- Configuring the Active Directory Authentication Provider to Improve Performance
- Analyzing the Generic LDAP Authenticator Cache Statistics
- Testing the LDAP Connection During Configuration
 
- Configuring an Administrator User from an External LDAP Server: an Example
 
- 13 Configuring RDBMS Authentication Providers
- 14 Configuring the Windows NT Authentication Provider
- 15 Configuring the SAML Authentication Provider
- 
                     
                     
                        
                        16
                            Configuring the Password Validation Provider
                     
                        
                     
                     
                     - About the Password Validation Provider
- Password Composition Rules for the Password Validation Provider
- Using the Password Validation Provider with the WebLogic Authentication Provider
- Using the Password Validation Provider with an LDAP Authentication Provider
- Using WLST to Create and Configure the Password Validation Provider
 
- 
                     
                     
                        
                        17
                            Configuring Identity Assertion Providers
                     
                        
                     
                     
                     - About the Identity Assertion Providers
- How an LDAP X509 Identity Assertion Provider Works
- Configuring an LDAP X509 Identity Assertion Provider: Main Steps
- Configuring a Negotiate Identity Assertion Provider
- Configuring a SAML Identity Assertion Provider for SAML 1.1
- Configuring a SAML 2.0 Identity Assertion Provider for SAML 2.0
- Ordering of Identity Assertion for Servlets
- Configuring Identity Assertion Performance in the Server Cache
- 
                           
                           Authenticating a User Not Defined in the Identity Store
                              
                           
                           
                           - How Virtual User Authentication Works in a WebLogic Domain
- Configuring Two-Way SSL and Managing Certificates Securely
- Customizing the WebLogic Identity Assertion Provider (DefaultIdentityAsserter)
- Configuring the Virtual User Authentication Provider
- Using WLST to Configure Virtual User Authentication
 
- Configuring a User Name Mapper
- Configuring a Custom User Name Mapper
 
- 18 Configuring the Virtual User Authentication Provider
- 
                     
                     
                        
                        19
                            Configuring the Oracle Identity Cloud Integrator Provider
                     
                        
                     
                     
                     - About the Oracle Identity Cloud Integrator Provider
- Prerequisites for Configuring the Oracle Identity Cloud Integrator Provider
- Configuring the Oracle Identity Cloud Integrator Provider: Main Steps and Examples
- Configuring TLS/SSL for the Oracle Identity Cloud Integrator Provider
- Using the Oracle Identity Cloud Integrator Provider in FIPS Mode
- Authorization and Remote User HTTP Header Support
- Handling Authentication Failures
 
 
- 
               
               Part IV Configuring Single Sign-On
                  
               
               
               - 
                     
                     
                        
                        20
                            Configuring Single Sign-On with Microsoft Clients
                     
                        
                     
                     
                     - Overview of Single Sign-On with Microsoft Clients
- System Requirements for SSO with Microsoft Clients
- Single Sign-On with Microsoft Clients: Main Steps
- Configuring Your Network Domain to Use Kerberos
- Creating a Kerberos Identification for WebLogic Server
- Configuring Microsoft Clients to Use Windows Integrated Authentication
- Creating a JAAS Login File
- Configuring the Identity Assertion Provider
- Using Startup Arguments for Kerberos Authentication with WebLogic Server
- Verifying Configuration of SSO with Microsoft Clients
 
- 21 Configuring Single Sign-On with Web Browsers and HTTP Clients Using SAML
- 
                     
                     
                        
                        22
                            Configuring SAML 1.1 Services
                     
                        
                     
                     
                     - Enabling Single Sign-on with SAML 1.1: Main Steps
- Configuring a SAML 1.1 Source Site for Single Sign-On
- 
                           
                           Configuring a SAML 1.1 Destination Site for Single Sign-On
                              
                           
                           
                           - Configure SAML Identity Assertion Provider
- 
                                 
                                 Configure Destination Site Federation Services
                                    
                                 
                                 
                                 - Enable the SAML Destination Site
- Set Assertion Consumer URIs
- Specify Allowed Target Hosts
- Configure SSL for the Assertion Consumer Service
- Add SSL Client Identity Certificate
- Configure Single-Use Policy and the Used Assertion Cache or Custom Assertion Cache
- Configure Recipient Check for POST Profile
 
- Configuring Asserting Parties
 
- Configuring Relying and Asserting Parties with WLST
 
- 
                     
                     
                        
                        23
                            Configuring SAML 2.0 Services
                     
                        
                     
                     
                     - Configuring SAML 2.0 Services: Main Steps
- Configuring SAML 2.0 General Services
- Configuring an Identity Provider Site for SAML 2.0 Single Sign-On
- Configuring a Service Provider Site for SAML 2.0 Single Sign-On
- Configuring SAML Encryption Using WLST
- Viewing Partner Site, Certificate, and Service Endpoint Information
- Web Application Deployment Considerations for SAML 2.0
 
- 24 Enabling Debugging for SAML 1.1 and 2.0
 
- 
                     
                     
                        
                        20
                            Configuring Single Sign-On with Microsoft Clients
                     
                        
                     
                     
                     
- 
               
               Part V Managing Security Information
                  
               
               
               - 25 Migrating Security Data
- 26 Managing the RDBMS Security Store
- 27 Managing the Embedded LDAP Server
 
- 
               
               Part VI Configuring SSL
                  
               
               
               - 28 Overview of Configuring SSL in WebLogic Server
- 
                     
                     
                        
                        29
                            Configuring Keystores
                     
                        
                     
                     
                     - About Configuring Keystores in WebLogic Server
- Creating a Keystore
- Using Keystores and Certificates in a Development Environment
- Obtaining and Storing Certificates for Production Environments
- Configuring Keystores with WebLogic Server
- Viewing Keystore Contents
- Setting Certificate Expiry Notifications
- Replacing Expiring Certificates
- Creating a Keystore: An Example
- Supported Formats for Identity and Trust Certificates
- Obtaining a Digital Certificate for a Web Browser
 
- 30 Configuring Oracle OPSS Keystore Service
- 31 Using Host Name Verification
- 32 Specifying a Client Certificate for an Outbound Two-Way SSL Connection
- 33 SSL Debugging
- 34 SSL Certificate Validation
- 35 Using JCE Providers with WebLogic Server
- 36 Enabling FIPS Mode
- 37 Specifying the SSL/TLS Protocol Version
- 38 Using the JSSE-Based SSL Implementation
- 
                     
                     
                        
                        39
                            X.509 Certificate Revocation Checking
                     
                        
                     
                     
                     - Certificate Revocation Checking Overview
- Enabling the Default CR Checking Configuration
- Choosing the CR Checking Methods to Be Used by WebLogic Server
- Failing SSL Certificate Path Validation if Revocation Status Cannot Be Determined
- Using the Online Certificate Status Protocol
- Using Certificate Revocation Lists
- Configuring Certificate Authority Overrides
 
- 40 Configuring an Identity Keystore Specific to a Network Channel
- 41 Configuring RMI over IIOP with SSL
- 42 Using a Certificate Callback Handler to Validate End User Certificates
 
- 
               
               Part VII Advanced Security Topics
                  
               
               
               - 43 Configuring Cross-Domain Security
- 44 Configuring JASPIC Security
 
- Part VIII Appendixes
- A Keytool Command Summary
- B Interoperating With Keystores From Prior Versions