This chapter describes the security standards supported by WebLogic Server.
This chapter includes the following topics:
WebLogic Server supports the security standards shown in Table 3-1.
Table 3-1 WebLogic Server Security Standards Support
| Standard | Version | Additional Considerations |
|---|---|---|
|
JAAS |
JAAS version depends on the Java SE version. See |
|
|
JASPIC |
1.1 |
|
|
JACC |
1.5 |
|
|
Java EE application packaged permissions |
Java EE 7 Platform Specification |
|
|
JCE |
1.4 RSA JCE: Crypto-J V6.2.0.1 JDK 8 JCE provider (SunJCE) is also supported. nCipher JCE is also supported. |
See Chapter 35, "Using JCE Providers with WebLogic Server". See |
|
JSSE |
Default SSL implementation based on JDK 8 Java Secure Socket Extension (JSSE). RSA JSSE is also supported |
See Chapter 38, "Using the JSSE-Based SSL Implementation". See Using the RSA JSSE Provider in WebLogic Server. Note: Although JSSE supports Server Name Indication (SNI) in its SSL implementation, WebLogic Server does not support SNI. |
|
Kerberos |
Version 5 |
See Chapter 20, "Configuring Single Sign-On with Microsoft Clients". |
|
LDAP |
v3 |
See Chapter 13, "Configuring LDAP Authentication Providers". Also see Chapter 27, "Managing the Embedded LDAP Server". |
|
SAML |
1.1, 2.0 |
See Chapter 22, "Configuring SAML 1.1 Services". See Chapter 23, "Configuring SAML 2.0 Services". |
|
SPNEGO |
Specified by |
See Chapter 20, "Configuring Single Sign-On with Microsoft Clients". |
|
SSL |
v3. (WebLogic Server does not support SSL 2.0.) |
See Chapter 37, "Specifying the SSL Protocol Version" for version-specific information. |
|
SSO |
Via Microsoft Clients Via SAML |
See Chapter 20, "Configuring Single Sign-On with Microsoft Clients". See Chapter 21, "Configuring Single Sign-On with Web Browsers and HTTP Clients Using SAML". |
|
TLS |
v1.0, v1.1, v1.2 |
Note: TLS V1.1 is the default minimum protocol version configured in WebLogic Server. Oracle recommends the use of TLS V1.1 or later in a production environment. See Chapter 37, "Specifying the SSL Protocol Version" for version-specific information. |
|
Uncovered HTTP methods |
Servlet 3.1 |
|
|
X.509 |
v3 |
WebLogic Server supports 4096-bit keys. (4096-bit keys may require substantially more compute time for some operations.) Certificates generated with CertGen have a default 2048-bit key size. You specify the key size with the The WebLogic Server demo CA has a 2048-bit key length. As of JDK 8, the use of x.509 certificates with RSA keys less than 1024 bits in length are blocked. |
|
xTensible Access Control Markup Language (XACML) |
2.0 |
See Chapter 7, "Configuring Authorization and Role Mapping Providers". |
|
Partial implementation of Core and Hierarchical Role Based Access Control (RBAC) Profile of XACML |
2.0 Specified by |
Table 3-2 lists the supported FIPS versions and cipher suites.
Table 3-2 Cipher Suites and FIPS 140-2 Supported Versions
| Standard | Version | Additional Considerations |
|---|---|---|
|
FIPS 140-2 |
RSA Crypto-J V6.2.0.1 RSA SSL-J V6.2 RSA Cert-J V6.2 |
See Chapter 36, "Enabling FIPS Mode". You can also use the RSA JSSE and JCE providers in non-FIPS mode: |
|
Cipher Suites for JSSE JDK 8 |
The preferred negotiated cipher combination is AES + SHA2. |
The set of cipher suites supported by the JDK 8 SunJSSE is listed here: |
|
Cipher Suites for RSA JSSE |
Product Dependent |
|
|
Cipher suites supported in the (removed) WebLogic Server Certicom SSL implementation and the SunJSSE equivalent. |
Product Dependent |
Documented for backward compatibility. See Table 38-2. When using Certicom, WebLogic Server does not support SHA256 hashing, or signature algorithms that include SHA256. |