Tuxedo
0
e-docs > Tuxedo > Using Security in CORBA Applications > Configuring Single Sign-on

Using Security in CORBA Applications

 Previous Next Contents Index View as PDF  

Configuring Single Sign-on

This topic includes the following sections:

 

Single Sign-on with Password Authentication

The steps for implementing single sign-on with password authentication are as follows:

  1. In the CORBA.connectionpool section of the weblogic.properties file, define the following properties:

Note: There are other properties in the CORBA.connectionpool section of the weblogic.properties file that are used to set up the connection pool. For more information about setting up CORBA connection pools, see Using WebLogic Enterprise Connectivity in the WebLogic Server online documentation.

  1. Use the tpusradd command to define the WebLogic Server User as an authorized user in the BEA Tuxedo domain. The username and password for the WebLogic Server User must appear in the tpusr file exactly as they are defined in the weblogic.properties file.

  2. Set -E option of the ISL command to configure the IIOP Listener/Handler to detect and utilize the propagated security context from the WebLogic Server security realm. The -E option of the ISL command requires you to specify a principal name. The principal name is the username as defined in the weblogic.properties file. The ISL command for the IIOP Listener/Handler is defined for the CLOPT parameter in the UBBCONFIG file for the BEA Tuxedo domain.

  3. Set the SECURITY parameter in the UBBCONFIG file to USER_AUTH or higher.

 

Single Sign-on with Password Authentication and the SSL Protocol

The steps for implementing single sign-on with password authentication and the SSL protocol are as follows:

  1. Configure the SSL protocol in the WebLogic Server and the BEA Tuxedo CORBA environments.

    For information about configuring the SSL protocol in the WebLogic Server environment, see Managing Security in the WebLogic Server online documentation.

    For information about configuring the SSL protocol in the CORBA environment, see Single Sign-on.

  2. In the CORBA.connectionpool section of the weblogic.properties file define the following properties:

Note: There are other properties in the CORBA.connectionpool section of the weblogic.properties file that are used to set up CORBA connection pools. For more information about setting up connection pools, see Using WebLogic Enterprise Connectivity in the WebLogic Server online documentation.

  1. Use the tpusradd command to define the WebLogic Server User as an authorized user in the BEA Tuxedo domain. The username and password for the WebLogic Server User must appear in the tpusr file exactly as they are defined in the weblogic.properties file.

  2. Set -E option of the ISL command to configure the IIOP Listener/Handler to detect and utilize the propagated security context from the WebLogic Server security realm. The -E option of the ISL command requires you to specify a principal name. The principal name is the username as defined in the weblogic.properties file. The ISL command for the IIOP Listener/Handler is defined for the CLOPT parameter in the UBBCONFIG file for the BEA Tuxedo domain.

  3. Set the SECURITY parameter in the UBBCONFIG file to USER_AUTH or higher.

 

Single Sign-on with the SSL Protocol and Certificate Authentication

The steps for implementing single sign-on with the SSL protocol and certificate authentication are as follows:

  1. Configure the SSL protocol in the WebLogic Server and the BEA Tuxedo CORBA environments.

    For information about configuring the SSL protocol in the WebLogic Server environment, see Managing Security in the WebLogic Server online documentation.

    For information about configuring the SSL protocol in the BEA Tuxedo CORBA environment, see Single Sign-on.

  2. In the CORBA.connectionpool section of the weblogic.properties file define the following properties:

Note: There are other properties in the CORBA.connectionpool section of the weblogic.properties file that are used to set up the CORBA connection pool. For more information about setting up connection pools, see Using WebLogic Enterprise Connectivity in the WebLogic Server online documentation.

  1. Use the tpusradd command to define the WebLogic Server User as an authorized user in the BEA Tuxedo domain. The username and password for the WebLogic Server User must appear in the tpusr file exactly as they are defined in the weblogic.properties file.

  2. Set -E option of the ISL command to configure the IIOP Listener/Handler to detect and utilize the propagated security context from the WebLogic Server security realm. The -E option of the ISL command requires you to specify a principal name. The principal name is the username as defined in the weblogic.properties file. The ISL command for the IIOP Listener/Handler is defined for the CLOPT parameter in the UBBCONFIG file for the BEA Tuxedo domain.

  3. Set the -a option of the ISL command to configure the IIOP Listener/Handler to enable certificate authentication.The ISL command for the IIOP Listener/Handler is defined for the CLOPT parameter in the UBBCONFIG file for the BEA Tuxedo domain.

  4. Set the SECURITY parameter in the UBBCONFIG file to USER_AUTH or higher.

Using certificate authentication between the WebLogic Server environment and the BEA Tuxedo CORBA environment implies performing a new SSL handshake to establish a connection from the WebLogic Server environment to a CORBA object in the BEA Tuxedo CORBA environment. In order to support multiple client requests over the same SSL network connection, certificate authentication must be set up as follows:

 

Back to Top Previous Next
dev2devesupporthttp://www.oracle.com/technology/documentation/index.htmlpartner net
Contact e-docsContact BEAwebmasterprivacy