Contents for Administration Application Guide
Introduction to System Administration
About This Document
Audience
Product Documentation on the dev2dev Web Site
Overview of System Administration
Distributed Computing Security Infrastructure
Attributes
Security Protections for System Administration Tools
Administration Console
Failover and System Reliability
Understanding Failover
WebLogic Enterprise Security Failover Considerations
Failover Considerations for the Administration Server
Failover Considerations for the Database Server
Failover Considerations for a Security Service Module
Failover Considerations for a Service Control Manager
Understanding Database Replication
Database Replication in an Oracle Environment
Preparing for Oracle Database Replication
Master and Materialized View Site Requirements
Master Site Requirements
Materialized View Site Requirements
Requirements for the Machine Running the Replication Setup Scripts
Setting the Required Replication Setup Parameters
Setting Up Oracle Database Replication
Using Scripts to Set Up Oracle Database Replication
Setting Up Oracle Database Replication Manually
Using Scripts to Clean Up Oracle Database Replication
Cleaning Up the Oracle Database Replication Manually
Miscellaneous Oracle Database Replication Tasks
Database Replication in a Sybase Environment
Preparing for Sybase Database Replication
Privileges for the Primary and the Replicate ASE Servers
Primary ASE Server and Primary Database Requirements
Replicate ASE Server and Replicate Database Requirements
Requirements for the Machine Used to Run Sybase Database Replication Setup Scripts
Parameters Needed for Sybase Database Replication Setup
Setting Up Sybase Database Replication
Using Scripts to Set Up Sybase Database Replication
Setting Up Sybase Database Replication Manually
Setting up the Primary ASE Server and the Primary Database
Starting the ASE Replicator
Adding a Remote Server in Primary ASE Server for the Replicate ASE Server
Setting Up the Replicate ASE Server and the Primary Database
Setting up the Sybase Database Replication Process
Cleaning Up Sybase Database Replication
Using Scripts to Clean Up Sybase Database Replication
Cleaning Up the Sybase Database Replication Manually
Cleaning Up the Sybase Database Replication Process
Cleaning Up the Replicate ASE Server and Primary Database
Removing the Remote Server
Stopping ASE Replicator
Cleaning Up the Primary ASE Server and the Primary Sybase Database
Completing Sybase Database Replication Cleanup
Administration Policy
Security Roles
Dynamic Role Mapping
Understanding the Administration Policy
Admin Role
Deployer Role
Operator Role
Monitor Role
Everyone Role
Anonymous Role
Resources
Privileges
Context Attributes
Evaluation Functions
Authorization Queries
Enumerated Types
Default Admin Policy
Example Policy Customizations
Security Administration
Managing Security
Security Configuration
Resources
Resource Attribute
Privilege
Privilege Group
Identity
User
Group
Identity Attribute
Role
Role Policy
Policy
Policy Rule
Policy Inquiry
Policy Verification
Declarations
Deployment
What's Next?
Using the Console
Overview
Checking the Console Version Number
Setting Console Preferences
Starting the Administration Console
Logging out of the Administration Console
Using the Administration Console
Getting Help
Configuring the Administration Server for Failover
Additional BEA Documentation Available on the Internet
Starting and Stopping Services
Starting and Stopping Administration Server Processes On Windows
Starting and Stopping Administration Server Processes on Unix
Starting and Stopping Security Service Module Processes
Starting and Stopping Processes on Windows
Starting and Stopping Processes on UNIX
Start-Up Option on Linux Platforms
Configuring Secure Sockets Layer for a Production Environment
Some SSL Basics
Private Keys, Digital Certificates, and Trusted Certificate Authorities
One-Way SSL Versus Two-Way SSL
How WebLogic Enterprise Security Locates Trust
Configuring SSL
Obtaining Private Keys, Digital Certificates, and Trusted Certificate Authorities
Creating a Keystore and Loading Private Keys and Trusted Certificate Authorities
Common Keytool Commands
Using the ImportPrivateKey Utility
Configuring Keystores
Configuring One-Way SSL
Configuring Two-Way SSL
SSL Certificate Validation
Setting the Level of Certificate Validation
Checking Certificate Chains
Troubleshooting Problems with Certificates
Specifying the Version of the SSL Protocol
Enabling Single Sign On
Configuring Single Sign On with Microsoft Clients
Requirements
Enabling a Web Service or Web Application
Configuring the SPNEGO Provider
Editing the Descriptor File
Configuring the Active Directory Authentication
Configure the Active Directory Authentication Provider
Configure the Client .NET Web Service
Configure the Internet Explorer Client Browser
Configure the Sites
Configure Intranet Authentication
Verify the Proxy Settings
Set the Internet Explorer 6.0 Configuration Settings
Security Configuration
Overview
Security Configuration
Understanding the Service Control Manager
Configuring a Service Control Manager
Understanding the Security Service Module
Configuring a Security Service Module
Binding a Security Service Module to a Service Control Manager
Unbinding a Security Service Module from a Service Control Manager
Configuring Security Providers
Configuring an Authentication Provider
Changing the Order of Authentication Providers
Setting the JAAS Control Flag
Configuring an Open LDAP Authentication Provider
Configuring a Windows NT Authentication Provider
Configuring an Active Directory Authentication Provider
Configuring an iPlanet LDAP Authentication Provider
Configuring Failover for LDAP Authentication Providers
Configuring a Novell LDAP Authentication Provider
Configuring Failover for the Database Authentication Provider
Configuring a Database Authentication Provider
Oracle Database Configuration
Sybase Database Configuration
Specifying SQL Query Strings and Provider Extensions
Configuring an ALES Identity Assertion Provider
Configuring a SAML Identity Assertion Provider
Configuring a Single Pass Negotiate Identity Asserter
Configuring an X.509 Identity Assertion Provider
Configuring an ALES Credential Mapping Provider
Configuring a Database Credential Mapper
Configuring Failover for the Database Credential Mapper Provider
Configuring a SAML Credential Mapping Provider
Configuring an ASI Authorization Provider
Using the asipasswd Utility to Configure the Metadirectory Password
Configuring an ASI Adjudication Provider
Configuring an ASI Role Mapping Provider
Configuring a Resource Deployment Audit Provider
Configuring a Log4j Audit Channel Provider
Configuring a Custom Security Provider
Deleting a Security Provider
Configuring a WebLogic Server Security Service Module
Configuring the WebLogic Security Providers
Configuring the WebLogic Authentication Provider
Configuring the WebLogic Authorization Provider
Configuring a WebLogic Role Mapping Provider
Configuring the WebLogic Credential Mapping Provider
Performance and Caching
Authorization Caching
Configuring Authorization Caching
Authorization Caching Expiration Functions
Deployment
Deployment
Understanding Deployment
Managing Deployment
Distributing Policy
Distributing Configuration
Distributing Structural Changes
Viewing Distribution Results
Viewing Deployment Status
Provider Extensions
What is a Provider Extension?
Authorization and Role Mapping Extensions
Using Java-Based Plug-ins
Using the Java-based Plug-in Interfaces
Resource Converter
Attribute Retriever
Attribute Converter
Using Language Extensions
Building an Extension
Deploying the Extension
Using the Extension
Custom Audit Plug-ins
Using the Custom Audit Plug-in
Audit Plug-in Renderer Class
Database Authentication Plug-in
Audit Events
What is an AuditEvent?
What Events are Audited?
Custom Audit Context Extensions
Audit Event Interfaces and Audit Events
AuditAtnEvent
AuditAtzEvent
AuditCredentialMappingEvent
AuditMgmtEvent
AuditPolicyEvent
AuditRoleDeploymentEvent
AuditRoleEvent
Admin Policy Audit Events
Additional Audit Event Interfaces
Authentication - AuditAtnEvent
Policy Deployment - AuditPolicyDeployEvent
Policy Undeployment - AuditPolicyUndeployEvent
Policy Events - AuditPolicyEvent
Role Mapping - AuditRoleEvent
Role Deployment - AuditRoleDeployEvent
Role Undeployment - AuditRoleUndeployEvent
Predicate Events - AuditPredicateEvent
ContextHandler Object
PolicyAdministrationEvent
Using Custom Audit Providers
Function Reference
Function Pointers
*CredFunc() - Custom Credential Function Pointer
Description
Syntax
Parameters
Returns
Example
See Also
*EvalFunc() - Custom Evaluation Function Pointer
Syntax
Parameters
Returns
Example
See Also
*ShutdownFunc () - Custom Shutdown Function Pointer
Syntax
Parameters
Returns
Example
See Also
*PluginInitFunc() - Plug-in Initialization Function Pointer
Syntax
Parameters
Returns
Example
registerCustomCredentialFunction() - Register Credential Function
Syntax
Parameters
Returns
Example
See Also
registerCustomEvaluationFunction() - Register Evaluation Function
Syntax
Parameters
Returns
Example
See Also
registerShutdownFunction() - Register Shutdown Function
Syntax
Parameters
Returns
Example
See Also
Session Class
Session::SetAttribute() - Append AttributeValue Object
Syntax
Parameters
Returns
Example
See Also
Session::getAttribute() - Get AttributeValue Object from Attribute
Syntax
Parameters
Returns
Example
See Also
Session::getEvalResult() - Get Evaluation Result
Syntax
Parameters
Returns
Example
See Also
Session::appendReturnData() - Return Evaluation Results
Syntax
Parameters
Returns
Example
See Also
Session::getDomainName() - Get Domain Name for the Session
Syntax
Parameters
Returns
Example
See Also
Session::getLocationName() - Get Location Name for Session
Syntax
Parameters
Returns
Example
See Also
Session::getApplicationName() - Get Application Name for Session
Syntax
Parameters
Returns
Example
See Also
Session::getUserID() - Get User Name for Session
Syntax
Parameters
Returns
Example
See Also
AttributeValue Class
Single Value
Lists of Values
Methods Common to Both Types
Internal Methods
AttributeValue::addValue() - Add and Set a String List Attribute Value
Syntax
Parameters
Returns
Example
See Also
AttributeValue::AttributeValue() - Constructor
Syntax
Parameters
Returns
Example
See Also
AttributeValue::entries() - Count Number of List Elements
Syntax
Parameters
Returns
Example
See Also
AttributeValue::getValue() - Get Single Attribute Value
Syntax
Parameters
Returns
Example
See Also
AttributeValue::has() - Check If Value is Already Present in a List
Syntax
Parameters
Returns
Example
See Also
AttributeValue::IsList() - Is Attribute Value an Indexed List?
Syntax
Parameters
Returns
Example
See Also
AttributeValue::IsSingle() - Is Attribute Value a Single Value?
Syntax
Parameters
Returns
Example
See Also
AttributeValue::isUndefined() - Is Attribute Value an undefined object?
Syntax
Parameters
Returns
Example
See Also
AttributeValue::setValue() - Set Single Attribute Value
Syntax
Parameters
Returns
Example
See Also
AttributeValue::removeAt() - Remove Indexed List Attribute Value
Syntax
Parameters
Returns
Example
See Also
AttributeValue::removeValue() - Remove Named List Attribute Value
Syntax
Parameters
Returns
Example
See Also
AttributeValue::size() - Count Number of List Elements
Syntax
Parameters
Returns
Example
See Also
AttributeValue [ ] Operator - Returns the Value of an Indexed String List Element