1.2 Application Server Security
The application server of the Oracle Banking Branch needs to be secured.
Refer to the Oracle Web Logic Security specification document for making the environment more safe and secure.
Oracle Banking Branch products supports the following authentication schemes for the online web application:
-
Standard LDAP Directory (e.g. OUD/AD/Embedded Weblogic)
-
SSO with OAM (Oracle Access Manager – Part of the Oracle Identity Management Suite)
-
SAML assertions with a Service Provider protecting the resource and an Identity Provider
Oracle Banking Branch products solution supports the following authentication scheme for the API layer:
-
OAuth (CLIENT CREDENTIALS) with OAM
-
OAuth (CLIENT CREDENTIALS) without OAM
In case the customer does not have OAM, they can use OAUTH without OAM or it is expected that the customer has an enterprise API Management Layer that protects Oracle Banking Branch products’s API layer with the same controls (i.e. OAuth).
Support for Secure Transformation of Data (SSL)
The Oracle Banking Branch products are to be configured that all HTTP connections to the application are over SSL/TLS. In other words, all HTTP traffic in the clear will be prohibited; only HTTPS traffic will be allowed. It is highly recommended to enable this option in a production environment, especially when WebLogic Server acts as the SSL terminator.
Parent topic: Prerequisite