1. Security Guide
  2. Prerequisite
  3. Application Server Security

2.4 Application Server Security

Please refer the Oracle Weblogic Security specification document for making the environment more safe and secured.

Apart from the Oracle Weblogic Security specification, Oracle Banking Corporate Lending Application recommends to implement the below security specifications.
  1. Support for Single Sign on (SSO)

    Oracle Banking Corporate Lending Solution supports Single sign-on capability with SAML (Security Assertion Markup Language) authentication. Ensure that the LDAP used for Oracle Banking Single Sign-on deployment with SAML (if SAML validation opted) is certified to work with Oracle Access Manager.

    Oracle Access Manager consists of the Access System and the Identity System. The Access System secures applications by providing centralized authentication, authorization and auditing to enable single sign-on and secure access control across enterprise resources. The Identity System manages information about individuals, groups and organizations. It enables delegated administration of users, as well as self-registration interfaces with approval workflows. These systems integrate seamlessly.

    For details on configuration, refer the document FCUBS_V.UM_OAM_Integration_Enabling_SSO.zip.

  2. Support for LDAP (External Password Authentication)

    Oracle Banking Corporate Lending also supports authentication through LDAP/MSAD without the use of SSO.

    Depending on the value of the property EXT_USERLOGIN in fcubs.properties file the length of userid field in login screen changes. If the value is Y then user is able to input up to 30 characters in userid field. Otherwise userid field allows only 12 characters.

    Depending on the value PASSWORD_EXTERNAL in fcubs.properties file, the password is validated with LDAP/MSAD or FCUBS Application.

    For details on configuration of LDAP, refer the Universal Banking Installation Guide document (Sec 1.4).

  3. Support for SSL (Secure Transformation of Data)

    The Installer allows a deployer to configure Oracle Banking Corporate Lending such that all HTTP connections to the application are over SSL/TLS. In other words, all HTTP traffic in the clear is prohibited; only HTTPS traffic is allowed. It is highly recommended to enable this option is a production environment, especially when WebLogic Server acts as the SSL terminator.

    For details on configuration of SSL, refer the Installation Guide documents - Weblogic Configuration.pdf for Weblogic and Websphere_Configurations.pdf for WebSphere)

  4. Support for SMTPS (Mail communication)
    Also mail session configuration required in Application server. Sample details for creating a mail session are listed below:
    • Name: FCUBSMailSession
    • JNDI Name: mail/FCUBSMail (The same need to be maintained in property file creation.)
    • Java Mail Properties for SMTPS protocol:
    • mail.host=<HOST_MAIL_SERVER>
    • mail.smtps.port=<SMTPS_SERVER_PORT>
    • mail.transport.protocol=smtps
    • mail.smtps.auth=true
    • mail.smtps.host==<HOST_SMTPS_MAIL_SERVER>
    For details on configuration of Mail Session process, refer the document < Resource_Creation_WL.doc for weblogic or Resource_Creation_WAS.doc for websphere >.
  5. Support for Securely store the credentials in CSF

    Product supports to store encryption key (Symmetric key) store in secure credential storage area.

    To support CSF, OPSS component should be available in the application server domain.

    Installer allows administrator to enable CSF component to the application. If CSF component enabled, then the application look into encryption key in CSF framework and get the value.

    The default CSF option is enabled for the application.

Parent topic: Prerequisite