1. Security Guide
  2. Prerequisite
  3. Application Server Security

Application Server Security

Please refer the Oracle Weblogic Security specification document for making the environment more safe and secured.

Apart from the Oracle Weblogic Security specification, Oracle Banking Payments Application recommends to implement the below security specifications.

Support for Single Sign on (SSO)

Oracle Banking Payments Solution supports Single sign-on capability. Ensure that the LDAP used for Oracle Banking Payments Single Sign-on deployment is certified to work with Oracle Access Manager.

Oracle Access Manager consists of the Access System and the Identity System. The Access System secures applications by providing centralized authentication, authorization and auditing to enable single sign-on and secure access control across enterprise resources. The Identity System manages information about individuals, groups and organizations. It enables delegated administration of users, as well as self-registration interfaces with approval workflows. These systems integrate seamlessly.

For details on configuration, refer to the document FCUBS_V.UM_OAM_Integration_Enabling_SSO.zip.

Support for LDAP (External Password Authentication)

Oracle Banking Payments also supports authentication through LDAP/MSAD without the use of SSO.

Depending on the value of the property EXT_USERLOGIN in fcubs.properties file the length of userid field in login screen will change. If the value is “Y” then user will be able to input up to 30 characters in userid field. Otherwise userid field will allow only 12 characters.

Depending on the value PASSWORD_EXTERNAL in fcubs.properties file, the password will be validated with LDAP/MSAD or FCUBS Application.

For details on configuration of LDAP, refer to Oracle BANKING Payments Installation Guide document (Sec 1.4).

Support for SSL (Secure Transformation of Data)

The Oracle Banking Payments Installer allows a deployer to configure Oracle Banking Payments such that all HTTP connections to the Oracle Banking Payments application are over SSL/TLS. In other words, all HTTP traffic in the clear will be prohibited; only HTTPS traffic will be allowed. It is highly recommended to enable this option is a production environment, especially when WebLogic Server acts as the SSL terminator.

For details on configuration of SSL, refer to Oracle Banking Payments Installation Guide document (Sec 1.4.1 for Weblogic, Sec 1.4.2 for WebSphere).

Support for SMTPS (Mail communication)

Also mail session configuration required in Application server. Sample details for creating a mail session are listed below:
  • Name: FCUBSMailSession
  • JNDI Name: mail/FCUBSMail (The same need to be maintained in property file creation)
  • Java Mail Properties for SMTPS protocol:

    mail.host=<HOST_MAIL_SERVER>

    mail.smtps.port=<SMTPS_SERVER_PORT>

    mail.transport.protocol=smtps

    mail.smtps.auth=true

    mail.smtps.host==<HOST_SMTPS_MAIL_SERVER>

For details on configuration of Mail Session process, refer to the document < Resource_Creation_WL.doc for weblogic or Resource_Creation_WAS.doc for websphere >.

Support for Securely store the credentials in CSF

Oracle Banking Payments supports to store encryption key (Symmetric key) store in secure credential storage area.

To support CSF, OPSS component should be available in the application server domain.

Oracle BANKING Installer allows administrator to enable CSF component to the application. If CSF component enabled, then the application look into encryption key in CSF framework and get the value.

The default CSF option is enabled for the application.

Parent topic: Prerequisite