Please refer the Oracle Weblogic Security specification document for making the environment more safe and secured.

Apart from the Oracle Weblogic Security specification, Oracle Banking Trade Finance Application recommends to implement the below security specifications.

Support for Single Sign on (SSO)

Oracle Banking Trade Finance supports Single sign-on capability with SAML (Security Assertion Markup Language) authentication. Ensure that the LDAP used for Oracle Banking Trade Finance Single Sign-on deployment with SAML (if SAML validation opted) is certified to work with Oracle Access Manager.

Oracle Access Manager consists of the Access System and the Identity System. The Access System secures applications by providing centralized authentication, authorization and auditing to enable single sign-on and secure access control across enterprise resources. The Identity System manages information about individuals, groups and organizations. It enables delegated administration of users, as well as self-registration interfaces with approval workflows. These systems integrate seamlessly.

For details on configuration, refer to the document FCUBS_V.UM_OAM_Integration_Enabling_SSO.zip.

Support for LDAP (External Password Authentication)

Oracle Banking Trade Finance also supports authentication through LDAP/MSAD without the use of SSO.

Depending on the value of the property EXT_USERLOGIN in fcubs.properties file the length of userid field in login screen will change. If the value is “Y” then user will be able to input up to 30 characters in userid field. Otherwise userid field will allow only 12 characters.

Depending on the value PASSWORD_EXTERNAL in fcubs.properties file, the password will be validated with LDAP/MSAD or Oracle Banking Trade Finance Application.

For details on configuration of LDAP, refer to Oracle Banking Trade Finance Installation Guide document (Sec 1.4).

Support for SSL (Secure Transformation of Data)

The Oracle Banking Trade Finance Installer allows a deployer to configure Oracle Banking Trade Finance such that all HTTP connections to the Oracle Banking Trade Finance application are over SSL/TLS. In other words, all HTTP traffic in the clear will be prohibited; only HTTPS traffic will be allowed. It is highly recommended to enable this option is a production environment, especially when WebLogic Server acts as the SSL terminator.

For details on configuration of SSL, refer to Oracle Banking Trade Finance Installation Guide document (Sec 1.4.1 for Weblogic)

Support for SMTPS (Mail communication)

Also mail session configuration required in Application server. Sample details for creating a mail session are listed below:

Name: FCUBSMailSession

JNDI Name: mail/FCUBSMail (The same need to be maintained in property file creation.)

Java Mail Properties for SMTPS protocol:

mail.host=<HOST_MAIL_SERVER>

mail.smtps.port=<SMTPS_SERVER_PORT>

mail.transport.protocol=smtps

mail.smtps.auth=true

mail.smtps.host==<HOST_SMTPS_MAIL_SERVER>

For details on configuration of Mail Session process, refer to the document < Resource_Creation_WL.doc for weblogic or Resource_Creation_WAS.doc for websphere >.

Support for Securely store the credentials in CSF

Oracle Banking Trade Finance supports to store encryption key (Symmetric key) store in secure credential storage area.

To support CSF, OPSS component should be available in the application server domain.

Oracle Oracle Banking Trade Finance INSTALLER allows administrator to enable CSF component to the application. If CSF component enabled, then the application look into CSF to get the required properties values.

The default CSF option is enabled for the application.