Table of Contents
- Title and Copyright Information
- Preface
-
Part I Overview of WebLogic Server Security Administration
- 1 Security Management Concepts
- 2 WebLogic Server Security Standards
-
3
Configuring Security for a WebLogic Domain
- Performing a Secure Installation of WebLogic Server
- Creating a WebLogic Domain for Production Use
- Securing the Domain After You Have Created It
- Obtaining Private Keys, Digital Certificates, and Trusted Certificate Authority Certificates
- Storing Private Keys, Digital Certificates, and Trusted Certificate Authority Certificates
- Protecting User Accounts
- Using Connection Filters
- Using JEP 290 in Oracle WebLogic Server
- JTA TransactionLoggable Allowlist
- 4 Customizing the Default Security Configuration
-
Part II Configuring Security Providers
- 5 About Configuring WebLogic Security Providers
- 6 Configuring Authorization and Role Mapping Providers
- 7 Configuring the WebLogic Auditing Provider
- 8 Configuring Credential Mapping Providers
- 9 Configuring the Certificate Lookup and Validation Framework
-
Part III Configuring Authentication Providers
- 10 About Configuring the Authentication Providers in WebLogic Server
- 11 Configuring the WebLogic Authentication Provider
-
12
Configuring LDAP Authentication Providers
- LDAP Authentication Providers Included in WebLogic Server
- Requirements for Using an LDAP Authentication Provider
- Configuring an LDAP Authentication Provider: Main Steps
- Accessing Other LDAP Servers
- Enabling an LDAP Authentication Provider for SSL
- Dynamic Groups and WebLogic Server
- Use of GUID and LDAP DN Data in WebLogic Principals
- Configuring Users and Groups in the Oracle Internet Directory Authentication Provider
- Example of Configuring the Oracle Internet Directory Authentication Provider
- Configuring Failover for LDAP Authentication Providers
- Configuring an Authentication Provider for Oracle Unified Directory
- Following Referrals in the Active Directory Authentication Provider
-
Improving the Performance of LDAP Authentication Providers
- Optimizing the Group Membership Caches
- Optimizing the Connection Pool Size and User Cache
- Optimizing the Principal Validator Cache
- Configuring the Active Directory Authentication Provider to Improve Performance
- Analyzing the Generic LDAP Authenticator Cache Statistics
- Testing the LDAP Connection During Configuration
- 13 Configuring RDBMS Authentication Providers
- 14 Configuring the SAML Authentication Provider
-
15
Configuring the Password Validation Provider
- About the Password Validation Provider
- Password Composition Rules for the Password Validation Provider
- Using the Password Validation Provider with the WebLogic Authentication Provider
- Using the Password Validation Provider with an LDAP Authentication Provider
- Using WLST to Create and Configure the Password Validation Provider
-
16
Configuring Identity Assertion Providers
- About the Identity Assertion Providers
- How an LDAP X509 Identity Assertion Provider Works
- Configuring an LDAP X509 Identity Assertion Provider: Main Steps
- Configuring a Negotiate Identity Assertion Provider
- Configuring a SAML Identity Assertion Provider for SAML 1.1
- Configuring a SAML 2.0 Identity Assertion Provider for SAML 2.0
- Ordering of Identity Assertion for Servlets
- Configuring Identity Assertion Performance in the Server Cache
-
Authenticating a User Not Defined in the Identity Store
- How Virtual User Authentication Works in a WebLogic Domain
- Configuring Two-Way SSL and Managing Certificates Securely
- Customizing the WebLogic Identity Assertion Provider (DefaultIdentityAsserter)
- Configuring the Virtual User Authentication Provider
- Using WLST to Configure Virtual User Authentication
- Configuring a User Name Mapper
- Configuring a Custom User Name Mapper
- 17 Configuring the Virtual User Authentication Provider
-
18
Configuring the Oracle Identity Cloud Integrator Provider
- About the Oracle Identity Cloud Integrator Provider
- Prerequisites for Configuring the Oracle Identity Cloud Integrator Provider
- Configuring the Oracle Identity Cloud Integrator Provider: Main Steps and Examples
- Configuring TLS/SSL for the Oracle Identity Cloud Integrator Provider
- Using the Oracle Identity Cloud Integrator Provider in FIPS Mode
- Authorization and Remote User HTTP Header Support
- Handling Authentication Failures
- 19 Configuring the WebLogic OpenID Connect Provider
-
Part IV Configuring Single Sign-On
-
20
Configuring Single Sign-On with Microsoft Clients
- Overview of Single Sign-On with Microsoft Clients
- System Requirements for SSO with Microsoft Clients
- Single Sign-On with Microsoft Clients: Main Steps
- Configuring Your Network Domain to Use Kerberos
- Creating a Kerberos Identification for WebLogic Server
- Configuring Microsoft Clients to Use Windows Integrated Authentication
- Creating a JAAS Login File
- Configuring the Identity Assertion Provider
- Using Startup Arguments for Kerberos Authentication with WebLogic Server
- Verifying Configuration of SSO with Microsoft Clients
- 21 Configuring Single Sign-On with Web Browsers and HTTP Clients Using SAML
-
22
Configuring SAML 1.1 Services
- Enabling Single Sign-on with SAML 1.1: Main Steps
- Configuring a SAML 1.1 Source Site for Single Sign-On
-
Configuring a SAML 1.1 Destination Site for Single Sign-On
- Configure SAML Identity Assertion Provider
-
Configure Destination Site Federation Services
- Enable the SAML Destination Site
- Set Assertion Consumer URIs
- Specify Allowed Target Hosts
- Configure SSL for the Assertion Consumer Service
- Add SSL Client Identity Certificate
- Configure Single-Use Policy and the Used Assertion Cache or Custom Assertion Cache
- Configure Recipient Check for POST Profile
- Configuring Asserting Parties
- Configuring Relying and Asserting Parties with WLST
-
23
Configuring SAML 2.0 Services
- Configuring SAML 2.0 Services: Main Steps
- Configuring SAML 2.0 General Services
- Configuring an Identity Provider Site for SAML 2.0 Single Sign-On
- Configuring a Service Provider Site for SAML 2.0 Single Sign-On
- Configuring SAML Encryption Using WLST
- Viewing Partner Site, Certificate, and Service Endpoint Information
- Web Application Deployment Considerations for SAML 2.0
- 24 Enabling Debugging for SAML 1.1 and 2.0
-
20
Configuring Single Sign-On with Microsoft Clients
-
Part V Managing Security Information
- 25 Migrating Security Data
- 26 Managing the RDBMS Security Store
- 27 Managing the Embedded LDAP Server
-
Part VI Configuring SSL
- 28 Overview of Configuring SSL in WebLogic Server
-
29
Configuring Keystores
- About Configuring Keystores in WebLogic Server
- Creating a Keystore
- Using Keystores and Certificates in a Development Environment
- Obtaining and Storing Certificates for Production Environments
- Configuring Keystores with WebLogic Server
- Viewing Keystore Contents
- Setting Certificate Expiry Notifications
- Replacing Expiring Certificates
- Creating a Keystore: An Example
- Supported Formats for Identity and Trust Certificates
- Obtaining a Digital Certificate for a Web Browser
- 30 Configuring Oracle OPSS Keystore Service
- 31 Using Host Name Verification
- 32 Specifying a Client Certificate for an Outbound Two-Way SSL Connection
- 33 SSL Debugging
- 34 SSL Certificate Validation
- 35 Using JCE Providers with WebLogic Server
- 36 Enabling FIPS Mode
- 37 Specifying the SSL/TLS Protocol Version
-
38
Using the JSSE-Based SSL Implementation
- System Property Differences Between the JSSE-Based and Certicom SSL Implementations
- Cipher Suites
- Using Debugging with JSSE SSL
-
39
X.509 Certificate Revocation Checking
- Certificate Revocation Checking Overview
- Enabling the Default CR Checking Configuration
- Choosing the CR Checking Methods to Be Used by WebLogic Server
- Failing SSL Certificate Path Validation if Revocation Status Cannot Be Determined
- Using the Online Certificate Status Protocol
- Using Certificate Revocation Lists
- Configuring Certificate Authority Overrides
- 40 Configuring an Identity Keystore Specific to a Network Channel
- 41 Configuring RMI over IIOP with SSL
- 42 Using a Certificate Callback Handler to Validate End User Certificates
-
Part VII Advanced Security Topics
- 43 Configuring Cross-Domain Security
- 44 Configuring JASPIC Security
- 45 Using the Java EE Security API in WebLogic Server
-
46
Using Secured Production Mode
- When is Secured Production Mode Enabled?
- Changing the Domain Mode
- Connecting to the Administration Server using WebLogic Remote Console
- Starting Managed Servers using WebLogic Remote Console
- Connecting to the Administration Server using WLST
- Starting Managed Servers using a Start Script
- Stopping Servers
- Secured Production Mode in Development Environments
- Using Secured Production Mode without SSL/TLS
- Part VIII Appendixes
- A Keytool Command Summary
- B Interoperating With Keystores From Prior Versions