SlideShare a Scribd company logo

Understanding Security for Oracle WebLogic Server

Download as PPTX, PDF
Hojjat Abedie
Hojjat Abedie

A quick review for Types of Security Providers; you can find more in this address: http://docs.oracle.com/cd/E21764_01/web.1111/e13710/realm_chap.htm#SCOVR200

1 of 14
Understanding Security for Oracle WebLogic Server TYPES OF SECURITY PROVIDERS HTTP://DOCS.ORACLE.COM/CD/E21764_01/WEB.1111/E13710/REALM_CHAP.HTM#SCOVR200
Types of Security Providers  Authentication Providers  Identity Assertion Providers  Principal Validation Providers  Authorization Providers  Adjudication Providers  Role Mapping Providers  Auditing Providers  Credential Mapping Providers  Certificate Lookup and Validation Providers  Keystore Providers  Realm Adapter Providers
Authentication Providers Authentication providers allow WebLogic Server to establish trust by validating a user. The WebLogic Server security architecture supports Authentication providers that perform: username/password authentication, certificate and digest authentication directly with WebLogic Server, and HTTP certificate authentication proxied through an external Web server. Note: An Identity Assertion provider is a special type of Authentication provider that handles perimeter-based authentication and multiple security token types/protocols.
Identity Assertion Providers Identity assertion involves establishing a client's identity using client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username. Once this mapping is complete, an Authentication provider's LoginModule can be used to convert the username to principals. Identity Assertion providers allow WebLogic Server to establish trust by validating a user.
Principal Validation Providers A Principal Validation provider is a special type of security provider that primarily acts as a "helper" to an Authentication provider. Because some LoginModules can be remotely executed on behalf of RMI clients, and because the client application code can retain the authenticated subject between programmatic server invocations, Authentication providers rely on Principal Validation providers to provide additional security protections for the principals contained within the subject.
Authorization Providers Authorization providers control access to WebLogic resources based on the security role a user or group is granted, and the security policy assigned to the requested WebLogic resource.
Adjudication Providers As part of an Authorization provider, an Access Decision determines whether a subject has permission to access a given WebLogic resource. Therefore, if multiple Authorization providers are configured, each may return a different answer to the "is access allowed?" question. These answers may be PERMIT, DENY, or ABSTAIN. Determining what to do if multiple Authorization providers' Access Decisions do not agree on an answer is the function of an Adjudication provider. The Adjudication provider resolves authorization conflicts by weighing each Access Decision's answer and returning a final result.
Role Mapping Providers A Role Mapping provider supports dynamic role associations by obtaining a computed set of security roles granted to a requestor for a given WebLogic resource. The WebLogic Security Framework determines which security roles (if any) apply to a particular subject at the moment that access is required for a given WebLogic resource by:  Obtaining security roles from the J2EE and WebLogic deployment descriptor files.  Using business logic and the current operation parameters to determine security roles.
Auditing Providers An Auditing provider collects, stores, and distributes information about operating requests and the outcome of those requests for the purposes of non-repudiation. An Auditing provider makes the decision about whether to audit a particular event based on specific audit criteria, including audit severity levels. Auditing providers can write the audit information to output repositories such as an LDAP directory, database, or simple file. Specific actions, such as paging security personnel, can also be configured as part of an Auditing provider.
Credential Mapping Providers A credential map is a mapping of credentials used by WebLogic Server to credentials used in a legacy or remote system, which tell WebLogic Server how to connect to a given resource in that system. In other words, credential maps allow WebLogic Server to log into a remote system on behalf of a subject that has already been authenticated.
Certificate Lookup and Validation Providers The Certificate Lookup and Validation providers complete certificate paths and validate X509 certificate chains. There are two types of CLV providers:  CertPath Builder - Receives a certificate, a certificate chain, or certificate reference (the end certificate in a chain or the Subject DN of a certificate) from a web service or application code. The provider looks up and validates the certificates in the chain.  CertPath Validator - Receives a certificate chain from the SSL protocol, a web service, or application code and performs extra validation (for example, revocation checking).
Keystore Providers With WebLogic Server, a keystore creates and manages password-protected stores of private keys (and their associated public key certificates) and trusted certificate authorities.
Realm Adapter Providers Realm Adapter providers provide backward-compatibility with 6.x WebLogic security realms by allowing the use of existing, 6.x security realms with the security features in this release of WebLogic Server. The Realm Adapter providers map the realm API (weblogic.security.acl) used in WebLogic Server 6.x to the APIs used in this release of WebLogic Server.
Security Provider Summary Type Multiple Providers Supported? Authentication provider Yes Identity Assertion provider Yes Principal Validation provider Yes Authorization provider Yes Adjudication provider No Role Mapping provider Yes Auditing provider Yes Credential Mapping provider Yes Certificate Lookup and Validation provider One CertPath Builder, Multiple CertPath Validators Keystore provider Yes Realm Adapter provider Yes for all types of Realm Adapter providers supported except the Adjudication provider

Recommended

Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Information Security Awareness Group
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
Session 10 Tp 10
Session 10 Tp 10Session 10 Tp 10
Session 10 Tp 10githe26200
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 

Recommended

Claims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuideClaims Based Authentication A Beginners Guide
Claims Based Authentication A Beginners GuidePhuong Nguyen
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
Mohammad Yousri
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Information Security Awareness Group
 
CIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID ConnectCIS14: Working with OAuth and OpenID Connect
CIS14: Working with OAuth and OpenID Connect
CloudIDSummit
 
Session 10 Tp 10
Session 10 Tp 10Session 10 Tp 10
Session 10 Tp 10githe26200
 
End-to-End Identity Management
End-to-End Identity ManagementEnd-to-End Identity Management
End-to-End Identity Management
WSO2
 
AD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep DiveAD FS Workshop | Part 2 | Deep Dive
AD FS Workshop | Part 2 | Deep Dive
Granikos GmbH & Co. KG
 
Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio2
 
Certification Authority - Sergio Lietti
Certification Authority - Sergio LiettiCertification Authority - Sergio Lietti
Certification Authority - Sergio LiettiNúcleo de Computação Científica
 
Gravitee.io
Gravitee.ioGravitee.io
Gravitee.io
Knoldus Inc.
 
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
marcuschristie
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
ijtsrd
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
Gasperi Jerome
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
Edin Kapic
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Nilanjan Roy
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLink
JBUG London
 
iPlanet presentation
iPlanet presentationiPlanet presentation
iPlanet presentation
rogerkellerman
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
Aditya Bhuyan
 

More Related Content

What's hot

Gravitee.io
Gravitee.ioGravitee.io
Gravitee.io
Knoldus Inc.
 
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
marcuschristie
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
BIWUG
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
ijtsrd
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
Gasperi Jerome
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
scotttomilson
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
Edin Kapic
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Nilanjan Roy
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLink
JBUG London
 
iPlanet presentation
iPlanet presentationiPlanet presentation
iPlanet presentation
rogerkellerman
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
 

What's hot (20)

Certification Authority - Sergio Lietti
Certification Authority - Sergio LiettiCertification Authority - Sergio Lietti
Certification Authority - Sergio Lietti
 
Gravitee.io
Gravitee.ioGravitee.io
Gravitee.io
 
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
 
Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app model
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based Authentication
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
Presentation
PresentationPresentation
Presentation
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID ConnectSecuring your APIs with OAuth, OpenID, and OpenID Connect
Securing your APIs with OAuth, OpenID, and OpenID Connect
 
SPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises DevelopmentSPS Belgium 2015 - High-trust Apps for On-Premises Development
SPS Belgium 2015 - High-trust Apps for On-Premises Development
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
 
Introduction to PicketLink
Introduction to PicketLinkIntroduction to PicketLink
Introduction to PicketLink
 
iPlanet presentation
iPlanet presentationiPlanet presentation
iPlanet presentation
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
 

Similar to Understanding Security for Oracle WebLogic Server

OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
Good Dog Labs, Inc.
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
Aditya Bhuyan
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
Aditya Bhuyan
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1
Vibrant Technologies & Computers
 
Certification authority
Certification authorityCertification authority
Certification authority
proser tech
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
Matt McLarty
 
SecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecuritySecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of Security
Dinis Cruz
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
Nino Ho
 
Web services security_in_wse_3_ppt
Web services security_in_wse_3_pptWeb services security_in_wse_3_ppt
Web services security_in_wse_3_ppt
Harshavardhan Achrekar
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Ssl Https Server
Ssl Https ServerSsl Https Server
Ssl Https Server
Ram Srivastava
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected Apps
Salesforce Developers
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and Performance
Amin Saqi
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
Stefan Weber
 

Similar to Understanding Security for Oracle WebLogic Server (20)

OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1Websphere - Introduction to SSL part 1
Websphere - Introduction to SSL part 1
 
Certification authority
Certification authorityCertification authority
Certification authority
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
SecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of SecuritySecDevOps - The Operationalisation of Security
SecDevOps - The Operationalisation of Security
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
 
Web services security_in_wse_3_ppt
Web services security_in_wse_3_pptWeb services security_in_wse_3_ppt
Web services security_in_wse_3_ppt
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Ssl Https Server
Ssl Https ServerSsl Https Server
Ssl Https Server
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected Apps
 
A Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and PerformanceA Survey on SSO Authentication protocols: Security and Performance
A Survey on SSO Authentication protocols: Security and Performance
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
O auth 2
O auth 2O auth 2
O auth 2
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 

Recently uploaded

Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 

Recently uploaded (20)

Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 

Understanding Security for Oracle WebLogic Server

  • 1. Understanding Security for Oracle WebLogic Server TYPES OF SECURITY PROVIDERS HTTP://DOCS.ORACLE.COM/CD/E21764_01/WEB.1111/E13710/REALM_CHAP.HTM#SCOVR200
  • 2. Types of Security Providers  Authentication Providers  Identity Assertion Providers  Principal Validation Providers  Authorization Providers  Adjudication Providers  Role Mapping Providers  Auditing Providers  Credential Mapping Providers  Certificate Lookup and Validation Providers  Keystore Providers  Realm Adapter Providers
  • 3. Authentication Providers Authentication providers allow WebLogic Server to establish trust by validating a user. The WebLogic Server security architecture supports Authentication providers that perform: username/password authentication, certificate and digest authentication directly with WebLogic Server, and HTTP certificate authentication proxied through an external Web server. Note: An Identity Assertion provider is a special type of Authentication provider that handles perimeter-based authentication and multiple security token types/protocols.
  • 4. Identity Assertion Providers Identity assertion involves establishing a client's identity using client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username. Once this mapping is complete, an Authentication provider's LoginModule can be used to convert the username to principals. Identity Assertion providers allow WebLogic Server to establish trust by validating a user.
  • 5. Principal Validation Providers A Principal Validation provider is a special type of security provider that primarily acts as a "helper" to an Authentication provider. Because some LoginModules can be remotely executed on behalf of RMI clients, and because the client application code can retain the authenticated subject between programmatic server invocations, Authentication providers rely on Principal Validation providers to provide additional security protections for the principals contained within the subject.
  • 6. Authorization Providers Authorization providers control access to WebLogic resources based on the security role a user or group is granted, and the security policy assigned to the requested WebLogic resource.
  • 7. Adjudication Providers As part of an Authorization provider, an Access Decision determines whether a subject has permission to access a given WebLogic resource. Therefore, if multiple Authorization providers are configured, each may return a different answer to the "is access allowed?" question. These answers may be PERMIT, DENY, or ABSTAIN. Determining what to do if multiple Authorization providers' Access Decisions do not agree on an answer is the function of an Adjudication provider. The Adjudication provider resolves authorization conflicts by weighing each Access Decision's answer and returning a final result.
  • 8. Role Mapping Providers A Role Mapping provider supports dynamic role associations by obtaining a computed set of security roles granted to a requestor for a given WebLogic resource. The WebLogic Security Framework determines which security roles (if any) apply to a particular subject at the moment that access is required for a given WebLogic resource by:  Obtaining security roles from the J2EE and WebLogic deployment descriptor files.  Using business logic and the current operation parameters to determine security roles.
  • 9. Auditing Providers An Auditing provider collects, stores, and distributes information about operating requests and the outcome of those requests for the purposes of non-repudiation. An Auditing provider makes the decision about whether to audit a particular event based on specific audit criteria, including audit severity levels. Auditing providers can write the audit information to output repositories such as an LDAP directory, database, or simple file. Specific actions, such as paging security personnel, can also be configured as part of an Auditing provider.
  • 10. Credential Mapping Providers A credential map is a mapping of credentials used by WebLogic Server to credentials used in a legacy or remote system, which tell WebLogic Server how to connect to a given resource in that system. In other words, credential maps allow WebLogic Server to log into a remote system on behalf of a subject that has already been authenticated.
  • 11. Certificate Lookup and Validation Providers The Certificate Lookup and Validation providers complete certificate paths and validate X509 certificate chains. There are two types of CLV providers:  CertPath Builder - Receives a certificate, a certificate chain, or certificate reference (the end certificate in a chain or the Subject DN of a certificate) from a web service or application code. The provider looks up and validates the certificates in the chain.  CertPath Validator - Receives a certificate chain from the SSL protocol, a web service, or application code and performs extra validation (for example, revocation checking).
  • 12. Keystore Providers With WebLogic Server, a keystore creates and manages password-protected stores of private keys (and their associated public key certificates) and trusted certificate authorities.
  • 13. Realm Adapter Providers Realm Adapter providers provide backward-compatibility with 6.x WebLogic security realms by allowing the use of existing, 6.x security realms with the security features in this release of WebLogic Server. The Realm Adapter providers map the realm API (weblogic.security.acl) used in WebLogic Server 6.x to the APIs used in this release of WebLogic Server.
  • 14. Security Provider Summary Type Multiple Providers Supported? Authentication provider Yes Identity Assertion provider Yes Principal Validation provider Yes Authorization provider Yes Adjudication provider No Role Mapping provider Yes Auditing provider Yes Credential Mapping provider Yes Certificate Lookup and Validation provider One CertPath Builder, Multiple CertPath Validators Keystore provider Yes Realm Adapter provider Yes for all types of Realm Adapter providers supported except the Adjudication provider