Understanding WebLogic Security
Introduction and Roadmap
Document Scope
Document Audience
Guide to this Document
Related Information
Security Samples and Tutorials
Security Examples in the WebLogic Server Distribution
Overview of the WebLogic Security Service
Introduction to the WebLogic Security Service
Features of the WebLogic Security Service
Balancing Ease of Use and Customizability
New and Changed Features in This Release
Security Fundamentals
Auditing
Authentication
Subjects and Principals
Java Authentication and Authorization Service (JAAS)
CallbackHandlers
Mutual Authentication
Identity Assertion Providers and LoginModules
Identity Assertion and Tokens
Challenge Identity Assertion
Servlet Authentication Filters
Types of Authentication
Username/Password Authentication
How is Perimeter Authentication Accomplished?
How Does WebLogic Server Support Perimeter Authentication?
Security Assertion Markup Language (SAML)
SAML Framework Concepts
SAML Components Provided in WebLogic Server
Web Services support for SAML Token Profile 1.1
Single Sign-On (SSO)
Web Browsers and HTTP Clients via SAML
Desktop Clients
Authorization
WebLogic Resources
Security Policies
ContextHandlers
Access Decisions
Adjudication
Identity and Trust
Private Keys
Digital Certificates
Certificate Authorities
Certificate Lookup and Validation
Secure Sockets Layer (SSL)
SSL Features
SSL Tunneling
One-way/Two-way SSL Authentication
Host Name Verification
Trust Managers
Asymmetric Key Algorithms
Symmetric Key Algorithms
Message Digest Algorithms
Cipher Suites
Firewalls
Connection Filters
Perimeter Authentication
J2EE and WebLogic Security
J2SE 5.0 Security Packages
The Java Secure Socket Extension (JSSE)
Java Authentication and Authorization Services (JAAS)
Java Cryptography Architecture and Java Cryptography Extensions (JCE)
Java Authorization Contract for Containers (JACC)
Common Secure Interoperability Version 2 (CSIv2)
Security Realms
Introduction to Security Realms
Users
Groups
Security Roles
Security Policies
security providers
Security Provider Databases
What Is a Security Provider Database?
Security Realms and Security Provider Databases
Types of security providers
Principal Validation Providers
Certificate Lookup and Validation Providers
security providers and Security Realms
WebLogic Security Service Architecture
WebLogic Security Framework
The Authentication Process
The Identity Assertion Process
The Principal Validation Process
The Authorization Process
The Adjudication Process
The Role Mapping Process
The Auditing Process
The credential mapping Process
The Certificate Lookup and Validation Process
Single Sign-On with the WebLogic Security Framework
Single Sign-On with SAML 1.1
WebLogic Server Acting a SAML 1.1 Source Site
Weblogic Server Acting as SAML 1.1 Destination Site
Single Sign-On and SAML 2.0
service provider Initiated Single Sign-On
identity provider Initiated Single Sign-On
Desktop SSO Process
SAML Token Profile Support in WebLogic Web Services
Sender-Vouches Assertions
Holder-of-Key Assertion
The Security service provider Interfaces (SSPIs)
Weblogic security providers
WebLogic Authentication Provider
Alternative Authentication Providers
Password Validation Provider
WebLogic Identity Assertion Provider
SAML Identity Assertion Provider for SAML 1.1
SAML 2.0 Identity Assertion Provider
Negotiate Identity Assertion Provider
WebLogic Principal Validation Provider
WebLogic Authorization Provider
WebLogic Adjudication Provider
WebLogic Role Mapping Provider
WebLogic Auditing Provider
WebLogic credential mapping Provider
SAML credential mapping Provider for SAML 1.1
SAML 2.0 credential mapping Provider f
PKI credential mapping Provider
WebLogic CertPath Provider
Certificate Registry
Versionable Application Provider
WebLogic Keystore Provider
WebLogic Realm Adapter Providers
Terminology
|