Security in Oracle WebLogic _ Realm, Security Provider, Authentication, Authorization, Users - Online Identity & Access Management

4/18/2015

Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users ­ Online Identity & Access Management

 (http://www.onlineappsdba.com)

Find us:

(https://www.facebook.com/k21technologies)

(https://twitter.com/k21technologies)

(https://www.linkedin.com/company/k21technologies)

+1-669-900-5138   |   +44-203-372-5553

Security In Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users Tweet (http://twitter.com/share)

0

Share

Free Newsletter

0

Get Latest Updates

Posted by "Atul Kumar (http://www.onlineappsdba.com/index.php/author/atul/)" in "security

Your email here

(http://www.onlineappsdba.com/index.php/category/security/), weblogic (http://www.onlineappsdba.com/index.php/category/weblogic/)" on 2008-11-22

Subscribe

(http://onlineappsdba.com/wp-

Make Training Enquiry

Name* content/uploads/2008/11/weblogic_sec_2.JPG)

Email ID*

Security Providers - are modules that provide security service to application to protect Weblogic resource.

Phone

Types of security providers in WebLogic Server are Authentication Provider, Authorization Provider, Auditing Providers, Credential Mapping Provider, Identity

Description

Assertion Provider, Principal Validation Provider, Adjudication Providers, Role Mapping Providers, Certificate Lookup and Validation Providers, Keystore Providers and Realm Adapter providers.   Security Provider Database – contains users, groups, security roles, security policies and credentials. This database can be embedded LDAP server, properties file or physical database.

TOP

  Embedded LDAP server- WebLogic Server uses its embedded LDAP server as security provider database to store users, groups, security roles and security policies.

SUBMIT

Security Realm- Security Realm comprises mechanism of protecting WebLogic Resource. Each Security realm consists of security providers, users, groups, security roles and security policies. User must be defined in a security realm in order to access any weblogic resource belonging to that realm. Default realm in Weblogic is

Categories

myrealm.

» 10gAS

                          You can configure multiple security realm in a domain but only one realm can be active at a time.

(Http://Www.Onlineappsdba.Com/Index.Ph » 11i

(Http://Www.Onlineappsdba.Com/Index.Ph

http://www.onlineappsdba.com/index.php/2008/11/22/security­in­oracle­weblogic­realm­security­provider­authentication­authorization­users/

1/12

4/18/2015

Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users ­ Online Identity & Access Management

You can configure security realm using WebLogic Console or WLST (WebLogic Scripting Tool) or JMX (Java

» 1z0­108

Management Extension) API.

(Http://Www.Onlineappsdba.Com/Index.Ph 108/)

.

» 1z0­233

(Http://Www.Onlineappsdba.Com/Index.Ph 233/) » 1z0312

(Http://Www.Onlineappsdba.Com/Index.Ph » AD

(Http://Www.Onlineappsdba.Com/Index.Ph » Ad4j

(Http://Www.Onlineappsdba.Com/Index.Ph » Adam

(Http://Www.Onlineappsdba.Com/Index.Ph (http://onlineappsdba.com/wp-

» Adapters

(Http://Www.Onlineappsdba.Com/Index.Ph » Adop

(Http://Www.Onlineappsdba.Com/Index.Ph » Advanced

(Http://Www.Onlineappsdba.Com/Index.Ph » Aia

(Http://Www.Onlineappsdba.Com/Index.Ph » Amberpoint

(Http://Www.Onlineappsdba.Com/Index.Ph » Apache

(Http://Www.Onlineappsdba.Com/Index.Ph

content/uploads/2008/11/weblogic_sec_4.JPG)

» Apex

(Http://Www.Onlineappsdba.Com/Index.Ph

.

» Apps

(Http://Www.Onlineappsdba.Com/Index.Ph » AppsASintegration

(Http://Www.Onlineappsdba.Com/Index.Ph » Autoconfig

(Http://Www.Onlineappsdba.Com/Index.Ph » Backup (http://onlineappsdba.com/wp-

(Http://Www.Onlineappsdba.Com/Index.Ph » Bam

(Http://Www.Onlineappsdba.Com/Index.Ph » Basics

(Http://Www.Onlineappsdba.Com/Index.Ph » BEA

(Http://Www.Onlineappsdba.Com/Index.Ph » Beginners content/uploads/2008/11/weblogic_sec_5.JPG) . 

(Http://Www.Onlineappsdba.Com/Index.Ph » Blogroll

(Http://Www.Onlineappsdba.Com/Index.Ph .

» Book Review

(Http://Www.Onlineappsdba.Com/Index.Ph Review/)

http://www.onlineappsdba.com/index.php/2008/11/22/security­in­oracle­weblogic­realm­security­provider­authentication­authorization­users/

2/12

4/18/2015

Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users ­ Online Identity & Access Management

All Security providers exists within context of realm, some security provider type are compulsory in a security

» Bpel

realm while others are optional.

(Http://Www.Onlineappsdba.Com/Index.Ph » Business Intelligence

(Http://Www.Onlineappsdba.Com/Index.Ph Intelligence/) » Calendar

(Http://Www.Onlineappsdba.Com/Index.Ph » Cdc

(Http://Www.Onlineappsdba.Com/Index.Ph (http://onlineappsdba.com/wp-

» Certification

(Http://Www.Onlineappsdba.Com/Index.Ph » Cloning

(Http://Www.Onlineappsdba.Com/Index.Ph » Coherence

(Http://Www.Onlineappsdba.Com/Index.Ph » Concurrent Manager content/uploads/2008/11/weblogic_sec_3.JPG) 

(Http://Www.Onlineappsdba.Com/Index.Ph Manager/)

. 

» Connector Server

Authentication Provider - is to prove identity of user or system.

(Http://Www.Onlineappsdba.Com/Index.Ph Server/)

Auditing Provider -  is to provide auditing services. Audit information may be written to LDAP server, Database

» Content Server

or simple file.

(Http://Www.Onlineappsdba.Com/Index.Ph Server/)

 

» Cpu

Principal – is identity assigned to user or group as result of authentication.

(Http://Www.Onlineappsdba.Com/Index.Ph » Customization

  Subject - after successful authentication, principal are signed and stored in subject for future use.

(Http://Www.Onlineappsdba.Com/Index.Ph » Database

(Http://Www.Onlineappsdba.Com/Index.Ph » Db_basics

(Http://Www.Onlineappsdba.Com/Index.Ph » Disaster Recovery

(Http://Www.Onlineappsdba.Com/Index.Ph Recovery/) » Discoverer (http://onlineappsdba.com/wp-

(Http://Www.Onlineappsdba.Com/Index.Ph » Ecm

(Http://Www.Onlineappsdba.Com/Index.Ph » EPM

(Http://Www.Onlineappsdba.Com/Index.Ph » Esb

(Http://Www.Onlineappsdba.Com/Index.Ph content/uploads/2008/11/weblogic_sec_11.JPG) .  LoginModules – is part of Authentication Provider and responsible for authenticating users within security realm and for populating subject with necessary principal (user, group)

» Eus

(Http://Www.Onlineappsdba.Com/Index.Ph » Exalogic

(Http://Www.Onlineappsdba.Com/Index.Ph » Fmw

(Http://Www.Onlineappsdba.Com/Index.Ph

.

http://www.onlineappsdba.com/index.php/2008/11/22/security­in­oracle­weblogic­realm­security­provider­authentication­authorization­users/

3/12

4/18/2015

Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users ­ Online Identity & Access Management

Authentication- is process to provide credentials (username/password, Certificate..) to provide identity of user/system. Weblogic support following type of authentication a) Username/Password- Username and password with or without SSL b) Certificate Authentication - one way or two way SSL authentication where Server authenticate itself by

» Forms

(Http://Www.Onlineappsdba.Com/Index.Ph » Fusion

(Http://Www.Onlineappsdba.Com/Index.Ph » Grc

showing SSL certificate and server can ask client for certificate.

(Http://Www.Onlineappsdba.Com/Index.Ph

c) Digest Authentication- using nonce, timestamp, username and digest 

» GRCM

d) Perimeter Authentication – process of authenticating identity of remote user outside of application server

(Http://Www.Onlineappsdba.Com/Index.Ph

domain.

» HA

(Http://Www.Onlineappsdba.Com/Index.Ph Authorization - is process which determines which user has access on which WebLogic Resources. WebLogic Resource- is an Object (which represents WebLogic entity) which can be protected. for ex. ear, ejb, network etc.

» Haley

(Http://Www.Onlineappsdba.Com/Index.Ph » How To ?

Security Policy – is kind of ACL(Access Control List) which determines who (user, group, role) has access to

(Http://Www.Onlineappsdba.Com/Index.Ph To/)

which weblogic resource. WebLogic resource is not protected till you assign security policy to it.

» Hyperion

(Http://Www.Onlineappsdba.Com/Index.Ph Weblogic Server provides SSO with following environments

» Identity_manager

- Web Browser and HTTP Client (via SAML)

(Http://Www.Onlineappsdba.Com/Index.Ph

- Desktop client

» Idm

More on Single Sign-On with Oracle WebLogic Server coming soon ..

(Http://Www.Onlineappsdba.Com/Index.Ph

Previous in series (http://www.onlineappsdba.com/index.php/2008/11/06/weblogic-server-jdbc-fordatabase-connection-step-by-step/) Next in series

» Im

(Http://Www.Onlineappsdba.Com/Index.Ph » Installation

(http://www.onlineappsdba.com/index.php/2009/02/01/deploy-adf-application-to-oracle-weblogic-

(Http://Www.Onlineappsdba.Com/Index.Ph

server/)

» Integration

(Http://Www.Onlineappsdba.Com/Index.Ph Related Posts for Learn WebLogic with Us

» InterviewQs

(Http://Www.Onlineappsdba.Com/Index.Ph

Oracle WebLogic Installation Steps (http://www.onlineappsdba.com/index.php/2008/07/22/oracle-weblogic-installation-steps/) Domain , Administration & Managed Server, Cluster in Oracle WebLogic

» Jboss

(Http://Www.Onlineappsdba.Com/Index.Ph » Jdbc

(Http://Www.Onlineappsdba.Com/Index.Ph

(http://www.onlineappsdba.com/index.php/2008/07/24/domain-administration-managed-

» Jdeveloper

server-cluster-in-oracle-weblogic/)

(Http://Www.Onlineappsdba.Com/Index.Ph

Create Domain in Oracle WebLogic

» Jdk

(http://www.onlineappsdba.com/index.php/2008/07/28/create-domain-in-oracle-weblogic/)

(Http://Www.Onlineappsdba.Com/Index.Ph

Oracle WebLogic Server – Startup/Shutdown

» Jobs

(http://www.onlineappsdba.com/index.php/2008/08/03/oracle-weblogic-server-

(Http://Www.Onlineappsdba.Com/Index.Ph

startupshutdown/)

» Jrockit

Oracle WebLogic Server 10g R3 10.3 is out now

(Http://Www.Onlineappsdba.Com/Index.Ph

(http://www.onlineappsdba.com/index.php/2008/08/07/oracle-weblogic-server-10g-r3-103released/) Deploy Application on Oracle WebLogic Server (http://www.onlineappsdba.com/index.php/2008/08/12/deploy-application-on-oracle-weblogicserver/)

» LAF

(Http://Www.Onlineappsdba.Com/Index.Ph » Mail

(Http://Www.Onlineappsdba.Com/Index.Ph » News

(Http://Www.Onlineappsdba.Com/Index.Ph

Cluster Architecture : Oracle WebLogic Server

» Oaacg

(http://www.onlineappsdba.com/index.php/2008/08/14/cluster-architecture-oracle-weblogic-

(Http://Www.Onlineappsdba.Com/Index.Ph

http://www.onlineappsdba.com/index.php/2008/11/22/security­in­oracle­weblogic­realm­security­provider­authentication­authorization­users/

4/12

4/18/2015

Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users ­ Online Identity & Access Management

server/)

» Oaam

Start WebLogic Server on Linux on port 80, 443