I discussed about WebLogic Domain earlier, In this post I am going to discuss on configuring trust between two WebLogic Domains i.e. Cross Domain Security or Global Trust so that identity can be propagated across WebLogic Domains.

 

If there are two WebLogic Domains with same user (principal) like user1 then these two users (principal) are differnet and can’t be used in another domain, unless there is trust configured between these two WebLogic Domain. If you want to propagate identity across WebLogic Domains (from one WebLogic domain to another) then you must configure trust between these two Weblogic Domains.

There are two types of trust between two or more WebLogic Domains (Note : Prior to WebLogic 9.2 there was only one way i.e. Global Trust)

A. Global Trust – This is the only supported option for RMI and EJB
B. Cross Domain Security – Use this for JMS, JTA, MDB or WAN replication sub system (don’t use this option for RMI/EJB)

 

Global Trust VS Cross Domain Security

1. Global Trust is transitive and symmetric i.e. If there is global trust between WebLogic Domain A & B, and there is Global Trust between webLogic Domain B & C then there will be trust between Domain A & C. In cross domain security, if there is trust between A & B and B & C then there will not trust configured between A & C automatically.

2. The domain name involved in Cross Domain Security must be unique

3. Global Trust can be used for all type of sub systems like RMI, EJB, JMS, JTA, MDB, and WAN where as Cross Domain Security can’t be used for RMI or EJBs (you can use cross domain security  or global trust for JMS, JTA, MDB or WAN)

4. Global Trust between WebLogic domains has the potential to open the servers up to man-in-the-middle attacks. You must use firewalls or dedicated network channels to restrict access in WebLogic Domains (with Global Trust configured)

 

To configure Global Trust
Global Trust across WebLogic Domains : This is old style of configuring trust between two WebLogic Domains where you simply change the credential (domain credential) in two WebLogic Domains to be Same (<Domain Name> : Security -> General -> Advanced : Credential).

 

1. Change the credential of Domain to a known value in Domain A
2. Change the credential of Domain to same value (as used in domain A) in Domain B

 

 

 

For full steps to configure trust between two domains using Global Trust click here

.

To configure Cross Domain Security : In this type of trust between two WebLogic Domains
1. Enable cross domain security checkbox next to “Cross Domain Security Enabled” in <WebLogic Domain> : Security -> General for both Domain A and Domain B

2. You create user in WebLogic Domain A (and assign it to group CrossDomainConnectors) using Security Realm -> myrealm -> Users and Groups -> New

3. In Domain B, create Credential Mapping with “Use Cross-domain protocol” option (Security Realm -> myrealm -> Credential Mapping -> New)

 

4. repeat step 2 in Domain B and Step 3 in Domain B

Follow the full steps to configure cross domain security across two servers here

 

Related/References

 

 

Related Posts for Learn WebLogic with Us


  1. Oracle WebLogic Installation Steps
  2. Domain , Administration & Managed Server, Cluster in Oracle WebLogic
  3. Create Domain in Oracle WebLogic
  4. Oracle WebLogic Server – Startup/Shutdown
  5. Oracle WebLogic Server 10g R3 10.3 is out now
  6. Deploy Application on Oracle WebLogic Server
  7. Cluster Architecture : Oracle WebLogic Server
  8. Start WebLogic Server on Linux on port 80, 443 <= 1024
  9. JDBC (Java DataBase Connectivity ) in Oracle WebLogic – Overview
  10. WebLogic Server JDBC for Database connection : Step by Step
  11. Security in Oracle WebLogic : Realm, Security Provider, Authentication, Authorization, Users
  12. Deploy ADF application to Oracle WebLogic Server
  13. Node Manager in Oracle WebLogic Server
  14. Configure Oracle HTTP Server infront of Oracle WebLogic Server mod_wl_ohs
  15. How to install weblogic server on 64 bit O.S. (Linux /Solaris) ?
  16. Oracle WebLogic Login Issue : Password is not correct (Password Lock Policy)
  17. Oracle WebLogic Server : Node Manager in nutshell
  18. Certification : 1Z0-108 Oracle WebLogic Server 10g System Administrator Certified Expert
  19. How to integrate WebLogic with Oracle Internet Directory for Login : Authentication
  20. opatch, adpatch and now “smart update” (BSU) to apply weblogic patches
  21. Disater Recovery documentation for Oracle WebLogic Server 11g (Fusion Middleware)
  22. Authentication Providers in #WebLogic – Oracle Access Manager Identity Assertion for Single Sign-On and OAM Authenticator
  23. Error while starting WebLogic Server : java.lang.NumberFormatException: null
  24. #WebLogic startup prompting from username password : boot.properties
  25. BEA-000286 : Failed to invoke startup class “JRF Startup Class” oracle.jrf.wls.JRFStartup
  26. WebLogic Kerberos (SSO) Authentication Issue : Error 401 Forbidden : No Configuration was registered that can handle the configuration named com. sun. security. jgss. krb5. accept
  27. How to reset Lost Oracle WebLogic Password for Fusion Middleware Applications
  28. Oracle WebLogic Server Certification : 1Z0-108 Practice Question and Dumps
  29. WebLogic Startup fails with Unable to obtain lock on Server may already be running
  30. Oracle Weblogic 12c Launch : Attend online on 1 Dec 2011
  31. Oracle WebLogic 12c (12.1.1) is now available to download
  32. How to Install WebLogic 12C (12.1.1) on Mac
  33. Oracle #WebLogic Server 12c : SE vs EE vs Suite License Options
  34. SSL in WebLogic (CA, KeyStore, Identity & Trust Store) : Things you must know – Part I
  35. SSL in WebLogic Server – Part II : Create KeyStore, generate CSR, Import CERT and configure KeyStore with WebLogic
  36. WebLogic Admin Server Start-up hanging at “Initializing self-tuning thread pool”
  37. Error in WebLogic Clustering : socket MaxMessage Size Exceeded Exception
  38. Changed or New Features in WebLogic 12.1.2
  39. WebLogic SSL configuration : Inconsistent security configuration Cannot convert identity certificate
  40. Dynamic Cluster in WebLogic 12.1.2 : New Features in WebLogic 12c
  41. Identity Propagation between two WebLogic Domains : Cross Domain Security VS Global Trust
  42. WebLogic Admin Server Start Up hangs at ‘Log Management’ BEA-170019 IIOP subsystem enabled
  43. Security:090294 could not get connection javax. net. ssl. SSLKeyException FATAL Alert BAD_CERTIFICATE – A corrupt or unuseable certificate was received
  44. WLST connecting to WebLogic Admin Server failed : Bootstrap to [IP:Port] failed. It is likely that the remote side declared peer gone on this JVM