Security Providers – are modules that provide security service to application to protect Weblogic resource. Types of security providers in WebLogic Server are
Authentication Provider, Authorization Provider, Auditing Providers, Credential Mapping Provider, Identity Assertion Provider, Principal Validation Provider, Adjudication Providers, Role Mapping Providers, Certificate Lookup and Validation Providers, Keystore Providers and Realm Adapter providers.
Security Provider Database – contains users, groups, security roles, security policies and credentials. This database can be embedded LDAP server, properties file or physical database.
Embedded LDAP server– WebLogic Server uses its embedded LDAP server as security provider database to store users, groups, security roles and security policies.
Security Realm– Security Realm comprises mechanism of protecting WebLogic Resource. Each Security realm consists of security providers, users, groups, security roles and security policies. User must be defined in a security realm in order to access any weblogic resource belonging to that realm. Default realm in Weblogic is myrealm.
You can configure multiple security realm in a domain but only one realm can be active at a time.
You can configure security realm using WebLogic Console or WLST (WebLogic Scripting Tool) or JMX (Java Management Extension) API.
All Security providers exists within context of realm, some security provider type are compulsory in a security realm while others are optional.
Authentication Provider – is to prove identity of user or system.
Auditing Provider – is to provide auditing services. Audit information may be written to LDAP server, Database or simple file.
Principal – is identity assigned to user or group as result of authentication.
Subject – after successful authentication, principal are signed and stored in subject for future use.
LoginModules – is part of Authentication Provider and responsible for authenticating users within security realm and for populating subject with necessary principal (user, group)
Authentication– is process to provide credentials (username/password, Certificate..) to provide identity of user/system. Weblogic support following type of authentication
a) Username/Password– Username and password with or without SSL
b) Certificate Authentication – one way or two way SSL authentication where Server authenticate itself by showing SSL certificate and server can ask client for certificate.
c) Digest Authentication– using nonce, timestamp, username and digest
d) Perimeter Authentication – process of authenticating identity of remote user outside of application server domain.
Authorization – is process which determines which user has access on which WebLogic Resources.
WebLogic Resource– is an Object (which represents WebLogic entity) which can be protected. for ex. ear, ejb, network etc.
Security Policy – is kind of ACL(Access Control List) which determines who (user, group, role) has access to which weblogic resource. WebLogic resource is not protected till you assign security policy to it.
Weblogic Server provides SSO with following environments
– Web Browser and HTTP Client (via SAML)
– Desktop client
More on Single Sign-On with Oracle WebLogic Server coming soon ..
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.