PKI Credential Mapper Attributes Credential Actions
4.9 Configuring a PKI Credential Mapping Provider
The PKI Public Key Infrastructure Credential Mapping provider included in WebLogic Server maps a a WebLogic Server subject the initiator and target resource and an optional credential action to b a key pair or public certificate that can be used by applications when accessing the targeted resource. The PKI Credential Mapping provider uses the subject and resource name to retrieve the corresponding credential from the keystore. To use the PKI Credential Mapping provider, you need to: 1. Configure keystores with appropriate keys and distribute the keystores on all machines in a WebLogic Server cluster. Setting up keystores is not a WebLogic Server function. For information about setting up keystores, see the help for the Java keytool utility at http:download.oracle.comjavase6docstechnotestoolssola riskeytool.html . See also Chapter 11, Configuring Identity and Trust, for information about keystores and keys in WebLogic Server. 2. Configure a PKI Credential Mapping provider. A PKI Credential Mapping provider is not already configured in the default security realm myrealm. See Section 4.9.1, PKI Credential Mapper Attributes, and Configure Credential Mapping providers in the Oracle WebLogic Server Administration Console Help. 3. Create credential mappings. See Create PKI Credential Mappings in the Oracle WebLogic Server Administration Console Help.4.9.1 PKI Credential Mapper Attributes
To configure the PKI Credential Mapping provider, set values for these attributes. See Configure Credential Mapping Providers in the Oracle WebLogic Server Administration Console Help. ■ Keystore Provider—A keystore provider for the Java Security API. If no value is specified, the default provider class is used. ■ Keystore Type— JKS the default or PKCS12. ■ Keystore Pass Phrase—Password used to access the keystore ■ Keystore File Name—Location of the keystore relative to the directory where the server was started. In addition, two optional attributes determine how the PKI Credential Mapping provider locates credential mappings in cases where the exact resource or subject may not be available: Configuring WebLogic Security Providers 4-15 ■ Use Resource Hierarchy—A credential is located by traversing up the resource hierarchy for each type of resource. The search for all possible PKI credentials will start from the specific resource and will walk up the resource hierarchy to find all possible matches. This attribute is enabled by default. ■ Use Initiator Group Names—When a subject is passed to the PKI Credential Mapper provider, a credential is located by examining the groups of which the initiator is a member. This is enabled by default.4.9.2 Credential Actions
Optionally, you can label a credential mapping with a credential action. You can do this in the Administration Console when you create the credential mapping. The credential action is an arbitrary string that distinguishes credential mappings used in different circumstances. For example, one credential mapping could decrypt a message from a remote resource and another credential mapping could sign messages to be sent to the same resource. The subject initiator and the target resource are not sufficient to distinguish these two credential mappings. You can use the credential action to label one of these credential mappings something like decrypt and the other one sign. Then, the container calling the PKI Credential Mapping provider can provide the desired credential action value in the ContextHandler that is passed to the provider. For information about adding credential actions to PKI credential mappings, see Create PKI Credential Mappings in the Oracle WebLogic Server Administration Console Help.4.10 Configuring a SAML Credential Mapping Provider for SAML 1.1
Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Document Audience
» Related Information Oracle Fusion Middleware Online Documentation Library
» New and Changed Security Features Security Realms in WebLogic Server
» Security Providers Oracle Fusion Middleware Online Documentation Library
» WebLogic Resources Security Policies and WebLogic Resources
» Deployment Descriptors and the WebLogic Server Administration Console
» The Default Security Configuration in WebLogic Server Configuring WebLogic Security: Main Steps
» Methods of Configuring Security
» Management Tasks Available in Compatibility Security
» Why Customize the Default Security Configuration?
» Before You Create a New Security Realm
» Creating and Configuring a New Security Realm: Main Steps
» When Do You Need to Configure a Security Provider?
» Configuring an Authorization Provider Configuring the WebLogic Adjudication Provider
» Configuring a Role Mapping Provider
» Auditing ContextHandler Elements Configuring the WebLogic Auditing Provider
» Configuration Auditing Enabling Configuration Auditing
» Configuration Auditing Messages Configuring the WebLogic Auditing Provider
» Audit Events and Auditing Providers
» Configuring a WebLogic Credential Mapping Provider
» PKI Credential Mapper Attributes Credential Actions
» SAML 2.0 Credential Mapping Provider Attributes
» Lookup String Syntax The partner lookup string has the following syntax:
» CertPath Provider Certificate Registry
» Configuring a WebLogic Keystore Provider Choosing an Authentication Provider
» Setting the JAAS Control Flag Option Changing the Order of Authentication Providers
» Setting User Attributes Configuring the WebLogic Authentication Provider
» Accessing Other LDAP Servers Enabling an LDAP Authentication Provider for SSL
» Configuring Static Groups Use of GUID and LDAP DN Data in WebLogic Principals
» Optimizing the Group Membership Caches
» Optimizing the Connection Pool Size and User Cache
» Domain Controller Settings Configuring a Windows NT Authentication Provider
» Password Composition Rules for the Password Validation Provider
» Using the Password Validation Provider with the WebLogic Authentication Provider
» Creating an Instance of the Password Validation Provider Specifying the Password Composition Rules
» Partner Lookup Strings Required for Web Service Partners For web service Identity
» Configuring a Negotiate Identity Assertion Provider Ordering of Identity Assertion for Servlets
» Configuring Identity Assertion Performance in the Server Cache Configuring a User Name Mapper
» Configuring a Custom User Name Mapper
» Configuring the SAML Authentication Provider Overview of Single Sign-On with Microsoft Clients
» Configuring Your Network Domain to Use Kerberos Creating a JAAS Login File
» Configure the SAML 1.1 Credential Mapping Provider Configure the Source Site Federation Services
» Configuring Relying and Asserting Parties with WLST
» Configuring SAML 2.0 Services: Main Steps
» About SAML 2.0 General Services
» Publishing and Distributing the Metadata File
» Viewing Partner Site, Certificate, and Service Endpoint Information
» About SAML Debug Scopes and Attributes Enabling Debugging Using the Command Line
» Enabling Debugging Using the WebLogic Server Administration Console
» Enabling Debugging Using the WebLogic Scripting Tool Sending Debug Messages to Standard Out
» Overview of Security Data Migration
» Migration Concepts Formats and Constraints Supported by WebLogic Security Providers
» Configuring the Embedded LDAP Server
» The Access Control File Access Control Location
» Access Control Scope Attributes Types
» Subject Types GrantDeny Evaluation Rules
» Backup and Recovery Oracle Fusion Middleware Online Documentation Library
» Security Providers that Use the RDBMS Security Store
» Oracle Example MS-SQL Example
» DB2 Example For More Information About Default Connection Properties Internally, the RDBMS
» Configuring JMS Connection Recovery in the Event of Failure
» Using Your Own Certificate Authority Converting a Microsoft p7b Format to PEM Format
» How End User Certificate Callback Handlers Work Creating a Certificate Callback Implementation
» SSL: An Introduction One-Way and Two-Way SSL
» Java Secure Socket Extension JSSE SSL Implementation Supported Setting Up SSL: Main Steps
» Using Host Name Verification SSL Session Behavior
» Controlling the Level of Certificate Validation Accepting Certificate Policies in Certificates
» Checking Certificate Chains Using Certificate Lookup and Validation Providers
» Configuring RMI over IIOP with SSL Using the nCipher JCE Provider with WebLogic Server
» System Property Differences Between the JSSE-Based and Certicom SSL Implementations
» Supported Cipher Suites Using the JSSE-Based SSL Implementation
» Using Debugging with JSSE SSL
» Configuring Cross-Domain Security Enabling Cross Domain Security Between WebLogic Server Domains
» Configuring a Cross-Domain User Configure a Credential Mapping for Cross-Domain Security
» Enabling Global Trust Enabling Trust Between WebLogic Server Domains
» Using Connection Filters Oracle Fusion Middleware Online Documentation Library
» Using the Java Authorization Contract for Containers Viewing MBean Attributes
» How Passwords Are Protected in WebLogic Server Protecting User Accounts
» Configuring a Domain to Use JAAS Authorization
» Running Compatibility Security: Main Steps
» Configuring a Realm Adapter Authentication Provider
» Accessing 6.x Security from Compatibility Security
Show more