WebLogic Security Service Architecture 5-19

5.5.1 WebLogic Authentication Provider

The default active security realm for WebLogic Server includes a WebLogic Authentication provider. The WebLogic Authentication provider supports delegated usernamepassword and WebLogic Server security digest authentication. It utilizes an embedded LDAP server to store user and group information. This provider allows you to edit, list, and manage users and group membership. This provider also provides a set of attributes, such as employee number and department number, that you can assign to users.

5.5.2 Alternative Authentication Providers

WebLogic Server provides the following additional Authentication providers which can be used instead of or in conjunction with the WebLogic Authentication provider in the default security realm: ■ A set of LDAP Authentication providers that access external LDAP stores Open LDAP, Netscape iPlanet, Microsoft Active Directory, Oracle Internet Directory, Oracle Virtual Directory, and Novell NDS. ■ A set of Database Base Management System DBMS authentication providers that access user, password, group, and group membership information stored in databases for authentication purposes. Optionally, WebLogic Server can be used to manage the user, password, group, and group membership information. The DBMS Authentication provider are the upgrade path from the RDBMS security realm. The following DBMS Authentication providers are available: – SQL Authentication provider - A manageable authentication provider that supports the listing and editing of user, password, group, and group membership information. – Read-only SQL Authentication provider - An authentication provider that supports authentication of users in a database and the listing of the contents of the database through the WebLogic Server Administration Console. The authentication provider requires a specific set of SQL statements so it might not meet all customer needs. – Custom DBMS Authentication provider - A run-time authentication provider that only supports authentication. This provider require customer-written code that handles querying the database to obtain authentication information.This authentication provider is a flexible alternative that allows customer to adapt a DBMS Authentication provider to meet their special database needs. ■ A Windows NT Authentication provider that uses Windows NT users and groups for authentication purposes. The Windows NT Authentication provider is the upgrade path for the Window NT security realm. The Windows NT users and groups are displayed through the WebLogic Server Administration Console however, they cannot be managed through the console. ■ An LDAP X509 Identity Assertion provider that looks up the LDAP object for the user associated with an X509 certificate, ensures that the certificate in the LDAP Note: In conjunction with the WebLogic Authorization provider, the WebLogic Authentication provider replaces the functionality of the File realm that was available in 6.x releases of WebLogic Server. 5-20 Understanding Security for Oracle WebLogic Server object matches the presented certificate, and then retrieves the name of the user from the LDAP object for the purpose of authentication.

5.5.3 Password Validation Provider