Using Debugging with JSSE SSL
12.12.4 Using Debugging with JSSE SSL
As described in Section 12.6, SSL Debugging, SSL debugging provides more detailed information about the SSL events that occurred during an SSL handshake and other operations. If you debug SSL when the JSSE-based SSL implementation is enabled, you can use the same debug logging properties as when the Certicom SSL implementation is enabled. These logging properties are listed and described in Table 12–2 . However, when the JSSE-based SSL implementation is enabled, some properties affect only the SSL calling code and not the JSSE implementation. The JSSE-based SSL implementation has its own logging system, which is activated by the javax.net.debug property. The javax.net.debug property provides multiple levels of control over the amount of output and can be used independently of WebLogic SSL logging ssl.debug. See the Debugging Utilities section of the Java Secure Socket Extension JSSE Reference Guide, available at the following URL, for more details about the javax.net.debug property: http:download.oracle.comjavase6docstechnotesguidessecuri tyjsseJSSERefGuide.htmlDebug Table 12–3 Cipher Suite Name Equivalence Certicom Cipher Suite SunJSSE Equivalent Cipher Suite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA SSL_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 SSL_DH_anon_WITH_RC4_128_MD5 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_SHA 13 Configuring Security for a WebLogic Domain 13-1 13 Configuring Security for a WebLogic Domain The following sections describe how to set security configuration options for a WebLogic domain: ■ Section 13.1, Important Information Regarding Cross-Domain Security Support ■ Section 13.2, Enabling Trust Between WebLogic Server Domains ■ Section 13.3, Using Connection Filters ■ Section 13.4, Using the Java Authorization Contract for Containers ■ Section 13.5, Viewing MBean Attributes ■ Section 13.6, How Passwords Are Protected in WebLogic Server ■ Section 13.7, Protecting User Accounts ■ Section 13.8, Configuring a Domain to Use JAAS Authorization13.1 Important Information Regarding Cross-Domain Security Support
This section describes important information regarding support for the cross-domain security solution. As described in Section 13.2, Enabling Trust Between WebLogic Server Domains, cross-domain security establishes trust between domains such that principals in a subject from one WebLogic domain can make calls in another domain. WebLogic Server establishes a security role for cross-domain users, and uses the WebLogic Credential Mapping security provider in each domain to store the credentials to be used by the cross-domain users. In this release of WebLogic Server, subsystems such as JMS, JTA, MDB, and WAN replication implement cross-domain security. These subsystems can authenticate and send the required credentials across domains. However, the EJB container does not implement the solution for cross-domain security. As a result, the WLS cross-domain security feature does not work in the following situations: ■ WLI domain ■ With ALSB, when ALSB is configured to use the SB and DSP transports. ■ ALDSP domain Note: These sections apply to WebLogic Server deployments using the security features in this release of WebLogic Server as well as deployments using Compatibility Security.Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Document Audience
» Related Information Oracle Fusion Middleware Online Documentation Library
» New and Changed Security Features Security Realms in WebLogic Server
» Security Providers Oracle Fusion Middleware Online Documentation Library
» WebLogic Resources Security Policies and WebLogic Resources
» Deployment Descriptors and the WebLogic Server Administration Console
» The Default Security Configuration in WebLogic Server Configuring WebLogic Security: Main Steps
» Methods of Configuring Security
» Management Tasks Available in Compatibility Security
» Why Customize the Default Security Configuration?
» Before You Create a New Security Realm
» Creating and Configuring a New Security Realm: Main Steps
» When Do You Need to Configure a Security Provider?
» Configuring an Authorization Provider Configuring the WebLogic Adjudication Provider
» Configuring a Role Mapping Provider
» Auditing ContextHandler Elements Configuring the WebLogic Auditing Provider
» Configuration Auditing Enabling Configuration Auditing
» Configuration Auditing Messages Configuring the WebLogic Auditing Provider
» Audit Events and Auditing Providers
» Configuring a WebLogic Credential Mapping Provider
» PKI Credential Mapper Attributes Credential Actions
» SAML 2.0 Credential Mapping Provider Attributes
» Lookup String Syntax The partner lookup string has the following syntax:
» CertPath Provider Certificate Registry
» Configuring a WebLogic Keystore Provider Choosing an Authentication Provider
» Setting the JAAS Control Flag Option Changing the Order of Authentication Providers
» Setting User Attributes Configuring the WebLogic Authentication Provider
» Accessing Other LDAP Servers Enabling an LDAP Authentication Provider for SSL
» Configuring Static Groups Use of GUID and LDAP DN Data in WebLogic Principals
» Optimizing the Group Membership Caches
» Optimizing the Connection Pool Size and User Cache
» Domain Controller Settings Configuring a Windows NT Authentication Provider
» Password Composition Rules for the Password Validation Provider
» Using the Password Validation Provider with the WebLogic Authentication Provider
» Creating an Instance of the Password Validation Provider Specifying the Password Composition Rules
» Partner Lookup Strings Required for Web Service Partners For web service Identity
» Configuring a Negotiate Identity Assertion Provider Ordering of Identity Assertion for Servlets
» Configuring Identity Assertion Performance in the Server Cache Configuring a User Name Mapper
» Configuring a Custom User Name Mapper
» Configuring the SAML Authentication Provider Overview of Single Sign-On with Microsoft Clients
» Configuring Your Network Domain to Use Kerberos Creating a JAAS Login File
» Configure the SAML 1.1 Credential Mapping Provider Configure the Source Site Federation Services
» Configuring Relying and Asserting Parties with WLST
» Configuring SAML 2.0 Services: Main Steps
» About SAML 2.0 General Services
» Publishing and Distributing the Metadata File
» Viewing Partner Site, Certificate, and Service Endpoint Information
» About SAML Debug Scopes and Attributes Enabling Debugging Using the Command Line
» Enabling Debugging Using the WebLogic Server Administration Console
» Enabling Debugging Using the WebLogic Scripting Tool Sending Debug Messages to Standard Out
» Overview of Security Data Migration
» Migration Concepts Formats and Constraints Supported by WebLogic Security Providers
» Configuring the Embedded LDAP Server
» The Access Control File Access Control Location
» Access Control Scope Attributes Types
» Subject Types GrantDeny Evaluation Rules
» Backup and Recovery Oracle Fusion Middleware Online Documentation Library
» Security Providers that Use the RDBMS Security Store
» Oracle Example MS-SQL Example
» DB2 Example For More Information About Default Connection Properties Internally, the RDBMS
» Configuring JMS Connection Recovery in the Event of Failure
» Using Your Own Certificate Authority Converting a Microsoft p7b Format to PEM Format
» How End User Certificate Callback Handlers Work Creating a Certificate Callback Implementation
» SSL: An Introduction One-Way and Two-Way SSL
» Java Secure Socket Extension JSSE SSL Implementation Supported Setting Up SSL: Main Steps
» Using Host Name Verification SSL Session Behavior
» Controlling the Level of Certificate Validation Accepting Certificate Policies in Certificates
» Checking Certificate Chains Using Certificate Lookup and Validation Providers
» Configuring RMI over IIOP with SSL Using the nCipher JCE Provider with WebLogic Server
» System Property Differences Between the JSSE-Based and Certicom SSL Implementations
» Supported Cipher Suites Using the JSSE-Based SSL Implementation
» Using Debugging with JSSE SSL
» Configuring Cross-Domain Security Enabling Cross Domain Security Between WebLogic Server Domains
» Configuring a Cross-Domain User Configure a Credential Mapping for Cross-Domain Security
» Enabling Global Trust Enabling Trust Between WebLogic Server Domains
» Using Connection Filters Oracle Fusion Middleware Online Documentation Library
» Using the Java Authorization Contract for Containers Viewing MBean Attributes
» How Passwords Are Protected in WebLogic Server Protecting User Accounts
» Configuring a Domain to Use JAAS Authorization
» Running Compatibility Security: Main Steps
» Configuring a Realm Adapter Authentication Provider
» Accessing 6.x Security from Compatibility Security
Show more