1-2 Securing Oracle WebLogic Server ■ Application Developers—Java programmers who focus on developing client applications, adding security to Web applications and Enterprise JavaBeans EJBs, and working with other engineering, quality assurance QA, and database teams to implement security features. Application Developers have in-depthworking knowledge of Java including J2EE components such as servletsJSPs and JSEE and Java security. ■ Server Administrators—Administrators work closely with Application Architects to design a security scheme for the server and the applications running on the server; to identify potential security risks; and to propose configurations that prevent security problems. Related responsibilities may include maintaining critical production systems; configuring and managing security realms, implementing authentication and authorization schemes for server and application resources; upgrading security features; and maintaining security provider databases. Server Administrators have in-depth knowledge of the Java security architecture, including Web services, Web application and EJB security, Public Key security, SSL, and Security Assertion Markup Language SAML. ■ Application Administrators—Administrators who work with Server Administrators to implement and maintain security configurations and authentication and authorization schemes, and to set up and maintain access to deployed application resources in defined security realms. Application Administrators have general knowledge of security concepts and the Java Security architecture. They understand Java, XML, deployment descriptors, and can identify security events in server and audit logs.

1.3 Guide to This Document

This document is organized as follows: ■ This chapter describes the audience, organization, and related information for this guide. ■ Chapter 2, Overview of Security Management, describes the default security configuration in WebLogic Server; lists the configuration steps for security, and describes Compatibility security. ■ Chapter 3, Customizing the Default Security Configuration, explains when to customize the default security configuration, the configuration requirements for a new security realm, and how to set a security realm as the default security realm. ■ Chapter 4, Configuring WebLogic Security Providers, describes the available configuration options for the security providers supplied by WebLogic Server and how to configure a custom security provider. ■ Chapter 5, Configuring Authentication Providers, describes the Authentication providers supplied by WebLogic Server, including information about how to configure them. ■ Chapter 6, Configuring Single Sign-On with Microsoft Clients, describes how to configure authentication between a WebLogic domain and .NET Web service clients or browser clients for example, Internet Explorer in a Microsoft domain, using Windows authentication based on the Simple and Protected Negotiate SPNEGO mechanism. ■ Chapter 7, Configuring Single Sign-On with Web Browsers and HTTP Clients, describes how to configure authentication between a WebLogic domain and Web browsers or other HTTP clients, using authentication based on the Security Assertion Markup Language SAML. Introduction and Roadmap 1-3 ■ Chapter 8, Migrating Security Data, provides information about exporting and importing security data between security realms and security providers. ■ Chapter 9, Managing the Embedded LDAP Server, describes the management tasks associated with the embedded LDAP server used by the WebLogic security providers. ■ Chapter 10, Managing the RDBMS Security Store, describes the steps required to configure the RDBMS security store, which enables you to store the security data managed by several security providers in an external RDBMS system rather than in the embedded LDAP server. The use of the RDBMS security store is required for SAML 2.0 services when configured on multiple servers in a domain, such as in a cluster. ■ Chapter 11, Configuring Identity and Trust, describes how to configure identity and trust for WebLogic Server. ■ Chapter 12, Configuring SSL, describes how to configure SSL for WebLogic Server. ■ Chapter 13, Configuring Security for a WebLogic Domain, describes how to set security configuration options for a WebLogic domain. ■ Chapter 14, Using Compatibility Security, describes how to use Compatibility security, a security configuration mode designed for backwards compatibility with security realms developed under WebLogic Server 6.x. ■ Chapter 15, Security Configuration MBeans, describes which WebLogic Security MBeans and MBean attributes are dynamic can be changed without restarting the server and which are non-dynamic changes require a server restart.

1.4 Related Information