Specifying the Order of Authentication Providers
4.4.3.2 Specifying the Order of Authentication Providers
As described in Section 4.1.2.2, LoginModules and Multipart Authentication, the order in which you configure multiple Authentication providers and thus LoginModules affects the outcome of the authentication process. You can configure Authentication providers in any order. However, if you need to reorder your configured Authentication providers, follow the steps described in Changing the Order of Authentication Providers in Securing Oracle WebLogic Server. 4-28 Developing Security Providers for Oracle WebLogic Server 5 Identity Assertion Providers 5-1 5 Identity Assertion Providers An Identity Assertion provider is a specific form of Authentication provider that allows users or system processes to assert their identity using tokens in other words, perimeter authentication. Identity Assertion providers enable perimeter authentication and support single sign-on. You can use an Identity Assertion provider in place of an Authentication provider if you create a LoginModule for the Identity Assertion provider, or in addition to an Authentication provider if you want to use the Authentication providers LoginModule. If you want to allow the Identity Assertion provider to be configured separately from the Authentication provider, write two providers. If your Identity Assertion provider and Authentication provider cannot work independently, then write one provider. The following sections describe Identity Assertion provider concepts and functionality, and provide step-by-step instructions for developing a custom Identity Assertion provider: ■ Section 5.1, Identity Assertion Concepts ■ Section 5.2, The Identity Assertion Process ■ Section 5.3, Do You Need to Develop a Custom Identity Assertion Provider? ■ Section 5.4, How to Develop a Custom Identity Assertion Provider5.1 Identity Assertion Concepts
Before you develop an Identity Assertion provider, you need to understand the following concepts: ■ Section 5.1.1, Identity Assertion Providers and LoginModules ■ Section 5.1.2, Identity Assertion and Tokens ■ Section 5.1.3, Passing Tokens for Perimeter Authentication ■ Section 5.1.4, Common Secure Interoperability Version 2 CSIv25.1.1 Identity Assertion Providers and LoginModules
When used with a LoginModule, Identity Assertion providers support single sign-on. For example, an Identity Assertion provider can generate a token from a digital certificate, and that token can be passed around the system so that users are not asked to sign on more than once. The LoginModule that an Identity Assertion provider uses can be:Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope Documentation Audience Guide to this Document
» Writing Console Extensions Overview of the Development Process
» Understand Two Important Restrictions
» Understand the Purpose of the Provider SSPIs Understand the Purpose of the Bulk Access Providers
» Determine Which Provider Interface You Will Implement
» Understand Why You Need an MBean Type
» Understand the SSPI MBean Hierarchy and How It Affects the Administration Console
» Understand What the WebLogic MBeanMaker Provides
» Migration Concepts Security Data Migration
» The Architecture of WebLogic Resources Types of WebLogic Resources
» Looking Up WebLogic Resources in a Security Providers Runtime Class
» ContextHandlers and WebLogic Resources
» Best Practice: Create a Simple Database If None Exists
» Best Practice: Configure an Existing Database
» Users and Groups, Principals and Subjects
» Java Authentication and Authorization Service JAAS
» Example: Creating the Runtime Classes for the Sample Authentication Provider
» Install the MBean Type Into the WebLogic Server Environment
» Specifying the Order of Authentication Providers
» Identity Assertion Providers and LoginModules Identity Assertion and Tokens
» Do You Need to Develop a Custom Authentication Provider? The Identity Assertion Process
» Do You Need to Develop a Custom Identity Assertion Provider?
» Create Runtime Classes Using the Appropriate SSPIs
» Implement the PrincipalValidator SSPI
» The Principal Validation Process The Authorization Process
» Policy Consumer SSPI How to Develop a Custom Authorization Provider
» PolicyStoreMBean How to Develop a Custom Authorization Provider
» Provide a Mechanism for Security Policy Management
» Security Roles Dynamic Security Role Computation
» Role Consumer SSPI How to Develop a Custom Role Mapping Provider
» PolicyStoreMBean How to Develop a Custom Role Mapping Provider
» Is Your Custom Role Mapping Provider Thread Safe? The Auditing Process
» ContextHandlerMBean Methods Example: Implementing the ContextHandlerMBean
» Extend weblogic.management.security.audit.ContextHandlerImpl
» Do You Need to Develop a Custom Auditing Provider?
» Configure the Custom Auditing Provider Using the Administration Console
» Passing Additional Audit Information Audit Event Interfaces and Audit Events
» Credential Mapping Concepts The Credential Mapping Process
» Security Services and the Auditor Service
» Example: Auditing Management Operations from a Providers MBean
» Best Practice: Posting Audit Events from a Providers MBean
» Why Filters are Needed Servlet Authentication Filter Design Considerations
» Implementing Challenge Identity Assertion from a Filter
» Example of a Provider that Implements a Filter Versionable Application Concepts
Show more