WebLogic Enterprise Security???

Similar Messages

• SAML support in WebLogic Enterprise Security

  Are there any documents and code examples that illustrate how to use SAML in WL Enterprise Security? Is there any identity provider included (NOT identity assertion provider) or is the SAML credential mapper an identity provider?
  The only document that I could find was around setting up identity assertion provider and credential mapper in admin guide. There ia also a mention of types of SAML assertion supported as below without any further explanation on these. Moreover, there is no information available for com.bea.security.internal.SAMLChallenge interface.
  SAML.Challenge - The token is a Challenge token that has implemented the
  com.bea.security.internal.SAMLChallenge interface.
  SAML.Assertion - SAML Assertion that contains the full CertPath. Same as
  SAML.Assertion.Certpath.
  SAML.Assertion.NoCertpath - SAML Assertion that does not contain the full
  certificate chain.
  SAML.Assertion.Certpath - SAML Assertion with a full cert chain. Same as
  SAML.Assertion.

  anyone had any luck with this yet?

• Weblogic Server vs Weblogic Enterprise

  What is the difference in security functionality between Weblogic Server and
  Weblogic Enterprise? Can I use Weblogic Server in conjunction with a single
  user sign on to secure my EJB objects?
  thanks
  scott

  I suggest taking a look at our external website: www.BEA.com. A summary of
  the WLS security is located there -- and you can also look at the product
  WLE to check out the security functionality there.
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "scott mcfadden" <[email protected]> wrote in message
  news:[email protected]..
  What is the difference in security functionality between Weblogic Serverand
  Weblogic Enterprise? Can I use Weblogic Server in conjunction with asingle
  user sign on to secure my EJB objects?
  thanks
  scott

• Weblogic Enterprise 5.1 and threads

  I know when building servers based on WLE 4.2 in was a big no-no to link in threading libraries like pthread and thread. Is this still the case in Weblogic Enterprise 5.1?

  According to the product information, WLE 5.1 does not support Oracle 8.1.6, it
  only goes up to
  Oracle 8.1.5. But in general, I thought that with oracle there are 2 sets of
  libraries, one for threads and
  one for non-threaded support. You need to use the correct one, in the case of
  WLE, that would be the
  non-threaded one.
  MAS
  Paul Power wrote:
  Thanks Mary,
  Do you know of any customers who have managed to work
  with Oracle 8.1.6 without linking with the thread libraries ?
  cheers,
  P.
  Mary Ann Slavin wrote in message <[email protected]>...
  WLE 5.1 C++ is not a threaded product. Compiling WLE 5.1 C++ with thread
  libraries is not supported and will give unpredictable results for allprograms.
  This should not be done.
  Paul Power wrote:
  Hi Mary,
  Is it a dictate from BEA that you "can't" link with thread libraries ?
  We are using WLE 5.0.1 ( and some 5.1) with Oracle 8.1.6 on
  Solaris and found that we had to link using -lthread in order to use
  Oracle (not the case in 8.1.5)
  We don't actually attempt to try any threading in our apps and
  have not had any problems yet but if it's the case that there
  are known problems using threads we'd love to hear about
  them :-)
  As an aside, is Oracle 8.1.6 cleared for use by WLE ?
  P.
  Mary Ann Slavin wrote in message <[email protected]>...
  No matter how WLE 5.1 C++ is used, it cannot be compiled with threadedlibraries, so that restriction remains.
  A WLE C++ server can act as a client and call a WLE Java Server. Doingthis does not require the WLE C++ server to be compiled with threaded
  libraries.
  Wendell MacKenzie wrote:
  Does this also mean if CORBA C++ servers want to invoke threaded
  JavaServers
  the same DEFECT will be prevent this from being accomplished?
  Mary Ann Slavin wrote:
  WLE 5.1 does not have threads in the C++ clients or servers. Java
  threads are naturally occuring in the language, however, there are WLE
  restrictions on what can be done in the
  Java threads. These are documented.
  jd wrote:
  I know when building servers based on WLE 4.2 in was a big no-no
  to
  link in threading libraries like pthread and thread. Is this still thecase
  in Weblogic Enterprise 5.1?
  >

• Using weblogic.servlet.security.ServletAuthentication

  I am currently using weblogic.servlet.security.ServletAuthentication.authenticate(Callback,
  request) to peform a weblogic form-based authentication/login and would like to
  see the session stored user info....
  The doc for authenticate states that a session will be created, but does this
  method also place user information into the session [after authentication]. If
  so, how exactly do I get the default user information stored in the session after
  this call?
  Is there a String title associated with the user info so that I can use getAttribute(String)?
  Using session.getAttributeNames(), I can see that the session has a "sessionContext"
  and "org.apache.struts.action.LOCALE". Is there a way I can user/parse these objects
  for the user information. Your help is very much appreciated, thanks!

  I think we have most of the functionality you've asked for.
  ServletAuthentication.runAs() associates a Subject with the session.
  weblogic.security.services.Authentication.authenticate() creates a Subject.
  ServletAuthentication.authenticate() is merely a convenience wrapper around
  these two methods. That is, it creates a CallbackHandler from the request,
  calls authenticate() and then calls runAs(). So, in answer to your question,
  yes, ServletAuthentication.authenticate() does associate the Subject with
  the current session.
  There is no direct way of getting the Subject associated with a session but
  we can give you the current Subject which is almost always the same thing
  (if you have a run-as tag the current Subject may be different than the one
  associated with the session). To get the current Subject call
  weblogic.security.Security.getCurrentSubject().
  - Neil
  "Richard " <[email protected]> wrote in message
  news:4002e8a6$[email protected]..
  >
  I am currently usingweblogic.servlet.security.ServletAuthentication.authenticate(Callback,
  request) to peform a weblogic form-based authentication/login and wouldlike to
  see the session stored user info....
  The doc for authenticate states that a session will be created, but doesthis
  method also place user information into the session [afterauthentication]. If
  so, how exactly do I get the default user information stored in thesession after
  this call?
  Is there a String title associated with the user info so that I can usegetAttribute(String)?
  >
  Using session.getAttributeNames(), I can see that the session has a"sessionContext"
  and "org.apache.struts.action.LOCALE". Is there a way I can user/parsethese objects
  for the user information. Your help is very much appreciated, thanks!

• Weblogic.management.security with transactions, Please HELP

  I am using weblogic.management.security.authentication API to programmatically insert/delete users and passwords into/from default security provider on Weblogic Server 8.1. I want to add transactional support to this these actions, I tried using UserTransaction API but without any luck. Does weblogi.managment.security.authenication has no transactional support (rollback-commit) or am I doing something wrong? I very much appreciate your help and looking forward to hearing from you!!!!
  It doesn't rollback, Here is the code:
  UserTransaction transaction = (UserTransaction)ctx.lookup("javax.transaction.UserTransaction");
  transaction.begin();
  UserEditorMBean userEditor = (UserEditorMBean)providers;
  userEditor.createUser(userName, password, description);
  transaction.rollback();

  I do not think you can have transactions over MBean calls as they communicate with relevant object over t3 and this objects are possibly in different class loader.
  -TJ

• Weblogic.servlet.security.ServletAuthentication Question

            Hi all,
            I am developing on WebLogic 5.1 with service pack 6 installed. WegLogic 5.1 documentation on the ServletAuthentication class says that along with the non-static weak() method, there are two static versions of the weak() method available in the class that one could use. I would like to use the static version that takes in username, password, and the servlet request or session object. But I tried compiling my program, the compiler could not find the method implementation.
            This prompted me to run the javap utility on the weblogic.servlet.security.ServletAuthentication class in the weblogic510sp6.jar file and sure enough I did not find the static methods in that class.
            I did see them in an older Weblogicaux.jar file's version of ServletAuthentication class. Does that mean that these methods are deprecated and if so I would love to know the reason. For implementations that store passwords in an encrypted form those are the only methods that are useful.
            Any help/clarification on this is greatly appreciated,
            arif.
            

            Hi all,
            I am developing on WebLogic 5.1 with service pack 6 installed. WegLogic 5.1 documentation on the ServletAuthentication class says that along with the non-static weak() method, there are two static versions of the weak() method available in the class that one could use. I would like to use the static version that takes in username, password, and the servlet request or session object. But I tried compiling my program, the compiler could not find the method implementation.
            This prompted me to run the javap utility on the weblogic.servlet.security.ServletAuthentication class in the weblogic510sp6.jar file and sure enough I did not find the static methods in that class.
            I did see them in an older Weblogicaux.jar file's version of ServletAuthentication class. Does that mean that these methods are deprecated and if so I would love to know the reason. For implementations that store passwords in an encrypted form those are the only methods that are useful.
            Any help/clarification on this is greatly appreciated,
            arif.
            

• WPA2-enterprise security question

  I will be attending ETSU (East TN State U) as a graduate student this fall. I have purchased a new iPad 3G and want to use it on the campus network. I have read that on some campuses there have been problems with the wireless iPads working on university networks. Will I have a problem using mine at ETSU?  
  I bought the Wi-Fi and 3G version just in case, but would prefer to use it as a wi-fi only device.  
  I emailed the OIT dept on campus and they said that they might be able to connect the iPad to the wireless, but they can not promise me that it will work.  They tell me to check my iPad to make sure that it comes with WPA2-enterprise security. 
  What is WPA2-enterprise security and does my iPad have this? Will I be able to use it on campus come August?
  Any advice would be helpful.

  Alec Edworthy wrote:
  The issue has been with DHCP and the iPad not renewing its lease when it should do. This has lead some sites to ban (through rule or a technological means) some or all iPads. The solution is to turn wireless off and on again or do not allow the screen to turn off. You can find more information at,
  http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-lease- keeps-using-IP-address.html
  Apple should be fixing this in an update in the future.
  Alec
  Unfortunately, DHCP or Princeton issues have absolutely nothing to do with the question the OP is asking. FYI, no university has banned the iPad from their network.
  As has already been stated by rutiger the iPad should work with WPA2 Enterprise.
  For more on iPad and WPA2 Enterprise security see: http://www.apple.com/ipad/business/pdf/iPadSecurityOverview.pdf

• How to start Enterprise Security Manager in 11g

  Hi All,
  How to start Enterprise Security Manger in 11g ? Should Grid Control be installed seperately ? There is no menu or utility that represent Enterprise Security Manager in 11g ? In 10g there is a menu item called "Enterprise Security Manager" , how to access it in 11g ?
  Regards,
  Senthil.

  my doubt is ,, just simply giving the above command the listener create and start or do i need to modify any other parameters which i have to copy from old listener file.The former. Unless you need/want to use non-standard parameters, you don't need anything else. Just start it.

• Oracle Enterprise Security Manager

  Hi!
  I have some problems with installing the Oracle Aplication Server Infrastructure 10g. I need to configure the Oracle Internet Directory. For this i did following steps:
  1) Install the Oracle Aplication Server Infrastructure 10g, which include the OID
  2) For the aplication server database configure a Oracle Context through the Net Configuration Assistant
  3) Configure the database for using OID
  4) Create user in the database that identified globally
  After that i need to configure a Enterprise User in OID. For this i need Oracle Enterprise Security Manager. But ESM isn't installed with the Oracle Aplication Server.
  What application includes Oracle Enterprise Security Manager?
  Thanks a lot!

  Without knowing exactly what he referring to. I can't comments much more.
  What's version are you using?
  Data Guard is very mature feature of Oracle 10g, since it first appeared in Oracle 8i in the form of Standby server.
  Whatever bugs he experienced, he should work with Oracle support to fix it. It could be known bugs that already has a fix, it could be he didn't use the feature correctly and assume it's a bug, it could be a real undocumented bug.
  Using his own stored procedure to monitor data guard like reinventing the wheel. Actually it's worse, what on earth is he thinking that he could out smart whole Data Guard team of Oracle :D

• Weblogic Enterprise manager with Oracle Portal

  Hi All,
  Iam working on a architecture defination which is basically a B2B and B2C based web applications. I intially thought the Oracle Portal+Oracle BPM as the right combination as it gives a complete technical stack as well as we will have a well defined control over the integrations.
  Since the application requires high sclability and high transactions support, wanted to choose Weblogic Enterprise manager instead of oracle AS. In this context i have following quoestions
  1. Will the Oracle Portal+Oracle Discoverer+Portlets(PLSQL, JAVA) can be ported onto WEBLOGIC Enterprise manager server?
  2. What is the feature of OracleASOC4J?
  Request to respond on this as quicly as possible
  Advance Thanks,
  Sreedhar

  In a RAC environment database control runs by default on a master mode,when this node goes down,EM does the same. There's a comprehensive article on metalink how to handle this:
  How to manage DB Control 10.2 for RAC Database with emca
  Doc ID: 395162.1
  Werner

• Sample illustrating Enterprise Security

  Hello,
  I would like to find a sample that implements Enterprise Security including:
  [1] Enterprise Users and Roles
  [2] Possibly VPD
  [3] Shared schema
  [4] Integration of OID and 9iAS
  Any one see such a beast?
  Thanks,
  Doug

  You could look at the following sample page on OTN
  http://otn.oracle.com/sample_code/deploy/security/9i_security.html
  It provides samples on following :
  1 Single sign on in Oracle9ias
  2. PKI authentication in 9ias using OID
  3. Using JAAS in web applications (users defined in either OID or XML file)
  4. Virtual Private Database.
  etc.
  Chandar

• Weblogic.xml.security.SecurityConfigurationException running encrypt example

  Hi,
  I am trying to run the tutorial examples that are detailed at http://webservice.bea.com.
  I am having problems running the encrypt SOAP messages example.
  The command line client version works fine (the full transaction goes smoothly,
  returning me the string I sent using the encryption). The browser version, though
  , gives me an error.
  (See attached).
  I am using WLS 8.1. sp2.
  I configured the server keystore and client keystore using the command line utilities
  included
  in the zipped example.
  I configured the servers default identity asserter as well as the ssl & keystore
  according to the
  instructions of the zipped file.
  Thanks in advance.

  i meet the same problem as Juan Campos'.
  the error information as follow:
  Request sent to the server
  <!--REQUEST.................-->
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <env:Header>
  </env:Header>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  <faultstring>Exception during processing: weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided (see Fault Detail for stacktrace)</faultstring>
  <detail>
  <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided
       at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:325)
       at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:101)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:423)
       at weblogic.webservice.server.servlet.ServletBase.invokeMultiOutput(ServletBase.java:349)
       at weblogic.webservice.server.servlet.WebServiceServlet.invokeMultiOutput(WebServiceServlet.java:354)
       at weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.java:300)
       at weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServiceServlet.java:344)
       at weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:266)
       at weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:158)
       at weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet.java:255)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
       at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
       at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  </bea_fault:stacktrace>
  </detail>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  Response from the server
  <!--RESPONSE.................-->
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <env:Header>
  </env:Header>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  <faultstring>Exception during processing: weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided (see Fault Detail for stacktrace)</faultstring>
  <detail>
  <bea_fault:stacktrace xmlns:bea_fault="http://www.bea.com/servers/wls70/webservice/fault/1.0.0">weblogic.xml.security.SecurityConfigurationException: Service requires signed requests, but no Token was provided
       at weblogic.webservice.core.handler.WSSEClientHandler.processSpecs(WSSEClientHandler.java:325)
       at weblogic.webservice.core.handler.WSSEClientHandler.handleRequest(WSSEClientHandler.java:101)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:143)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:231)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:143)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:457)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:423)
       at weblogic.webservice.server.servlet.ServletBase.invokeMultiOutput(ServletBase.java:349)
       at weblogic.webservice.server.servlet.WebServiceServlet.invokeMultiOutput(WebServiceServlet.java:354)
       at weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.java:300)
       at weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServiceServlet.java:344)
       at weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:266)
       at weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:158)
       at weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet.java:255)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:971)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:402)
       at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:305)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6350)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:317)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
       at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
       at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  </bea_fault:stacktrace>
  </detail>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  i try Bruce Stephens' advise,but don't know exactly how to do,(which certificate should be imported?)will someone please tell the details?

• WebLogic Enterprise 5.1: Which version of Tuxedo included?

  Hi,
  can you tell me, which version of Tuxedo is included in WebLogic Enterprise
  5.1?
  Thanks,
  Marita

  Marita,
  My understanding is that it is a version of Tuxedo based on v6.5, but not
  released in any form other than as the deployment engine for WLE 5.x
  Tuxedo 8.0 (which includes the C++ CORBA support formerly only available as part
  of the "WLE" product obviously shares a single Tuxedo kernel between ATMI and CORBA
  Of course, as with all Tuxedo versions, the version underpining WLE 5.x will
  interoperate with other supported versions, so the exact version shouldn't be a
  cause for concern.
  Regards,
  Peter.
  Got a Question? Ask BEA at http://askbea.bea.com
  The views expressed in this posting are solely those of the author, and BEA
  Systems, Inc. does not endorse any of these views.
  BEA Systems, Inc. is not responsible for the accuracy or completeness of the
  information provided
  and assumes no duty to correct, expand upon, delete or update any of the
  information contained in this posting.
  Marita León Ohl wrote:
  Hi,
  can you tell me, which version of Tuxedo is included in WebLogic Enterprise
  5.1?
  Thanks,
  Marita

• Spring Facet not available in Weblogic Enterprise Pack for Eclipse?

  Hi guys, just wondering if the Spring Facet will be available for the Weblogic Enterprise Pack for Eclipse? If yes, when can we expect this to be released?

  Spring Facet and other integration with Spring IDE will be in the next release of Oracle Enterprise Pack for Eclipse, which will ship in the next couple of months.
  - Konstantin