This discussion is archived
4 Replies Latest reply: Jul 13, 2011 10:45 PM by user1022639 RSS

iPKI Configuration on weblogic 11g

user1022639 Newbie
Currently Being Moderated
Hi experts,

I am new to weblogic security configuration and currently in the process of configuring the internet X509 PKI authentication mechanism. Can someone guide me how to do that?


Basically i have a question what is the different between two way ssl and the iPKI? is two way ssl the implementation of iPKI?

I manage to do the two way ssl and verified with the sample application. During the login the client cert is passed and default identity asserter verified with the weblogic user. Is that mean for this we need to have the user in the identity store?

Looking forward your guidelines.

-t

Edited by: user1022639 on Jul 12, 2011 3:56 AM
  • 1. Re: iPKI Configuration on weblogic 11g
    RenévanWijk Oracle ACE
    Currently Being Moderated
    Information on SSL can be found here: http://www.evsslcertificate.com/ssl/description-ssl.html and http://www.tech-faq.com/understanding-ssl-secure-sockets-layer.html

    The WebLogic security guide can be found here: http://download.oracle.com/docs/cd/E17904_01/web.1111/e13707/toc.htm

    A step-by-step example on how to set-up SSL/TLS can be found here: http://download.oracle.com/docs/cd/E17904_01/web.1111/e13707/toc.htm
    especially the 'Setting-up SSL/TLS' section
  • 2. Re: iPKI Configuration on weblogic 11g
    user1022639 Newbie
    Currently Being Moderated
    Thanks Rane for pointing out the documentation. It helps me a lot.

    In the i509 cert the container takes out the user id from the identity Asserter and try to find a mapping inside the weblogic user store. So my question is do we need to have all the users in weblogic (either from LDAP authenticator or local LDAP or ....) I couldn't clearly find the answer from that documents. May be i might be beating around the wrong bush. :)

    So that means the client certificate is not sufficient also the user should be presented in the system.

    -t
  • 3. Re: iPKI Configuration on weblogic 11g
    RenévanWijk Oracle ACE
    Currently Being Moderated
    In WebLogic you create an LDAP (or other) authenticator in which you keep your users/groups.

    When you are using certificates you also need an asserter, which provides a mechanism to extract a username (or something similar).

    Now when a user tries to login, he/she provides some form of authentication, be it by using a certificate or explicitly enter a username and password.

    WebLogic uses (possibly through an asserter) the authenticator to see if the user is 'registered'. So the authenticator provides your 'database'
    that contains users.

    I hope I am a little clear , because it does not sound like it (but forgive me it is still early).

    An example and background information can be found here: http://middlewaremagic.com/weblogic/?p=6479
    The example uses single sign on and OID.
  • 4. Re: iPKI Configuration on weblogic 11g
    user1022639 Newbie
    Currently Being Moderated
    Thanks a lot

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points