This content has been marked as final. Show 4 replies
Information on SSL can be found here: http://www.evsslcertificate.com/ssl/description-ssl.html and http://www.tech-faq.com/understanding-ssl-secure-sockets-layer.html
The WebLogic security guide can be found here: http://download.oracle.com/docs/cd/E17904_01/web.1111/e13707/toc.htm
A step-by-step example on how to set-up SSL/TLS can be found here: http://download.oracle.com/docs/cd/E17904_01/web.1111/e13707/toc.htm
especially the 'Setting-up SSL/TLS' section
Thanks Rane for pointing out the documentation. It helps me a lot.
In the i509 cert the container takes out the user id from the identity Asserter and try to find a mapping inside the weblogic user store. So my question is do we need to have all the users in weblogic (either from LDAP authenticator or local LDAP or ....) I couldn't clearly find the answer from that documents. May be i might be beating around the wrong bush. :)
So that means the client certificate is not sufficient also the user should be presented in the system.
In WebLogic you create an LDAP (or other) authenticator in which you keep your users/groups.
When you are using certificates you also need an asserter, which provides a mechanism to extract a username (or something similar).
Now when a user tries to login, he/she provides some form of authentication, be it by using a certificate or explicitly enter a username and password.
WebLogic uses (possibly through an asserter) the authenticator to see if the user is 'registered'. So the authenticator provides your 'database'
that contains users.
I hope I am a little clear , because it does not sound like it (but forgive me it is still early).
An example and background information can be found here: http://middlewaremagic.com/weblogic/?p=6479
The example uses single sign on and OID.