Wednesday Dec 18, 2013

Steps to create a csr ( certificate signing request ) using keytool and get it signed from an external CA ( Certificate Authority - Thawte )

How to create a csr ?

How to get a certificate signed from an external / third party CA ?

How to create a certificate chain ?

-----------

 Defaults for keytool command in Java 1.6 :

-alias "mykey"

-keyalg

    "DSA" (when using -genkeypair)

    "DES" (when using -genseckey)

-keysize

    1024 (when using -genkeypair)

    56 (when using -genseckey and -keyalg is "DES")

    168 (when using -genseckey and -keyalg is "DESede")

-validity 90

In generating a public/private key pair, the signature algorithm (-sigalg option) is derived from the algorithm of the underlying private key: If the underlying private key is of type "DSA", the -sigalg option defaults to "SHA1withDSA", and if the underlying private key is of type "RSA", -sigalg defaults to "MD5withRSA".

-------------------------------------------

Defaults for keytool command in Java 1.7 :

-alias "mykey"

-keyalg

    "DSA" (when using -genkeypair)

    "DES" (when using -genseckey)

-keysize

    2048 (when using -genkeypair and -keyalg is "RSA")

    1024 (when using -genkeypair and -keyalg is "DSA")

    256 (when using -genkeypair and -keyalg is "EC")

    56 (when using -genseckey and -keyalg is "DES")

    168 (when using -genseckey and -keyalg is "DESede")

-validity 90

If the underlying private key is of type "DSA", the -sigalg option defaults to "SHA1withDSA"

If the underlying private key is of type "RSA", the -sigalg option defaults to "SHA256withRSA".

If the underlying private key is of type "EC", the -sigalg option defaults to "SHA256withECDSA".

 -------------------------------------------- 

The chaining can be of 2 types :

root……………………….ow = xxx

……………………………..is= xxx

inter ……………………… ow= xxx

………………………………is= yyy

signedcert……………….. ow= yyy

……………………………… is= ppp

and

signedcert ……………… ow= ppp

…………………………….. is= yyy

inter……………………… ow= yyy

…………………………….. is= xxx

root………………………. ow= xxx

…………………………….. is= xxx

In this post we will see how to create a csr and get it signed from a third party CA like Thawte...

[Read More]

Wednesday Dec 11, 2013

Steps to configure SAML 2.0 with Weblogic Server (using Oracle DB as a RDBMS security store)...

 What is SAML 2.0 ?

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains.

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is an identity provider, and a SAML consumer, that is a service provider

It enables cross-platform authentication between Web applications or Web services running in a WebLogic domain and Web browsers or other HTTP clients.

When users are authenticated at one site that participates in a single sign-on (SSO) configuration, they are automatically authenticated at other sites in the SSO configuration and do not need to log in separately.

One who generated the SAML token is called the Identity Provider OR Asserting Party OR Source Site.

And the one accepts the token is called the Service Provider OR Relying Party OR Destination Site.
Trust has to be established between them for SAML to work hence details of the Service Provider has to be with the Identity Provider and details of Identity Provider has to be with the Service Provider.

SAML can be classified into two types depending on the manner in which requests are obtained.

- IDP initiated ( Identity Provider Initiated )

- SP initiated ( Service Provider initiated )

-------------------------- 

- The RDBMS security store is required by the SAML 2.0 security providers in production environments so that the data they manage can be synchronized across all the WebLogic Server instances that share that data.

- Note that Oracle does not recommend upgrading an existing domain in place to use the RDBMS security store. If you want to use the RDBMS security store, you should configure the RDBMS security store at the time of domain creation. If you have an existing domain with which you want to use the RDBMS security store, create the new domain and migrate your existing security realm to it.

- For testing purpose you can use embedded LDAP instead of an external RDBMS store. 

In this post we will see how to configure SAML2 with Weblogic Server using Oracle DB as a RDBMS security store. 

[Read More]
About

Oracle Fussion Middleware - WebLogic

Search

Archives
« December 2013 »
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
12
13
14
15
16
17
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today