java search
Help improve Java Search

Monday, June 12, 2006

Security Enhancements in WebSphere 6.1

In his latest article, Keys Botzum gives an overview of the the security enhancements to WebSphere Application Server 6.1. Here is a a list of the enhancements, for more details, read the article.
  • Default Security Settings: Some of the default settings have been changed in the new version:
    • Administrative security is enabled automatically during installation.
    • All internal transports are authenticated by default.
    • Most internal transports are encrypted by default.
    • The default encryption keys are eliminated. A cell-specific set of keys is created automatically.
    • JNDI is read-only by default to all.
    • Messaging limits connections to only authenticated users granted the bus connect role by default. AllAuthenticated no longer has that role by default.
  • Simplified certificate and key management.
    • The admin client can query the server and automatically import the server's signing certificate
    • The admin tools can be used to generate certificates and certificate requests, import keys and certificates, manage certificates and keys, and even share them across the cell.
    • Programmatic APIs for applications to obtain URLStreamHandlers, SSLContext instances, and SSLSocketFactories, based on the WebSphere Application Server-managed SSL configuration.
    • LTPA encryption keys are automatically changed at regular intervals. To avoid outages, multiple key versions are simultaneously supported.
  • Support for federated repositories.
    • Support for file registry
    • Support for multiple LDAP registries.
    • Support for LDAP failover.
  • Fine-grained authorization control (below cell level) for administrative users.
  • Single Sign-On from windows desktops to intranet applications.

1 comment:

  1. I have 2 WAS 6.1 servers in 2 boxes and am trying to communicate with EJB's on downstream server by using the JNDI name look up over RMI/IIOP with machine name and port num.

    It is giving me org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No

    I have enabled global security and application security,and am using CSIV2 outbound[upstream server], CSIV2 inbound [downstream server].

    Is there any thing i have to take care.
    Any help appriciated.