Monday, June 12, 2006

Security Enhancements in WebSphere 6.1

In his latest article, Keys Botzum gives an overview of the the security enhancements to WebSphere Application Server 6.1. Here is a a list of the enhancements, for more details, read the article.
  • Default Security Settings: Some of the default settings have been changed in the new version:
    • Administrative security is enabled automatically during installation.
    • All internal transports are authenticated by default.
    • Most internal transports are encrypted by default.
    • The default encryption keys are eliminated. A cell-specific set of keys is created automatically.
    • JNDI is read-only by default to all.
    • Messaging limits connections to only authenticated users granted the bus connect role by default. AllAuthenticated no longer has that role by default.
  • Simplified certificate and key management.
    • The admin client can query the server and automatically import the server's signing certificate
    • The admin tools can be used to generate certificates and certificate requests, import keys and certificates, manage certificates and keys, and even share them across the cell.
    • Programmatic APIs for applications to obtain URLStreamHandlers, SSLContext instances, and SSLSocketFactories, based on the WebSphere Application Server-managed SSL configuration.
    • LTPA encryption keys are automatically changed at regular intervals. To avoid outages, multiple key versions are simultaneously supported.
  • Support for federated repositories.
    • Support for file registry
    • Support for multiple LDAP registries.
    • Support for LDAP failover.
  • Fine-grained authorization control (below cell level) for administrative users.
  • Single Sign-On from windows desktops to intranet applications.

1 comment:

  1. I have 2 WAS 6.1 servers in 2 boxes and am trying to communicate with EJB's on downstream server by using the JNDI name look up over RMI/IIOP with machine name and port num.

    It is giving me org.omg.CORBA.NO_PERMISSION: Authentication failed. Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion vmcid: 0x49424000 minor code: 30D completed: No

    I have enabled global security and application security,and am using CSIV2 outbound[upstream server], CSIV2 inbound [downstream server].

    Is there any thing i have to take care.
    Any help appriciated.

    ReplyDelete