Thanks to Rainier Varilla for alerting me to a rather useful article on the WebSphere Portal Wiki: -
Web security concepts and considerations for IBM WebSphere Portal administrators
BM WebSphere Portal can be leveraged to enforce security, an important requirement for many Web applications. It relies on underlying technologies in delivering certain security functionality and provides integration points for other security-related technologies.
This article is intended to inform WebSphere Portal administrators on how to leverage these capabilities to deliver secure Web applications. It provides examples, including configuration excerpts, but is not intended to replace product documentation as the primary reference for enablement.
This document focuses on WebSphere Portal versions 7.0 and 6.1. Most of these concepts also apply to earlier versions, although WebSphere Portal employed a different member manager in versions prior to 6.1.
The ToC is impressive: -
* 1 Introduction
* 2 WebSphere Portal and authentication
o 2.1 Authentication against a user registry
o 2.2 External security manager (ESM)
o 2.3 Single sign-on (SSO)
* 3 WebSphere Portal and authorization
o 3.1 Authorization and the user repository
o 3.2 Portal access control & external identifiers
* 4 Virtual portals and realms
* 5 Sessions
* 6 Other LDAP considerations
* 7 Users' passwords
* 8 Remember Me and Step-up Authentication
* 9 Impersonation
* 10 SSL
* 11 Cross-site scripting
* 12 Securing the operating system
* 13 Conclusion
* 14 Resources and Glossary
* 15 About the author
so the article covers a lot of very useful ground.
Worth a read ...
Geeking in technology since 1985, with IBM Development, focused upon Docker and Kubernetes on the IBM Z LinuxONE platform In the words of Dr Cathy Ryan, "If you don't write it down, it never happened". To paraphrase one of my clients, "Every day is a school day". I do, I learn, I share. The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions. Remember, YMMV https://infosec.exchange/@davehay
Subscribe to:
Post Comments (Atom)
Reminder - installing podman and skopeo on Ubuntu 22.04
This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman and skopeo on an Ubuntu box: - lsb_rel...
-
Why oh why do I forget this ? Running this command : - ldapsearch -h ad2012.uk.ibm.com -p 389 -D CN=bpmbind,CN=Users,DC=uk,DC=ibm,DC=com -w...
-
Error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)" on a LDAPSearch command ...Whilst building my mega Connections / Domino / Portal / Quickr / Sametime / WCM environment recently, I was using the LDAPSearch command tha...
-
Whilst building a new "vanilla" Kubernetes 1.25.4 cluster, I'd started the kubelet service via: - systemctl start kubelet.se...
No comments:
Post a Comment