Thanks to Rainier Varilla for alerting me to a rather useful article on the WebSphere Portal Wiki: -
Web security concepts and considerations for IBM WebSphere Portal administrators
BM WebSphere Portal can be leveraged to enforce security, an important requirement for many Web applications. It relies on underlying technologies in delivering certain security functionality and provides integration points for other security-related technologies.
This article is intended to inform WebSphere Portal administrators on how to leverage these capabilities to deliver secure Web applications. It provides examples, including configuration excerpts, but is not intended to replace product documentation as the primary reference for enablement.
This document focuses on WebSphere Portal versions 7.0 and 6.1. Most of these concepts also apply to earlier versions, although WebSphere Portal employed a different member manager in versions prior to 6.1.
The ToC is impressive: -
* 1 Introduction
* 2 WebSphere Portal and authentication
o 2.1 Authentication against a user registry
o 2.2 External security manager (ESM)
o 2.3 Single sign-on (SSO)
* 3 WebSphere Portal and authorization
o 3.1 Authorization and the user repository
o 3.2 Portal access control & external identifiers
* 4 Virtual portals and realms
* 5 Sessions
* 6 Other LDAP considerations
* 7 Users' passwords
* 8 Remember Me and Step-up Authentication
* 9 Impersonation
* 10 SSL
* 11 Cross-site scripting
* 12 Securing the operating system
* 13 Conclusion
* 14 Resources and Glossary
* 15 About the author
so the article covers a lot of very useful ground.
Worth a read ...
Geeking in technology since 1985, with IBM Development, focused upon Docker and Kubernetes on the IBM Z LinuxONE platform In the words of Dr Cathy Ryan, "If you don't write it down, it never happened". To paraphrase one of my clients, "Every day is a school day". I do, I learn, I share. The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions. Remember, YMMV
Subscribe to:
Post Comments (Atom)
TIL - read-only variables in Linux
A co-worker was seeing an exception: - line 8: TMOUT: readonly variable when trying to SCP a file from a remote Linux box. I did some digg...
-
After an unscheduled reboot of the VMs that host my K8s cluster, I was struggling to work out why the kubelet wasn't starting properly...
-
I hit a wee snag earlier today, whilst attempting to unpack some IBM software on my NAS. Being a command-line junkie, I'd SSH'd into...
-
I've just spent ~1 hour trying to get a pair of Powerline adapters to .... pair. This involved pressing a "Pair" button on one...
No comments:
Post a Comment