WBLC-05-000150 - Oracle WebLogic must uniquely identify and authenticate users (or processes acting on behalf of users).

Information

To assure accountability and prevent unauthorized access, application server users must be uniquely identified and authenticated.

The application server must uniquely identify and authenticate application server users or processes acting on behalf of users. This is typically accomplished via the use of a user store which is either local (OS-based) or centralized (LDAP) in nature.

Solution

1. Access AC
2. From 'Domain Structure', select 'Security Realms'
3. Select realm to configure (default is 'myrealm')
4. Select 'Providers' tab -> 'Authentication' tab
5. Utilize 'Change Center' to create a new change session
6. Click 'New'. Enter a value in 'Name' field and select a valid authentication provider type (e.g., LDAPAuthenticator) in the 'Type' dropdown. Click 'OK'
7. From the list, select the newly created authentication provider and select the 'Configuration' tab -> 'Provider Specific' tab
8. Set all provider specific values to configure the new authentication provider. Click 'Save'
9. Continuing from step 4, if the new authentication provider is perimeter-based, click 'New'. Enter a value in 'Name' field and select a valid authentication provider type (e.g., SAML2IdentityAsserter) in the 'Type' dropdown. Click 'OK'
10. From the list, select the newly created authentication identity asserter and select the 'Configuration' tab -> 'Provider Specific' tab
11. Set all provider-specific values to configure the new authentication identity asserter. Click 'Save'

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_WebLogic_Server_12c_V2R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2, CAT|I, CCI|CCI-000764, Rule-ID|SV-235964r628670_rule, STIG-ID|WBLC-05-000150, STIG-Legacy|SV-70531, STIG-Legacy|V-56277, Vuln-ID|V-235964

Plugin: Unix

Control ID: 4b77b510b90fd4edd66b6fbb063878ba0ee7945ee01e526c8a68f6f75ba25fc5