WebLogic Server enables you to configure Weblogic Domains to inter-operate each other via Cross Domain Security Between WebLogic Server Domains & Global Trust between Domains. In this post I am going to demonstrate the "Steps to Configure Global Trust between Weblogic Domains".
When you enable global trust between two domains, the trust relationship is transitive and symmetric. In other words, if Domain A trusts Domain B then Domain B will also trust Domain A. How is this done? You do this by specifying the same Domain Credential for each of the domains. By default, the Domain Credential is randomly generated and therefore, no two domains will have the same Domain Credential. If you want two WebLogic Server domains to inter-operate, you need to replace the generated credential with a credential you select, and set the same credential in each of the domains.
Global trust between domains is established so that principals in a Subject from one WebLogic Server domain are accepted as principals in another domain. When this feature is enabled, identity is passed between WebLogic Server domains over an RMI connection without requiring authentication in the second domain. WebLogic Server signs Principals with the Domain Credential as Principals are created. When a Subject is received from a remote source, its Principals are validated.If validation fails, an error is generated. If validation succeeds, the Principals are trusted as if they were created locally.
Steps to Configure Global Trust between Weblogic Domains
1. If you have not already done so, in the Change Center of the Administration Console, click "Lock & Edit"
2. In the left pane, click on the domain name.
3. In the right pane, Select Security > General tab and click Advanced link at the very bottom of the page.
4. Enter the chosen password for the domain in the Credential & Confirm Credential text field.
5. Click Save and in the Change Center of the Administration Console, click "Activate Changes".
6. Perform the same procedure from Steps 1-5 in other domains for which you want to enable global trust. Make sure that you pass same credentials in other domains too.
That's it with the configurations.
Please do your valuable comments.
4 comments:
Is there a way to enable the global trust via WLST. Currently i am using as above. My WL version is 9.2MP4
Hi!
It's nice and good, but could you post an example code how to build that RMI call to pass identity to the other domain? How to lookup the EJB bean wanted to call and does it need any additional programming steps to pass local identity to the remote domain?
Thanks!
Hi,
I tried the steps to enable the global trust domain. BUt after restarting the server, i have lost admin privilege from weblogic user.
Please help.
Post a Comment