Configuring Trust Between Two Domains
Two or more WebLogic domains
can be configured so that they trust each other.
When you’ve set up trust between two different
WebLogic domains, you enable authenticated WebLogic users in one
domain to access protected resources in another domain. For instance,
an authenticated user in one domain may invoke a protected web
service or an EJB in another domain without requiring any additional
authentication. Let’s say that we have two WebLogic
domains, A and B. Trust between
the domains means that the subject’s principals in
one domain — say, A — are accepted by
the other domain, B (and vice versa) and are
treated as if they were local principals of domain
B. The Authorization Providers within domain
B remain unaware of the fact that the
subject’s principals belong to domain
A.
Two WebLogic domains will trust each other only if they both have the same Credential attribute. The Credential attribute represents a string value that is assigned to a domain and then is used to sign principals that belong to subjects created in that domain. Ordinarily, if you haven’t explicitly set the domain credential, it is assigned a random value when the Administration Server is first booted. All Managed Servers in the domain subsequently import this credential when they are booted as well. In order to set the Credential attribute for a WebLogic domain, select your domain from the left pane of the Administration Console, choose the View Domain-Wide Security Settings ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access