Validated Product - BEA WebLogic Portal V8.1 SP5 with BEA06-81.02 and BEA07-107.02 security advisory patches

PRODUCT DESCRIPTION

The TOE, BEA WebLogic Portal® V8.1 SP5 with BEA06-81.02 and BEA07-107.02 security advisory patches, is an enterprise portal infrastructure that enables the creation of portal interfaces independently of application logic or Web pages. It comprises a WebLogic Portal subsystem and also a single supporting BEA WebLogic ServeR® (WLS) subsystem.

WebLogic Server delivers an application infrastructure for building and integrating distributed multi-tier applications. It is based on standards such as J2EE, Web services, and XML. WebLogic Server includes the WebLogic Workshop® IDE for application development, and also provides enterprise-level security and administration facilities.

WebLogic Portal is built on WebLogic Server and provides the functionality for developing and running portals. A portal is a Web site that gives users a single point of access to applications and information in a unified interface. A portal lets users view each application or Web page in its own window, called a portlet, and a single browser window can contain multiple portlets.   WebLogic Portal provides a portal framework, lifecycle management tools, and business services that allow users to create and manage portals that provide users with audience-specific views of applications and information, while enforcing user business policies and security requirements.

The TOE consists of a single WebLogic Server subsystem, a single WebLogic Portal subsystem, and the following configured WebLogic security providers: Auditing Provider; Authorization Provider; Adjudication Provider; Role Mapping Provider; Authentication Provider; RDBMS Authentication Provider; Identity Assertion Provider; WSRP Identity Assertion Provider; and Credential Mapping Provider.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the BEA WebLogic Portal® 8.1 SP 5 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and International Interpretations effective on 3 September 2004.  The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL2 family of assurance requirements, augmented with ALC_FLR.1 (Basic flaw remediation).  The product, when configured as specified in “Managing WebLogic Security” (published at http://e-docs.bea.com/wls/docs81/secmanage/index.html) and “WebLogic Portal Security” (published at http://e-docs.bea.com/wlp/docs81/sp5/security/security.html), satisfies all of the security functional requirements stated in the BEA WebLogic Portal Security Target.  One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC.  The evaluation was completed in November 2006.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-07-0010) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

BEA WebLogic Portal® V8.1 SP5 with BEA06-81.02 and BEA07-107.02 security advisory patches (hereafter generally referred to as WLP) provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a cooperative non-hostile environment with good physical access security and competent administrators.

The primary security functionality of the TOE is to provide access control to WLP and WLS resources. Generally, user requests come in from the network and are handled by the WLS security framework. If the user is attempting to access an application associated with the WLP subsystem, the WLP subsystem will be invoked in addition to the WLS security framework. As such, the WLP subsystem serves to extend the WLS security framework to control access to the following WLP objects: Portlets; Pages; Books; Desktops; and Look/Feel.

BEA WebLogic Portal® 8.1 SP5 supports the following five security functions:

Security Audit

The TOE generates audit records of security relevant events as they occur within the security framework.  The audit records are stored in the environment in which the TOE operates (i.e., the underlying operating system) and can be viewed by any text editor provided by the underlying operating system. The WebLogic Auditing Provider furnishes the TOE’s audit record generation capability.

User Data Protection

The TOE controls access to WLP and WLS resources based on user identity, group membership, dynamically assigned roles, and resource security policy. The TOE assigns a default security policy to each of the resource types it controls. A TOE administrator can override the default security policy to make it more or less restrictive according to the needs of the installation. When a resource is created, it inherits the policy of the resource type, but this too can be overridden by an administrator specifying a new policy specific to the resource. Security policies can be specified to restrict access to the resource based on combinations of user identity, user group memberships, dynamically assigned roles, and hours of access. The WebLogic Authorization Provider determines whether or not access to a resource should be granted.

The WebLogic Role Mapping Provider computes the set of roles granted to a user for a given resource. The TOE defines five global roles by default: Admin; Deployer; Operator; Monitor; and Anonymous. The first four roles represent various levels of administrative access, while all users are granted the Anonymous role. In addition to these default roles, a TOE administrator can define new roles, based on logical combinations of the following role conditions: user name of the caller; group membership of the caller; hours of access. Roles can be scoped to the entire security realm or to specific deployed resources (such as Web Applications and Enterprise Java Beans).

It is possible (though not supported in the evaluated configuration) to configure multiple Authorization Providers. The WebLogic Adjudication Provider determines if a user request for access to a protected resource will be granted in the case when multiple Authorization Providers are configured and return different responses to the request for access.

Identification and Authentication

The TOE supports multiple identification and authentication mechanisms: username and password; token-based (using X.509 certificates, CORBA Common Secure Interoperability version 2 (CSIv2) identity assertion, or Security Assertion Markup Language (SAML) assertions); RDBMS-based Security Support Provider Interface (SSPI) when accessing WLP objects; and credential mapping. The WebLogic Authentication Provider supports password-based authentication. The WebLogic Identity Assertion Provider supports identity assertion using X.509 certificates and CSIv2, while the WSRP (Web Services for Remote Portlets) Identity Assertion Provider processes SAML assertions made by portlet consumers. The WLP RDBMS Authentication Provider supports RDBMS-based SSPI authentication. The WebLogic Credential Mapping Provider supports the process whereby the authentication and authorization mechanisms of a remote system (for example, a legacy system or application) are used to obtain an appropriate set of credentials to authenticate users to a target WLS resource.

Security Management

The TOE provides security management capability via the browser-based Administrator Console GUI and the weblogic.Admin command-line tool (although all security management capability provided by the command-line tool is also available through the GUI). In addition, the TOE provides the Portal Administration Tool, a web application used by administrators to manage Portal resources. A user must be assigned one of the four global default management roles (i.e., Admin, Deployer, Operator, Monitor) in order to successfully invoke and login to the TSF via the Administrator Console, command-line tool, or Portal Administration Tool.

The TOE provides a security provider database to store data used by the various security providers.  In the evaluated configuration, an embedded LDAP server is used for the security provider database, and WLP is designed to ensure that only a user acting in an appropriate role can modify or review WLP configuration data.

Protection of the TSF

The TOE encapsulates the applications it protects within the WebLogic Server security framework (and using Portal extensions) to ensure that the security mechanisms are always invoked when resources are requested through WebLogic supported applications. WLP operates as a collection of Java applications that operate in their own domains distinct from one another and also from other potentially untrusted entities.  This arrangement necessarily depends upon good configuration and administration for protection from such untrusted entities.