WebSphere Portal Security

To accommodate a wide variety of security requirements, WebSphere Portal integrates with other security infrastructure components to provide authentication, authorization, and single sign-on (SSO) capabilities. This page provides resources for portlet developers, portal administrators, IT Security professionals, and portal developers who need to configure, administer, or use WebSphere Portal security features.

WebSphere Portal Security Overview: V5.1, V6.0

Portal security architects describe the WebSphere Portal architecture and use deployment scenarios to illustrate the flexibility and breadth of options you can use to implement your own portal security infrastructure.

Performance tuning of Portal Access Control

Get essential performance background information so you can improve your portal's performance, including login, read-only operation, and administration performance. Learn how to prevent future portal access control performance issues by making the best use of PAC.

Configuring single sign-on using Tivoli Access Manager and WebSphere Portal

Provides detailed steps for configuring a Trust Association Interceptor (TAI) with a trusted user and other possible SSO configurations.

Securing sensitive data using SSL in Websphere Portal

Portal administrators and developers learn an approach for securing personal information on selected portal pages.

Meet the experts: Keys Botzum on WebSphere security

WebSphere consultant and security expert Keys Botzum provides insight to WebSphere Application Server and WebSphere Portal security.

Develop and Deploy a Secure Portal Solution, Using WebSphere Portal V5.0.2 and Tivoli Access Manager V5.1

This IBM Redbook discusses portal security architecture, topology selection, design, and integration considerations, and provides and describes a complete working example.

Exploiting the WebSphere Portal V5.1.0.1 programming model, Part 3: Integrating WebSphere Portal into your security environment

Shows how to use programming interfaces to implement SSO, customize portal login behavior, and access user profile systems.

March, 2006

• 5.0.2.12: Addnode.log file contains sensitive information in plain text
• IBM WebSphere Application Server JSP exposure
• WebSphere Portal WSRP producer exposure

January, 2006

• Fixes for reflection of URL parameters on selfcare and login screens

November, 2005

• Security updates for WebSphere Portal component XMLAccess included in PK13338
• Security update for Exchange portlets included in PK12518
• Potential security vulnerability in IBM Directory Server

Back to top

Implement an on demand security scanning application using Websphere Portal

Shows how to integrate a scanning tool --the Nessus vulnerability scanner, in this case-- with your portal so that your users can scan their own computers, on demand.

Accessing secure remote Web applications using a portlet service

Tells how to use a portlet service to encapsulate the interaction between portlets and a remote Web application--for example, a WebSphere Application Server application that uses an LDAP directory and LTPA for security. Sample code and configuration examples are included to demonstrate connecting to either a session EJB or to a servlet.

More articles on security

Browse our collection of technical articles, tutorials, and books on WebSphere Portal security topics.

Back to top