To accommodate a wide variety of security requirements, WebSphere Portal integrates with other security infrastructure components to provide authentication, authorization, and single sign-on (SSO) capabilities. This page provides resources for portlet developers, portal administrators, IT Security professionals, and portal developers who need to configure, administer, or use WebSphere Portal security features.
Learn about WebSphere Portal security capabilities
New security APIs in WebSphere Portal: Learn about three new security APIs: the portlet login service, the remember me cookie portlet service, and the authentication filter model.
WebSphere Portal v6.0 Security Overview: Portal security architects describe the WebSphere Portal architecture and use deployment scenarios to illustrate the flexibility and breadth of options you can use to implement your own portal security infrastructure. (Also see: V5.1 security overview.)
Performance tuning of Portal Access Control: Get essential performance background information so you can improve your portal's performance, including login, read-only operation, and administration performance. Learn how to prevent future portal access control performance issues by making the best use of PAC.
Configuring single sign-on using Tivoli Access Manager and WebSphere Portal: Provides detailed steps for configuring a Trust Association Interceptor (TAI) with a trusted user and other possible SSO configurations.
Securing sensitive data using SSL in Websphere Portal: Portal administrators and developers learn an approach for securing personal information on selected portal pages.
Meet the experts: Keys Botzum on WebSphere security: WebSphere consultant and security expert Keys Botzum provides insight to WebSphere Application Server and WebSphere Portal security.
Develop and Deploy a Secure Portal Solution, Using WebSphere Portal V5.0.2 and Tivoli Access Manager V5.1: This IBM Redbook discusses portal security architecture, topology selection, design, and integration considerations, and provides and describes a complete working example.
Exploiting the WebSphere Portal V220.127.116.11 programming model, Part 3: Integrating WebSphere Portal into your security environment: Shows how to use programming interfaces to implement SSO, customize portal login behavior, and access user profile systems.
Get quick access to recent security bulletins with required updates
- Fix Available: Security vulnerability in WebSphere Application Server might affect Portal, WCM or Quickr customers
- 6.0.1, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 6.1: Access problems with BasicAuthTAI in WebSphere Portal
- 220.127.116.11: Addnode.log file contains sensitive information in plain text
- IBM WebSphere Application Server JSP exposure
- WebSphere Portal WSRP producer exposure
- Security updates for WebSphere Portal component XMLAccess included in PK13338
- Security update for Exchange portlets included in PK12518
- Potential security vulnerability in IBM Directory Server
See WebSphere Portal security usage examples
Implement an on demand security scanning application using Websphere Portal: This article demonstrates how to integrate a scanning tool—the Nessus vulnerability scanner, in this case—with your portal so that your users can scan their own computers, on demand.
Accessing secure remote Web applications using a portlet service: This article explains how to use a portlet service to encapsulate the interaction between portlets and a remote Web application—for example, a WebSphere Application Server application that uses an LDAP directory and LTPA for security. Sample code and configuration examples are included to demonstrate connecting to either a session EJB or to a servlet.
More articles on security: Browse our collection of technical articles, tutorials, and books on WebSphere Portal security topics.