Security enhancements

Learn about the new security features and functionality that are offered by WebSphere Commerce Version 7 in the areas of authentication, authorization, and access control policies. These features and functionality are important for the chief security officer or the security administrator responsible for securing your site.

WebSphere Commerce Version 7.0.0.9 or laterOracle

WebSphere Commerce utilities can authenticate users with an Oracle Wallet

As an administrator, you can configure the database connection process for WebSphere Commerce utilities to use an Oracle Wallet to authenticate users with SSL certificates or encrypted passwords in the Oracle Wallet. By configuring the database connection process to authenticate users with an Oracle Wallet, you can make the database connection process more secure. For more information about this configuration, see Configuring the Oracle database connection for utilities to authenticate users with Oracle Wallet.
Introduced in Feature Pack 3

Enhance site security with zero downtime

Rotating merchant keys in a WebSphere Commerce instance allows site administrators to enhance site security without any site downtime.

WebSphere Commerce can generate the LTPA cookie in single sign-on scenarios

HTTP single sign-on preserves user authentication on different web applications. By using HTTP single sign-on, the user is not prompted multiple times for security credentials within a trust domain.

WebSphere Commerce can read and generate the Lightweight Third Party Authentication (LTPA) cookie, which is used to pass SSO credentials between WebSphere Application Server applications. To support SSO, WebSphere Commerce requires LDAP to be used as the common user repository that is shared by all of the applications that require SSO.

WebSphere Commerce uses federated repositories to connect to LDAP

WebSphere Commerce connects to LDAP by using Federated repositories, provided in WebSphere Application Server version 7. The federated repositories consist of one or more LDAP servers and a built-in, file-based repository.