Before you begin
You must first create the Web Service security configuration that is associated with a Web Service before you can configure specific features.
See Create a Web Service security configuration for details about creating a security configuration.
By default, the WebLogic Web Services runtime always validates the
X.509 certificate specified in the <KeyInfo>
assertion of any associated WS-Policy file. To disable this validation
when using SAML holder_of_key
assertions, you must
configure the Web Service security configuration associated with the Web
service by setting a property on the SAML token handler, as described in
the following procedure.
Web Services programmers associate a Web Service security
configuration using the @WssConfiguration
JWS
annotation; the value
attribute specifies the
associated configuration name. If the programmer does not specify
the value
attribute, the Web Service is associated
with the default security configuration:
default_wss
.
default_saml_handler
.weblogic.wsee.security.saml.SAMLTokenHandler
.saml
.0
.EnableHoderOfKeyValidation
.false
.Leave the Is Encrypted check box unchecked.
After you finish
You must redeploy any Web Service which is associated with this security configuration for the security changes to take effect.