•
• <sp:SignedParts> Assertion (Limited support)
• <sp:UsernameToken> Assertion (Limited support)
• <sp:X509Token> Assertion (Limited support)
• <sp:TransportBinding > Assertion (Limited support)For more details about limitations of WS-SecurityPolicy 1.2 assertions, please refer to Oracle SALT WSSP1.2 Assertion Description.For more information about WSSP 1.2 assertions supported by WebLogic 10, please refer to “Using WS-SecurityPolicy 1.2 Policy Files in the Oracle WebLogic Web Services Documentation.In this document, XML namespace prefix “sp” stands for namespace URI “http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512”.Listing E‑1 demonstrates how to apply Username token authentication with WSSP 1.2 assertions.Listing E‑1 WSSP 1.2 Policy File SampleOracle SALT provides a number of WS-SecurityPolicy 1.2 template files you can use for most typical Web Service applications. These policy files are located in directory TUXDIR/udataobj/salt/policy.
• Listing E‑2 shows an Oracle SALT supported TransportToken Assertion example.Listing E‑2 Supported TransportToken Assertions
• <sp:InitiatorToken> must be associated with <sp:X509Token> and the Token inclusion type must be “AlwaysToRecipient“
• <sp:RecipientToken> must be associated with <sp:X509Token> and the Token inclusion type must be “Never”Listing E‑3 shows an Oracle SALT supported AsymmetricBinding assertion example. This assertion indicates the X.509 V3 binary token that defined in WS-Security X.509 Token Profile 1.1 specification is used for digital signature for the SOAP request messages and the X.509 token is always included in the SOAP message security header:Listing E‑3 Supported AsymmetricBinding AssertionSpecifies security tokens that are included in the security header and may optionally include additional message parts to sign and/or encrypt. For Oracle SALT, <SupportingToken> Assertion is used mainly to include Username Token in the security header when <sp:AsymmetricBinding> Assertion is used.Listing E‑4 shows an Oracle SALT supported SupportingToken assertion example. This assertion indicates the Username token is always included in SOAP request messages:Listing E‑4 Supported SupportingToken Assertion