JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle OpenSSO 8.0 Update 2 Release Notes
Oracle Technology Network
Library
PDF
Print View
Feedback

Document Information

Preface

1.  About OpenSSO 8.0 Update 2

2.  OpenSSO 8.0 Update 2 Patch Releases

3.  Installing OpenSSO 8.0 Update 2

4.  Using the Security Token Service

Adding a WSSAuth Authentication Module

To Add a New Web Service Security Authentication Module Instance

To Configure a WSSAuth Authentication Module Instance

Adding an OAMAuth Authentication Module

To Add a New Oracle Authentication Module Instance

To Configure an Oracle Authentication Module Instance

Generating Security Tokens

Registering a Web Service Provider to OpenSSO STS

Requesting a Web Service Client Security Token from OpenSSO STS

Using the Security Token Generation Matrix

5.  Using the Oracle OpenSSO Fedlet

6.  Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager

Generating Security Tokens

Oracle OpenSSO Security Token Service (OpenSSO STS) establishes a trust relationship between a web service client and a web service provider, and then brokers the trust between them. The web service can trust tokens issued by just one entity instead of having to communicate with several clients. In this way, OpenSSO STS significantly reduces trustpoint management overhead.

The following sections provide instructions for determining your security token needs, and for configuring the Security Token Service to generate and validate security tokens to meet those needs.

Registering a Web Service Provider to OpenSSO STS

When you add a new web service provider security agent profile, the web service provider is automatically registered to OpenSSO STS. See To Create a New Agent Profile in Sun OpenSSO Enterprise 8.0 Administration Guide.

Once you've registered a web service provider to OpenSSO STS, you can configure OpenSSO STS to generate web client security tokens acceptable by the web service provider.

Requesting a Web Service Client Security Token from OpenSSO STS

First determine what kind of security token the web service provider requires. OpenSSO STS supports Liberty Alliance Project Security Tokens and Web Services-Interoperability Basic Security Profile Security Tokens.

Using the Security Token Generation Matrix

Use the Security Token Generation Matrix to help you configure OpenSSO STS to generate a web service client security token required by the web service provider. First, in the last column titled OpenSSO STS Output Token, find a description that meets the web service provider token requirements. Then use the parameter values in the same row when you configure the Security Token Service. The "Token Generation Matrix Legend" provides information about the table headings and available options. See Section 5.2.3, "To Configure the Security Token Service" for detailed configuration instructions. For general information about Web Service Security and related terminology, see:

The Security Token Generation Matrix summarizes frequently-used Security Token Service parameter settings and the types of security tokens OpenSSO STS generates based on these settings.

Table 4-1 Security Token Generation Matrix

Row
Message-Level Security Binding
Web Service Client Token
KeyType
OnBehalfOf Token
Use Key
OpenSSO STS Output Token
1
Asymmetric
X509
Bearer
Yes
No
SAML Bearer, no proof key
2
Asymmetric
Username
Bearer
Yes
No
SAML Bearer, no proof key
3
Asymmetric
X509
Bearer
No
No
SAML Bearer, no proof key
4
Asymmetric
Username
Bearer
No
No
SAML Bearer, no proof key
5
Asymmetric
X509
Symmetric
Yes
No
SAML Holder-of-Key, Symmetric proof key
6
Asymmetric
Username
Symmetric
Yes
No
SAML Holder-of-Key, Symmetric proof key
7
Asymmetric
X509
Symmetric
No
No
SAML Holder-of-Key, Symme
8
Asymmetric
Username
Symmetric
No
No
SAML Holder-of-Key, Symmetric proof key
9
Asymmetric
X509
Asymmetric
No
Web Service Client public key
SAML Holder-of-Key, Asymmetric proof key
10
Asymmetric
X509
Oracle-proprietary for SAML sender-vouches
Yes
No
SAML sender-vouches, no proof key
11
Asymmetric
Username
Oracle-proprietary for SAML sender-vouches
Yes
No
SAML sender-vouches, no proof key
12
Transport
Username
Bearer
Yes
No
SAML Bearer, no proof key
13
Transport
Username
Bearer
No
No
SAML Bearer, no proof key
14
Transport
Username
Symmetric
Yes
No
SAML Holder-of-Key, Symmetric
15
Transport
Username
Symmetric
No
No
SAML Holder-of-Key, Symmetric proof key
16
Transport
Username
Oracle-proprietary for SAML sender-vouches
Yes
No
SAML sender-vouches, no proof key
17
Asymmetric
X509
Asymmetric
No
No
SAML Holder-of-Key, Asymmetric proof key
18
Asymmetric
X509
No
No
No
SAML Holder-of-Key, Asymmetric proof key
19
Asymmetric
Username
No
No
No
SAML Holder-of-Key, Symmetric proof key
20
Transport
Username
No
No
No
SAML Holder-of-Key, Symmetric proof key
Copyright © 2010, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next