The following topics describe how to enable and disable Security Token Service:
Elements in the Oracle Access Management Console enable Administrators to easily configure the Token Service to exchange WS Trust tokens with partners. All Security Token Service system configuration is done using the Oracle Access Management Console.
Token Service elements provide for creation, viewing, modification, and removal of partners, endpoints, validation templates, issuance templates, and data store connections. The configuration includes the following common tasks covered in Managing Common and System Configurations of this book:
Registering and managing common OAM Servers and proxy information
Registering and managing the common Default User Identity Store
Configuring the OAM Keystore, which differs from the OWSM Keystore used for WSS processing
Certificate Validation and Revocation
The Oracle Access Management Console enables Administrators to perform the following Security Token Service-specific tasks:
Manage validation token templates: The validation templates include configuration properties to validate a Web Services Security/WSTrust token, and map it to a Requester Partner or a User record in the Default User Identity Store.
Manage issuance templates: The issuance templates contain rules on how a token will be created
Manage Partner Data: A partner represents a partner trusted by Security Token Service. Security Token Service defines three types of partners: Requester, Relying Party and Issuing Authority. Each partner entry is associated to a partner profile. The partner entry contains signing and encryption certificates and identifiers used to uniquely identify a partner
Manage Partner Profile: A partner profile contains configuration properties that are common to a set of partners:
Claim Mapping
Token Types definition
Issuance and Validation templates defined for the token Types
Override Validation Template rules for Issuing Authorities(Other STS)
Manage Security Token Service Endpoints
Manage Token Issuance Policies (authorization policies that will be evaluated to determine if a Requester Partner can request a token based on the Relying Party referenced in the request)
Security Token Service Global Settings
Custom tokens
Users with administrative access to the Oracle Access Management Console, have access to Security Token Services.
Initially, administrative users must log in to the Oracle Access Management Console using the WebLogic Administrator credentials set during initial configuration. However, your enterprise may require independent sets of Administrators: one set of users responsible for Access Manager and another for Security Token Service.
When using Security Token Service with Access Manager, logging in to, and signing out of the Oracle Access Management Console is the same.
For more information on logging in and out of Oracle Access Management Console,
See About Logging Into the Oracle Access Management Console.
By default Security Token Service is disabled. If you want to use Security Token Service, both Security Token Service and Access Manager must be enabled.
A green check mark in the Status field beside the service name indicates the service is enabled. A red circle with a line through it indicates that the corresponding service is disabled.
The following topics explain how to enable and disable services for Security Token Service:
Oracle Access Manager service must be enabled.
By default Security Token Service is disabled. You need to enable the Oracle Access Manager service before enabling and disabling services for Security Token Service.
You can enable and disable a Security Token Service using Oracle Access Management Console.
To enable or disable Security Token Service: