You need to perform the following task to manage and migrate Security Token Service policies:
Security Token Service policies for endpoints reside in sts-policies.jar. This file lists all the policies packaged in the directory as file names to allow the server to read the JAR entries programmatically when migrating policies to destination repository.
This jar is copied to following location under $WLS_HOME ($Oracle_IDM1, for example):
$WLS_HOME/oam/server/policy
The sts-policies.jar contains the stspolicies.prop file at the following location in the JAR:
META-INF/policies/sts/
Note:
Be sure to update policies and stspolicies.prop as needed before migration.
The following procedure outlines the various scenarios for policy updates.
You must perform the following tasks to update policies and stspolicies.prop
During installation a check is performed to establish whether SOA is deployed within the domain where Security Token Service is being installed. If SOA is installed, the Security Token Service Policies are migrated to the Oracle WSM PM repository.
If SOA is not installed, the Oracle WSM protocol is set to classpath and policies are read from the JAR on the class path.
If SOA is present within the domain, Security Token Service reads the policies from sts-policies.jar and migrates them to the Oracle WSM PM repository by calling Oracle WSM Mbeans.
If SOA is installed after Security Token Service within the same domain, ensure smooth operations between SOA and Security Token Service as follows:
The Oracle WSM protocol must be set to 'remote'.
Security Token Service policies from sts-policies jar must be migrated to Oracle WSM PM repository using Oracle WSM provided tools.