This chapter contains the following sections:
Interoperability with Oracle Containers for J2EE (OC4J) 10g Security Environments
Interoperability with Oracle WebLogic Server 11g Web Service Security Environments
Interoperability with Microsoft WCF/.NET 3.5 Security Environments
Interoperability with Oracle Service Bus 10g Security Environments
In Oracle WSM 10g, you specify policy steps at each policy enforcement point. The policy enforcement points in Oracle WSM 10g include Gateways and Agents. Each policy step is a fine-grained operational task that addresses a specific security operation, such as authentication and authorization; encryption and decryption; security signature, token, or credential verification; and transformation. Each operational task is performed on either the Web service request or response. For more details about the Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
.
In Oracle WSM 11g, you attach policies to Web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box. For more details about the predefined policies, see "Predefined Policies". For information about configuring and attaching policies, see "Configuring Policies" and "Attaching Policies to Web Services".
The following sections describe the most common Oracle WSM 10g interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
Anonymous Authentication with Message Protection (WS-Security 1.0)
SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)
Mutual Authentication with Message Protection (WS-Security 1.0)
The following sections provide additional interoperability information about using Oracle WSM 10g gateways and third-party software with Oracle WSM 11g.
Note:
In the following scenarios, ensure that you are using a keystore with v3 certificates. By default, the JDK 1.5 keytool generates keystores with v3 certificates.As described in "Examining the Rearchitecture of Oracle WSM in Oracle Fusion Middleware", Oracle Fusion Middleware 11g Release 1 (11.1.1) does not include a Gateway component. You can continue to use the Oracle WSM 10g Gateway components with Oracle WSM 10g policies in your applications, as described in the following sections.
As described in "Examining the Rearchitecture of Oracle WSM in Oracle Fusion Middleware", Oracle WSM 10g supported policy enforcement for third-party application servers, such as IBM WebSphere and Red Hat JBoss. Oracle Fusion Middleware 11g Release 1 (11.1.1) only supports Oracle WebLogic Server. You can continue to use the third-party application servers with Oracle WSM 10g policies, as described in the following sections.
The following sections describe how to implement anonymous authentication with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WSM 10g policy steps attached to the Web service client.
Oracle 10g policy steps attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Perform the steps described in the following table.
Table 16-1 Anonymous Authentication with Message Protection (WS-Security 1.0)—Oracle WSM 10g Client —>Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WSM 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-2 Anonymous Authentication with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —>Oracle WSM 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement username token with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WSM 10g policy steps attached to the Web service client.
Oracle 10g policy steps attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Perform the steps described in the following following.
Table 16-3 Username Token with Message Protection (WS-Security 1.0)—Oracle WSM 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WSM 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-4 Username Token with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> Oracle WSM 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WSM 10g policy steps attached to the Web service client.
Oracle 10g policy steps attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Perform the steps described in the following table.
Table 16-5 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle WSM 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WSM 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-6 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> Oracle WSM 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describes how to implement Oracle Access Manager Security with message protection, describing the following interoperability scenario:
Oracle WSM 11g policy attached to the Web service, Oracle WSM 10g policy steps attached to the Oracle WSM 10g gateway, and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Perform the steps described in the following table.
Table 16-7 Oracle Access Manager Security—Oracle WSM 11g Client —> Oracle WSM 10g Gateway —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Gateway—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement mutual authentication with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WSM 10g policy steps attached to the Web service client.
Oracle 10g policy steps attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Perform the steps described in the following table.
Table 16-8 Mutual Authentication with Message Protection (WS-Security 1.0)—Oracle WSM 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WSM 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-9 Mutual Authentication with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> Oracle WSM 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement username token over SSL, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WSM 10g policy steps attached to the Web service client.
Oracle 10g policy steps attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Configuring SSL on WebLogic Server, see "Configuring SSL on WebLogic Server (One-Way)" and "Configuring SSL on WebLogic Server (Two-Way)".
Configuring SSL on OC4J, see http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
.
Perform the steps described in the following table.
Table 16-10 Username Token Over SSL—Oracle WSM 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WSM 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-11 Username Token Over SSL—Oracle WSM 11g Client —> Oracle WSM 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement SAML token (sender vouches) over SSL that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WSM 10g policy steps attached to the Web service client.
Oracle 10g policy steps attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services"
Oracle WSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Configuring SSL on WebLogic Server, see "Configuring SSL on WebLogic Server (One-Way)" and "Configuring SSL on WebLogic Server (Two-Way)".
Configuring SSL on OC4J, see http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
.
Perform the steps described in the following table.
Table 16-12 SAML Token (Sender Vouches) Over SSL—Oracle WSM 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WSM 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-13 SAML Token (Sender Vouches) Over SSL—Oracle WSM 11g Client —> Oracle WSM 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
In OC4J 10g, you configure your security environment, as described in the following documents:
For information about using Application Server Control to configure the Web service, see Oracle Application Server Advanced Web Services Developer's Guide at http://download.oracle.com/docs/cd/B31017_01/web.1013/b28975/toc.htm
.
For information about using JDeveloper to develop and configure your client-side application, see the JDeveloper online help.
For information about how to modify the XML-based deployment descriptor files, see Oracle Application Server Web Services Security Guide 10g (10.1.3.1.0) at: http://download.oracle.com/docs/cd/B31017_01/web.1013/b28976/toc.htm
In Oracle WSM 11g, you attach policies to Web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box. For more details about the predefined policies, see "Predefined Policies". For information about configuring and attaching policies, see "Configuring Policies" and "Attaching Policies to Web Services".
The following sections describe the most common OC4J 10g interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
Anonymous Authentication with Message Protection (WS-Security 1.0)
SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)
Mutual Authentication with Message Protection (WS-Security 1.0)
Note:
In the following scenarios, ensure that you are using a keystore with v3 certificates. By default, the JDK 1.5 keytool generates keystores with v3 certificates.The following sections describe how to implement anonymous authentication with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and OC4J 10g deployment descriptor defined for the Web service client.
OC4J 10g deployment descriptor defined for the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Perform the steps described in the following table.
Table 16-14 Anonymous Authentication with Message Protection (WS-Security 1.0)—OC4J10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—OC4J 10g |
Perform the following steps:
|
Editing the <appname>Binding_Stub.xml File
Edit the <appname>Binding_Stub.xml file, as follows:
Provide the keystore password and sign and encryption key passwords.
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp" /> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify the key transport algorithm, as follows:
<outbound><encrypt> <keytransport-method>RSA-OAEP-MGF1P</keytransport-method> ...
Perform the steps described in the following table.
Table 16-15 Anonymous Authentication with Message Protection (WS-Security 1.0)—Oracle WSM 11g —> OC4J 10g Client Web Service
Web Service/Client | Steps |
---|---|
Web Service—OC4J 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
Edit the wsmgmt.xml file in ORACLE_HOME/j2ee/oc4j_instance/config, as follows:
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify the key transport algorithm, as follows:
<outbound><encrypt> <keytransport-method>RSA-OAEP-MGF1P</keytransport-method> ...
The following sections describe how to implement username token with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and OC4J 10g deployment descriptor defined for the Web service client.
OC4J 10g deployment descriptor defined for the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Perform the steps described in the following table.
Table 16-16 Username Token with Message Protection—OC4J 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—OC4J 10g |
Perform the following steps:
|
Editing the <appname>Binding_Stub.xml File
Edit the <appname>Binding_Stub.xml file, as follows:
Provide the keystore password and sign and encryption key passwords.
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp" /> ...
In the outbound signature, specify that the timestamp and UsernameToken should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" local-part="UsernameToken"/> ...
In the outbound encryption, specify the key transport algorithm, as follows:
<outbound><encrypt> <keytransport-method>RSA-OAEP-MGF1P</keytransport-method> ...
In the outbound encryption, specify that the UsernameToken should be encrypted, as follows:
<outbound>/<encrypt>/<tbe-elements> <tbe-element local-part="UsernameToken" name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mode="CONTENT"/> ...
Perform the steps defined in the following table.
Table 16-17 Username Token with Message Protection—Oracle WSM 11g Client —> OC4J 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—OC4J 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
Edit the wsmgmt.xml file in ORACLE_HOME/j2ee/oc4j_instance/config, as follows:
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify that the UsernameToken should be encrypted, as follows:
<outbound>/<encrypt>/<tbe-elements> <tbe-element local-part="UsernameToken" name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mode="CONTENT"/> ...
The following sections describe how to implement SAML token sender vouches with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and OC4J 10g deployment descriptor defined for the Web service client.
OC4J 10g deployment descriptor defined for the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Perform the steps described in the following table.
Table 16-18 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—OC4J 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—OC4J 10g |
Perform the following steps:
|
Editing the <appname>Binding_Stub.xml File
Edit the <appname>Binding_Stub.xml file, as follows:
Provide the keystore password and sign and encryption key passwords.
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp" /> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify the key transport algorithm, as follows:
<outbound><encrypt> <keytransport-method>RSA-OAEP-MGF1P</keytransport-method> ...
Perform the steps defined in the following table.
Table 16-19 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> OC4J 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—OC4J 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
Edit the wsmgmt.xml file in ORACLE_HOME/j2ee/oc4j_instance/config, as follows:
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify that the UsernameToken should be encrypted, as follows:
<outbound>/<encrypt>/<tbe-elements> <tbe-element local-part="UsernameToken" name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mode="CONTENT"/> ...
The following sections describe how to implement mutual authentication with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and OC4J 10g deployment descriptor defined for the Web service client.
OC4J 10g deployment descriptor defined for the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Perform the steps described in the following table.
Table 16-20 Mutual Authentication with Message Protection (WS-Security 1.0)—OC4J 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—OC4J 10g |
Perform the following steps:
|
Editing the <appname>Binding_Stub.xml File
Edit the <appname>Binding_Stub.xml file, as follows:
Provide the keystore password and sign and encryption key passwords.
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp" /> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify the key transport algorithm, as follows:
<outbound><encrypt> <keytransport-method>RSA-OAEP-MGF1P</keytransport-method> ...
Perform the steps described in the following table.
Table 16-21 Mutual Authentication with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> OC4J 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—OC4J 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
Edit the wsmgmt.xml file in ORACLE_HOME/j2ee/oc4j_instanceconfig, as follows:
In the inbound signature, specify the following:
<inbound><verify-signature><tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound signature, specify that the timestamp should be signed, as follows:
<outbound>/<signature>/<tbs-elements> <tbs-element name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" local-part="Timestamp"/> ...
In the outbound encryption, specify that the UsernameToken should be encrypted, as follows:
<outbound>/<encrypt>/<tbe-elements> <tbe-element local-part="UsernameToken" name-space="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" mode="CONTENT"/> ...
The following sections describe how to implement username token over SSl, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and OC4J 10g deployment descriptor defined for the Web service client.
OC4J 10g deployment descriptor defined for the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about:
Configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Configuring SSL on WebLogic Server, see "Configuring SSL on WebLogic Server (One-Way)" and "Configuring SSL on WebLogic Server (Two-Way)".
Configuring SSL on OC4J, see http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
.
Perform the steps defined in the following table.
Table 16-22 Username Token Over SSL—OC4J 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—OC4J 10g |
Perform the following steps:
|
Editing the <appname>Binding_Stub.xml File
Edit the <appname>Binding_Stub.xml file, as follows:
Provide the keystore password and sign and encryption key passwords.
In the outbound signature, specify that the timestamp should be signed, as follows (and remove all other tags):
<outbound> <signature> <add-timestamp created="true" expiry="<Expiry_Time>"/> </signature> ...
Perform the steps defined in the following table.
Table 16-23 Username Token Over SSL—Oracle WSM 11g Client —> OC4J 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—OC4J 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
Edit the wsmgmt.xml file in ORACLE_HOME/j2ee/oc4j_instance/config, as follows:
In the outbound signature, specify that the timestamp should be signed, as follows (and remove all other tags):
<outbound> <signature> <add-timestamp created="true" expiry="<Expiry_Time>"/> </signature> ...
The following sections describe how to implement SAML token (sender vouches) over SSL that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and OC4J 10g deployment descriptor defined for the Web service client.
OC4J 10g deployment descriptor defined for the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about:
Configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Configuring SSL on WebLogic Server, see "Configuring SSL on WebLogic Server (One-Way)" and "Configuring SSL on WebLogic Server (Two-Way)".
Configuring SSL on OC4J, see http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
.
Perform the steps defined in the following table.
Table 16-24 SAML Token (Sender Vouches) Over SSL (WS-Security 1.0)—OC4J 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—OC4J 10g |
Perform the following steps:
|
Editing the <appname>Binding_Stub.xml File
Edit the <appname>Binding_Stub.xml file, as follows:
Provide the keystore password and sign and encryption key passwords.
In the outbound signature, specify that the timestamp should be signed, as follows (and remove all other tags):
<outbound> <signature> <add-timestamp created="true" expiry="<Expiry_Time>"/> </signature> ...
Perform the steps defined in the following table.
Table 16-25 SAML Token (Sender Vouches) Over SSL (WS-Security 1.0)—Oracle WSM 11g Client —> OC4J 10g Web Service
Client/Service | Steps |
---|---|
Web Service—OC4J 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
Edit the wsmgmt.xml file in ORACLE_HOME/j2ee/oc4j_instance/config, as follows:
In the outbound signature, specify that the timestamp should be signed, as follows (and remove all other tags):
<outbound> <signature> <add-timestamp created="true" expiry="<Expiry_Time>"/> </signature> ...
In Oracle Fusion Middleware 11g, you can attach both Oracle WSM and Oracle WebLogic Server Web service policies to WebLogic Java EE Web services.
For more details about the predefined Oracle WSM 11g policies, see:
For more details about the predefined Oracle WebLogic Server 11g Web service policies, see:
The following sections describe the most common Oracle WebLogic Server 11g Web service policy interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)
SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)
The following sections describe how to implement username token with message protection that conforms to the WS-Security 1.1 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WebLogic Server 11g Web service policy attached to the Web service client.
Oracle WebLogic Server 11g Web service policy attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
Attach and configure policies, as described in the following table.
Table 16-26 Username Token with Message Protection (WS-Security 1.1)—Oracle WebLogic Server 11g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WebLogic Server 11g |
Perform the following steps:
|
Attach and configure policies, as described in the following table.
Table 16-27 Username Token with Message Protection (WS-Security 1.1)—Oracle WSM 11g Client —> Oracle WebLogic Server 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WebLogic Server 11g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement username token with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WebLogic Server 11g Web service policy attached to the Web service client.
Oracle WebLogic Server 11g Web service policy attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
Note:
WS-Security 1.0 policy is supported for legacy applications only. Use WS-Security 1.1 policy for maximum performance. For more information, see "Username Token With Message Protection (WS-Security 1.1)".Attach and configure policies, as described in the following table.
Table 16-28 Username Token with Message Protection (WS-Security 1.0)—Oracle WebLogic Server 11g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WebLogic Server 11g |
Perform the following steps:
|
Attach and configure policies, as described in the following table.
Table 16-29 Username Token with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> Oracle WebLogic Server 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WebLogic Server 11g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement SAML token sender vouches with message protection that conforms to the WS-Security 1.1 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WebLogic Server 11g Web service policy attached to the Web service client.
Oracle WebLogic Server 11g Web service policy attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
Attach and configure policies, as described in the following table.
Table 16-30 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)—Oracle WebLogic Server 11g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WebLogic Server 11g |
Perform the following steps:
|
Attach and configure policies, as described in the following table.
Table 16-31 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)—Oracle WSM 11g Client —> Oracle WebLogic Server 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WebLogic Server 11g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
The following sections describe how to implement SAML token with sender vouches that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle WebLogic Server 11g Web service policy attached to the Web service client.
Oracle WebLogic Server 11g Web service policy attached to the Web service and Oracle WSM 11g policy attached to the Web service client.
For information about configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Note:
WS-Security 1.0 policy is supported for legacy applications only. Use WS-Security 1.1 policy for maximum performance. For more information, see "SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)".Attach and configure policies, as described in the following table.
Table 16-32 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle WebLogic Server 11g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Oracle WebLogic Server 11g |
Perform the following steps:
|
Attach and configure policies, as described in the following table.
Table 16-33 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —>Oracle WebLogic Server 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WebLogic Server 11g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the following steps:
|
In conjunction with Microsoft, Oracle has performed interoperability testing to ensure that the Web service security policies created using Oracle WSM 11g can interoperate with Web service policies configured using Microsoft Windows Communication Foundation (WCF)/.NET 3.5 Framework and vice versa.
For more information about Microsoft WCF/.NET 3.5 Framework, see http://msdn.microsoft.com/en-us/netframework/aa663324.aspx
.
For more details about the predefined Oracle WSM 11g policies, see:
The following sections describe the most common Microsoft .NET 3.5 interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
The following sections describe how to implement username token with message protection that conforms to the WS-Security 1.1 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Microsoft WCF/.NET 3.5 policy configured for the Web service client.
Microsoft WCF/.NET 3.5 policy configured for the Web service and Oracle WSM 11g policy attached to the Web service client .
Perform the steps described in the following sections.
Table 16-34 Username Token With Message Protection (WS-Security 1.1)—Microsoft WCF/.NET 3.5 Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the following steps:
|
Client—Microsoft WCF/.NET 3.5 |
Perform the following steps:
|
Edit the app.config file to update the certificate file and disable replays, as shown in the following example (changes are identified in bold):
<?xml version="1.0" encoding="utf-8"?> <configuration> <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="secureBehaviour"> <clientCredentials> <serviceCertificate> <defaultCertificate findValue="<certificate_cn>" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <customBinding> <binding name="HelloWorldSoapHttp"> <security defaultAlgorithmSuite="Basic128" authenticationMode="UserNameForCertificate" requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion= "WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireSignatureConfirmation="true"> <localClientSettings cacheCookies="true" detectReplays="false" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" /> <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" /> <secureConversationBootstrap /></security> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Soap11" writeEncoding="utf-8"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> </textMessageEncoding> <HttpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" /> </binding> </customBinding> </bindings> <client> <endpoint address="<endpoint_url>" binding="customBinding" bindingConfiguration="<mywebservice>SoapHttp" contract="<mywebservice>" name="<mywebservice>Port" behaviorConfiguration="secureBehaviour" > <identity> <dns value="<certificate_cn>"/> </identity> </endpoint> </client> </system.serviceModel> </configuration>
Perform the steps described in the following table.
Table 16-35 Username Token With Message Protection (WS-Security 1.1)—Oracle WSM 11g Client —> Microsoft WCF/.NET 3.5 Web Service
Web Service/Client | Steps |
---|---|
WebService—Microsoft WCF/.NET 3.5 Web Service |
Perform the following steps:
|
Client—Oracle WSM 11g Client |
Perform the following steps:
|
In Oracle Service Bus 10g, you attach policies to configure your security environment for inbound and outbound requests. Oracle Service Bus uses the underlying WebLogic security framework as building blocks for its security services. For information about configuring and attaching policies, see "Using WS-Policy in Oracle Service Bus Proxy and Business Services" in Oracle Service Bus Security Guide at http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/ws_policy.html
.
Note:
Ensure that you have downloaded and applied all patches released for Oracle Service Bus 10.3 using the patch tool.In Oracle WSM 11g, you attach policies to Web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box. For more details about the predefined policies, see "Predefined Policies". For more information about configuring and attaching policies, see "Configuring Policies" and "Attaching Policies to Web Services".
The following sections describe the most common Oracle Service Bus 10g interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
Note:
In the following scenarios, ensure that you are using a keystore with v3 certificates. By default, the JDK 1.5 keytool generates keystores with v3 certificates.In addition, ensure that the keys use the proper extensions, including DigitalSignature, Non_repudiation, Key_Encipherment, and Data_Encipherment.
The following sections describe how to implement username token with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle WSM 11g policy attached to the Web service and Oracle Service Bus 10g policy attached to a routing service client.
Oracle Service Bus 10g policy attached to a routing service and Oracle WSM 11g policy attached to the Web service client.
For more information about:
Configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Configuring and attaching Oracle Service Bus 10g policies, see "Using WS-Policy in Oracle Service Bus Proxy and Business Services" in Oracle Service Bus Security Guide at http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/ws_policy.html
.
Configuration Prerequisites for Interoperability
Perform the following prerequisite steps for the WebLogic Server on which Oracle Service Bus is running:
Copy the default-keystore.jks and trust.jks files to your domain directory.
The default-keystore.jks is used to store public and private keys for SOAP messages within the WebLogic Domain. The trust.jks is used to store private keys, digital certificates, and trusted certificate authority certificates that are used to establish and verify identity and trust in the WebLogic Server environment.
Invoke the WebLogic Administration Console, as described in "Accessing Oracle WebLogic Administration Console".
Configure the Custom Identity and Custom Trust keystores, as described in "Configuring keystores" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Configure SSL, as described in "Set up SSL" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Specify the private key alias, as required. For example: oratest
.
Configure a credential mapping provider, as described in "Configure Credential Mapping Providers" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Create a PKICredentialMapper and configure it as follows (leave all other values set to the defaults):
Keystore Provider: N/A
Keystore Type: jks
Keystore File Name: default_keystore.jks
Keystore Pass Phrase: <password>
Confirm Keystore Pass Phrase: <password>
Restart WebLogic Server.
Invoke the OSB Console. For example:
http://localhost:7001/sbconsole
Create a ServiceKeyProvider.
Specify Encryption Key and Digital Signature Key, as required.
You must use different keys on the Oracle WSM and Oracle Service Bus servers. You can use the same key for encryption and signing, if desired.
Perform the steps described in the following table.
Table 16-36 Username Token with Message Protection (WS-Security 1.0)—Oracle Service Bus 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the steps described in the following sections.
|
Client—Oracle Service Bus 10g |
Perform the following steps:
|
Perform the steps described in the following table.
Table 16-37 Username Token with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> Oracle Service Bus 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle Service Bus 10g |
Perform the following steps:
|
Client—Oracle WSM 11g Client |
Perform the steps described in the following sections.
|
The following sections describe how to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.0 standard, describing the following interoperability scenarios:
Oracle Service Bus 10g policy attached to a routing service client and Oracle WSM 11g policy attached to the Web service.
Oracle WSM 11g policy attached to the Web service client and Oracle Service Bus 10g policy attached to a routing service.
For more information about:
Configuring and attaching Oracle WSM 11g policies, see "Configuring Policies" and "Attaching Policies to Web Services".
Configuring and attaching Oracle Service Bus 10g policies, see "Using WS-Policy in Oracle Service Bus Proxy and Business Services" in Oracle Service Bus Security Guide at http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/ws_policy.html
.
Configuration Prerequisites for Interoperability
Perform the following prerequisite steps for the WebLogic Server on which Oracle Service Bus is running:
Copy the default-keystore.jks and trust.jks files to your domain directory.
The default-keystore.jks is used to store public and private keys for SOAP messages within the WebLogic Domain. The trust.jks is used to store private keys, digital certificates, and trusted certificate authority certificates that are used to establish and verify identity and trust in the WebLogic Server environment.
Invoke the WebLogic Administration Console, as described in "Accessing Oracle WebLogic Administration Console".
Create a SAMLIdentityAsserterV2 authentication provider, as described in "Configuring Authentication and Identity Assertion providers" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Restart WebLogic Server to add the new provider to the Administration Server's Runtime MBean server.
Select the authentication provider created in step 3.
Create and configure a SAML asserting party, as described in "SAML Identity Asserter V2: Create an Asserting Party" and "SAML Identity Asserter V2: Asserting Party: Configuration" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Configure the SAML asserting party as follows (leave other values set to the defaults):
Profile: WSS/Sender-Vouches
Target URL: <OSB Proxy Service URL>
Issuer URI: www.oracle.com
Select the Enabled checkbox and click Save.
Create a SamlCredentialMapperV2 credential mapping provider, as described in "Configure Credential Mapping Providers" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Select SamlCredentialMapperV2 from the drop-down list and name the credential mapper, for example, UC2_SamlCredentialMapperV2.
Restart WebLogic Server.
Configure the credential mapper as follows (leave other values set to the defaults):
Issuer URI: www.oracle.com
Note: This value is specified in the policy file.
Name Qualifier: oracle.com
Create and configure a SAML relying party, as described in "SAML Credential Mapping Provider V2: Create a Relying Party" and "SAML Credential Mapping Provider V2: Relying Party: Configuration" in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help.
Configure the SAML relying party as follows (leave other values set to the defaults):
Profile: WSS/Sender-Vouches
Target URL: <Oracle WSM 11g Web Service>
Description: <your_description>
Select the Enabled checkbox and click Save.
Restart WebLogic Server.
Perform the steps described in the following table.
Table 16-38 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle Service Bus 10g Client —> Oracle WSM 11g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle WSM 11g |
Perform the steps described in the following sections.
|
Client—Oracle Service Bus 10g |
Perform the following steps:
|
The following defines the custom SAML policy to be used:
Example 16-1 Custom SAML Policy
<?xml version="1.0"?> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wssp="http://www.bea.com/wls90/security/policy" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wls="http://www.bea.com/wls90/security/policy/wsee#part" wsu:Id="custom_saml"> <wssp:Identity xmlns:wssp="http://www.bea.com/wls90/security/policy"> <wssp:SupportedTokens> <wssp:SecurityToken TokenType= "http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile-1.0#SAMLAssertionID"> <wssp:Claims> <wssp:ConfirmationMethod> sender-vouches </wssp:ConfirmationMethod> </wssp:Claims> </wssp:SecurityToken> </wssp:SupportedTokens> </wssp:Identity> </wsp:Policy>
Perform the steps described in the following sections.
Table 16-39 SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)—Oracle WSM 11g Client —> Oracle Service Bus 10g Web Service
Web Service/Client | Steps |
---|---|
Web Service—Oracle Service Bus 10g |
Perform the following steps:
|
Client—Oracle WSM 11g |
Perform the steps described in the following sections.
|