edocs Home > BEA WebLogic Server 10.0 Documentation > Administration Console Online Help > Disable X.509 certificate validation when using SAML holder_of_key assertions

Administration Console Online Help

    Previous Next  Open TOC in new window 
Content starts here

Disable X.509 certificate validation when using SAML holder_of_key assertions

Before you begin

You must first create the Web Service security configuration that is associated with a Web Service before you can configure specific features.

See Create a Web Service security configuration for details about creating a security configuration.


By default, the WebLogic Web Services runtime always validates the X.509 certificate specified in any associated security policy file. To disable this validation when using SAML holder_of_key assertions, you must configure the Web Service security configuration associated with the Web service by setting a property on the SAML token handler, as described in the following procedure.

Caution: This task applies only to JAX-RPC 1.1 Web Services, and not to JAX-WS 2.0 Web Services.

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane of the Administration Console, select the name of your domain. This is the top-level node of the navigation tree.
  3. In the right pane, select Web Service Security.
  4. In the table, click the name of the Web Service security configuration you want to update.

    Web Services programmers associate a Web Service security configuration using the @WssConfiguration JWS annotation; the value attribute specifies the associated configuration name. If the programmer does not specify the value attribute, the Web Service is associated with the default security configuration: default_wss.

  5. Select Token Handler.
  6. Click New.
  7. Enter the following values in the required fields:
    • Name: Enter the following example value: default_saml_handler.
    • Class Name: Enter the following exact value: weblogic.wsee.security.saml.SAMLTokenHandler.
    • Token Type: Enter the following exact value: saml.
    • Handling Order: Enter an integer to specify the order in which this token handler is handled. You can, if you want, leave the default value of 0.
  8. Click Next.
  9. In the Create a Web Services Security Token Handler window, check the Add Properties checkbox.
  10. Click Finish.
  11. At the bottom of the Setting for default_saml_handler page, in the Token Handler Properties table, click New.
  12. Enter the following values in the fields:
    • Name: Enter the following exact value: EnableHolderOfKeyValidation.
    • Value: Enter the following exact value: false.

    Leave the Is Encrypted check box unchecked.

  13. Click OK.
  14. Click Save.
  15. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

You must redeploy any Web Service which is associated with this security configuration for the security changes to take effect.


  Back to Top