1/32
Contents
Title and Copyright Information
Preface
About this Guide
Audience
How to Use This Guide
Documentation Accessibility
Related Documents
Conventions
What's New
Part I Introduction
1
Overview of Web Services Security and Administration
Web Services Security and Administration in Oracle Fusion Middleware 11
g
Web Service Security and Administration Tasks
Securing and Administering Oracle Infrastructure Web Services
Securing and Administering WebLogic Web Services
Accessing the Security and Administration Tools
Accessing Oracle Enterprise Manager Fusion Middleware Control
Accessing Oracle WebLogic Administration Console
Accessing the Web Services Custom WLST Commands
2
Understanding Web Services Security Concepts
Securing Web Services
Transport-level Security
Application-level Security
Web Service Security Requirements
How Oracle Fusion Middleware Secures Web Services and Clients
3
Understanding Oracle WSM Policy Framework
Overview of Oracle WSM Policy Framework
What Are Policies?
Building Policies Using Policy Assertions
Attaching Policies to Subjects
How Policies are Executed
Oracle WSM Predefined Policies and Assertion Templates
Defining Multiple Policy Alternatives (OR Groups)
Overriding Security Policy Configuration
Recommended Naming Conventions for Policies
4
Examining the Rearchitecture of Oracle WSM in Oracle Fusion Middleware
How Oracle WSM 10
g
is Redesigned in Oracle Fusion Middleware 11
g
Release 1 (11.1.1)
Comparing Oracle WSM 10
g
and Oracle WSM 11
g
Policies
Comparing Oracle Application Server 10g WS-Security with Oracle WSM 11
g
Interoperability and Upgrade
Part II Basic Administration
5
Deploying Web Services Applications
Overview
Additional Deployment Documentation Available
Deploying Web Services Applications
Undeploying a Web Services Application
Redeploying a Web Services Application
6
Administering Web Services
Viewing All Current Web Services for a Server
Using Fusion Middleware Control
Using WLST
Navigating to the Web Services Summary Page for an Application
Viewing the Web Services in Your Application
Using Fusion Middleware Control
Using WLST
Viewing the Web Services and References in a SOA Composite
Viewing the Details for a Web Service Endpoint
Using Fusion Middleware Control
Using WLST
Viewing the Security Violations for a Web Service
Viewing Web Service Clients
Using Fusion Middleware Control
Viewing SOA References
Viewing ADF DC Web Service Clients
Viewing WebCenter Portlets
Viewing Asynchronous Web Service Callback Clients
Using WLST
Displaying the Web Service WSDL Document
Configuring the Web Service Endpoint
Using Fusion Middleware Control
Using WLST
Enabling or Disabling a Web Service
Using Fusion Middleware Control
Using WLST
Enabling or Disabling RESTful Web Services
Using Fusion Middleware Control
Using WLST
Enabling or Disabling the Display of the Web Service WSDL Document
Using Fusion Middleware Control
Using WLST
Enabling or Disabling the Exchange of Metadata
Enabling or Disabling the Web Service Test Endpoint
Using Fusion Middleware Control
Using WLST
Validating the Request Message
Configuring Web Services Atomic Transactions
Using Fusion Middleware Control
Using WLST
Setting the Size of the Request Message
Using Fusion Middleware Control
Using WLST
Configuring Asynchronous Web Services
Enabling and Disabling MTOM
Configuring the Web Service Client
Using Fusion Middleware Control
Configuring SOA References
Configuring ADF DC Web Service Clients
Configuring Asynchronous Web Service Callback Clients
Using WLST
7
Managing Web Service Policies
Overview of Web Services Policy Management
Viewing Available Web Services Policies
Navigating to the Web Services Policies Page in Fusion Middleware Control
Displaying a List of the Available Policies Using WLST
Viewing a Web Service Policy
Searching for Web Service Policies
Creating Web Service Policies
Creating a New Web Service Policy
Creating a Web Service Policy from an Existing Policy
Importing Web Service Policies
Creating Custom Policies
Working With Assertions
Naming Conventions for Assertion Templates
Viewing an Assertion Template
Adding Assertions to a Policy
Adding an OR Group to a Policy
Configuring Assertions
Validating Web Services Policies
Validating a Policy
Editing Web Service Policies
Versioning Web Service Policies
Viewing the Version History of Web Services Policies
About the Restore and Activate Policy Options
Creating a New Version of a Web Service Policy
Restoring an Earlier Version of a Web Service Policy
Deleting Versions of a Web Service Policy
Exporting Web Service Policies
Deleting Web Service Policies
Generating Client Policies
Disabling a Policy for a Single Policy Subject
Using Fusion Middleware Control
Using WLST
Disabling a Web Service Policy for All Subjects
Analyzing Policy Usage
8
Attaching Policies to Web Services
Viewing the Policies That are Attached to a Web Service
Using Fusion Middleware Control
Using WLST
Attaching a Policy to a Single Subject
Attaching a Policy to a Web Service Using Fusion Middleware Control
Attaching a Policy to a Web Service Using WLST
Attaching a Policy to Multiple Subjects (Bulk Attachment)
Validating Policy Subjects
Attaching Policies to Web Service Clients
Using Fusion Middleware Control
Attaching Policies to SOA References
Attaching Policies to ADF DC Web Service Clients
Attaching Policies to Asynchronous Web Service Callback Clients
Using WLST
Attaching Client Policies Permitting Overrides
Clearing a Configuration Property
Attaching Web Service Policies Permitting Overrides
Configuring Server-Side Override Properties for Message Protection Policies
Setting Default Values for the Configuration Properties
Overriding the Configuration Properties When Attaching a Policy
Configuring Server-Side Override Properties for Authorization Policies
Setting Default Values for the Configuration Properties
Overriding the Configuration Properties When Attaching a Policy
Configuring User-Defined Client- or Server-Side Override Properties
Scope of User-Defined Configuration Properties
Adding a User-Defined Configuration Property
Editing a User-Defined Configuration Property
Deleting a User-Defined Configuration Property
Overriding the Configuration Properties When Attaching a Policy
Overriding Configuration Properties When Attaching a Policy Using WLST
9
Setting Up Your Environment for Policies
Configuring Keystores for SSL
Which Policies Require You to Configure SSL?
Which Policies Require You to Configure Two-Way SSL?
How to Configure a Keystore on WebLogic Server
Configuring SSL on WebLogic Server (One-Way)
Configuring SSL on WebLogic Server (Two-Way)
Configuring SSL for a Web Service Client
Configuring Two-Way SSL for a Web Service Client
Setting up the Keystore for Message Protection
Setting Up the Web Service Client Keystore at Design Time
How to Obtain a Trusted Certificate
How to Create and Use a Java Keystore
How to Create Private Keys and Load Trusted Certificates
Using Service Identity Certification Extension
Hostname Verification Included in WSDL
Enabling or Disabling Service Identity Certificate Extension and Hostname Verification
Ignoring the Service Identity Certificate Extension From the Client
Ignoring Hostname Verification from the Client
Configuring the Credential Store Provider
Configuring an Authentication Provider in WebLogic Server
What Type of WebLogic Security Authentication Providers Must You Create?
Configuring the SAML and Kerberos Login Modules
Configuring SAML
How the SAML Token is Validated
Which Authentication Provider is Used?
How to Configure SAML Web Service Client at Design Time
Configure the Username for the SAML Assertion
Including User Roles in the Assertion
How to Configure Oracle Platform Security Services (OPSS) for SAML Policies
Adding an Additional SAML Assertion Issuer Name
Configuring SAML Web Service Clients for Identity Switching
Set the javax.xml.ws.security.auth.username Property
Set the WSIdentityPermission Permission
Using Kerberos Tokens
Configuring the KDC
Initializing and Starting the KDC
Creating Principals
Configuring the Web Service Client to Use the Correct KDC
Setting the Service Principal Name In the Web Service Client
Setting the Service Principal Name In the Web Service Client at Design Time
Configuring the Web Service to Use the Right KDC
Using the Correct Keytab File in Enterprise Manager
Authenticating the User Corresponding to the Service Principal
Creating a Ticket Cache for the Web Service Client
Using Active Directory with Kerberos and Message Protection
Setting Up the Web Service Client
Create a User Account
Create a Keytab File
Set the Service Principal Name
Set Up the Web Service
SAML Message Protection Use Case
What You Need to Know
Requirements of the wss11_saml_token_with_message_protection_service_policy Policy
How Are Messages Protected Via Symmetric Keys?
What Keys Must Be in the Keystore?
Multi-Domain Use Case (Keystore Hardening)
When to Override the SAML Issuer
Main Steps
Create a WebLogic Server User
Create a Java Keystore
Configure the Web Services Manager Keystore
Store the Password for the Decryption Key in the Credential Store
Attach the Policy to Your Web Service
Attach the Policy to Your Web Service Client
10
Configuring Policies
Determining Which Security Policies to Use
Protecting Messages
Message Protection Basics
Security SwA Attachments
Which Policies Offer Message Protection?
Authentication-Only Policies and Configuration Steps
oracle/wss_http_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_http_token_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss_username_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client At Design Time
oracle/wss_username_token_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_saml_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss11_kerberos_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_kerberos_token_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Configure WebLogic Server
Message Protection-Only Policies and Configuration Steps
oracle/wss10_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Configure the Web Service Client
How to Configure the Web Service Client at Design Time
oracle/wss11_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
Message Protection and Authentication Policies and Configuration Steps
Configuring a Policy With an OR Group
oracle/wss_http_token_over_ssl_client_policy
Setting You Can Change
Properties You Can Configure
How to Set Up the Web Services Client
How to Set Up the Web Service Client at Design Time
oracle/wss_http_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss_saml_token_bearer_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_saml_token_bearer_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss_saml_token_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_saml_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module.
How to Set Up WebLogic Server
oracle/wss_username_token_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_username_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_saml_hok_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_hok_token_with_message_protection_service_policy
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml_token_with_message_integrity_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_with_message_integrity_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml_token_with_message_protection_ski_basic256_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_with_message_protection_ski_basic256_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_username_id_propagation_with_msg_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_username_id_propagation_with_msg_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_username_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_username_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_username_token_with_message_protection_ski_basic256_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_username_token_with_message_protection_ski_basic256_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_x509_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_x509_token_with_message_protection_service_policy
Settings You Can Change
Attributes You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_kerberos_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_kerberos_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_saml_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_saml_token_identity_switch_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_saml_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_username_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_username_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_x509_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_x509_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
Authorization Policies and Configuration Steps
Determining Which Resources to Protect
How Authorization Permissions Are Determined
OPSS Resource Name Can Include Operation Name
oracle/binding_authorization_denyall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/binding_authorization_permitall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/binding_permission_authorization_policy
Settings You Can Change
Attributes You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/component_authorization_denyall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/component_authorization_permitall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/component_permission_authorization_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
WS-Addressing Policies and Configuration Steps
oracle/wsaddr_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
MTOM Attachment Policies and Configuration Steps
oracle/wsmtom_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
Reliable Messaging Policies and Configuration Steps
WS-RM Policy Properties
oracle/wsrm10_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wsrm11_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
Management Policies and Configuration Steps
oracle/log_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service or Client
How to Set Up Oracle Platform Security Services (OPSS)
Attaching Policy Files to Web Services and Clients
Using Client Programmatic Configuration Overrides
Configuration Override Example
Configuring Local Optimization for a Policy
Controlling When Local Optimization is Used
Configuring the Policy-Level Optimization Control
11
Testing Web Services
Testing Your Web Services
Editing the Input Arguments as XML Source
Enabling Authentication
Enabling Quality of Service Testing
Enabling HTTP Transport Options
Stress Testing the Web Service Operation
Disabling the Test Page for a Web Service
12
Monitoring the Performance of Web Services
Overview of Performance Monitoring
When Are Web Service Statistics Started or Reset?
Viewing Web Service Statistics from the Summary Page
Viewing Web Service Statistics for a Server Instance
Viewing Web Service-Specific Statistics
Viewing Endpoint-Specific Operations Statistics
Viewing Policy Security Violations for an Endpoint
Part III Advanced Administration
13
Advanced Administration
Registering Web Services and Sources
UDDI Basics
WSIL Basics
Viewing Registered Sources and Web Services
Registering a Source
Registering Web Services from a UDDI Source
Registering Web Services from a WSIL Source
Unregistering a Web Service or Web Service Source
Publishing Web Services to UDDI
Configuring the Proxy Server for UDDI
Auditing Web Services
Configuring Audit Policies
Managing Audit Data Collection and Storage
Viewing Audit Reports
Managing the WSDL
Managing Policy Assertion Templates
Navigating to the Web Services Assertion Templates Page
Viewing an Assertion Template
Searching for an Assertion Template
Creating an Assertion Template
Exporting an Assertion Template
Importing an Assertion Template
Editing an Assertion Template
Deleting an Assertion Template
Registering a Metadata Services (MDS) Repository
Adding Security to a Running Client
Configuring Platform Policy Properties
Configuring a Web Service on a Remote Policy Manager and Tuning the Policy Cache
Configuring Web Service Policy Retrieval
Tuning Web Service Security Policy Enforcement
Defining Identity Extension Properties
Setting Up the Java Object Cache
Running the configure-joc.py Script
Deleting the OracleSystemUser Default User
Changing the JMS System User for Asynchronous Web Services
14
Creating Custom Assertions
Overview of Custom Assertion Creation
Step 1: Create the Custom Assertion Class
Step 2: Create the Custom Policy File
Step 3: Create the policy-config.xml File
Step 4: Create the JAR File
Step 5: Update Your CLASSPATH
Step 6: Import the Custom Policy File
Step 7: Attach the Custom Policy to a Web Service or Client
15
Managing Application Migration Between Environments
Overview of Web Service Application Migration
Overview of Horizontal Policy Migration
Sample Use Cases for Deployment Descriptor Migration
Scaling a Deployed ADF Business Control or WebCenter Web Service Application in a Cluster
Propagating Run-time Policy Changes in an ADF Business Control or WebCenter Web Service Environment
Migrating Policies
Migrating Policy Configuration
Migrating Keystores
Migrating Users and Groups
Migrating Credentials
Migrating Username and Password
Migrating Keystores and Encryption Key Passwords
Migrating Oracle Platform Security Services Application and System Policies
Migrating Oracle Platform Security Services Configuration
Migrating SSL
Migrating Kerberos Configuration
Migrating Assertion Templates
Migrating Deployment Descriptors
16
Diagnosing Problems
Diagnosing Problems with Oracle WSM Policy Manager
Diagnosing Problems Using Logs
Using Diagnostic Logs for Web Services
Setting the Log Level for Diagnostic Logs
Viewing Diagnostic Logs
Filtering Diagnostic Logs
Using Message Logs for Web Services
Configuring Message Logs
Viewing Message Logs
Filtering Message Logs
Reviewing Sample Logs
Sample Log: Oracle WSM Policy Manager Not Available
Sample Log: Security Keystore Not Configured
Sample Log: Certificate Not Available
Configuring a Diagnostic Logger for a Web Service
17
Maintaining the MDS Repository
About the MDS Repository
Understanding the Different Mechanisms for Importing and Exporting Policies
Using Fusion Middleware Control
Using MDS Custom WLST Commands
Migrating Policies Between Application Environments
Exporting Policies from the MDS Repository for Use in JDeveloper
Patching Policies in the Repository
Backing Up and Restoring the MDS Repository
Upgrading the Oracle WSM Policies in the MDS Repository
Rebuilding the MDS Repository
Part IV WebLogic Web Service Administration
18
Securing and Administering WebLogic Web Services
Steps to Secure and Administer WebLogic Web Services
Attaching Policies to WebLogic Web Services and Clients
Attaching Oracle WSM Policies to WebLogic Web Services
Attaching Oracle WSM Policies to WebLogic Web Service Clients
Attaching WebLogic Web Service Policies to WebLogic Web Services
Attaching WebLogic Web Service Policies to WebLogic Web Service Clients
Part V Reference
A
Web Service Security Standards
Web Services Interoperability Organization—Basic Security Profile
Transport Layer Security—SSL
XML Encryption (Confidentiality)
XML Signature (Integrity, Authenticity)
WS-Security
WS-Security Tokens
Username
X.509 Certificate
Kerberos Ticket
SAML Token
WS-Policy
WS-SecurityPolicy
Web Services Addressing (WS-Addressing)
WS-ReliableMessaging
B
Predefined Policies
Security Policies
Authentication Only Policies
oracle/wss_http_token_client_policy
oracle/wss_http_token_service_policy
oracle/wss_username_token_client_policy
oracle/wss_username_token_service_policy
oracle/wss10_saml_token_client_policy
oracle/wss10_saml_token_service_policy
oracle/wss11_kerberos_token_client_policy
oracle/wss11_kerberos_token_service_policy
Message Protection Only Policies
oracle/wss10_message_protection_client_policy
oracle/wss10_message_protection_service_policy
oracle/wss11_message_protection_client_policy
oracle/wss11_message_protection_service_policy
Message Protection and Authentication Policies
oracle/wss_http_token_over_ssl_client_policy
oracle/wss_http_token_over_ssl_service_policy
oracle/wss_saml_or_username_token_over_ssl_service_policy
oracle/wss_saml_token_bearer_over_ssl_client_policy
oracle/wss_saml_token_bearer_over_ssl_service_policy
oracle/wss_saml_token_over_ssl_client_policy
oracle/wss_saml_token_over_ssl_service_policy
oracle/wss_username_token_over_ssl_client_policy
oracle/wss_username_token_over_ssl_service_policy
oracle/wss10_saml_hok_with_message_protection_client_policy
oracle/wss10_saml_hok_token_with_message_protection_service_policy
oracle/wss10_saml_token_with_message_integrity_client_policy
oracle/wss10_saml_token_with_message_integrity_service_policy
oracle/wss10_saml_token_with_message_protection_client_policy
oracle/wss10_saml_token_with_message_protection_service_policy
oracle/wss10_saml_token_with_message_protection_ski_basic256_client_policy
oracle/wss10_saml_token_with_message_protection_ski_basic256_service_policy
oracle/wss10_username_id_propagation_with_msg_protection_client_policy
oracle/wss10_username_id_propagation_with_msg_protection_service_policy
oracle/wss10_username_token_with_message_protection_client_policy
oracle/wss10_username_token_with_message_protection_service_policy
oracle/wss10_username_token_with_message_protection_ski_basic256_client_policy
oracle/wss10_username_token_with_message_protection_ski_basic256_service_policy
oracle/wss10_x509_token_with_message_protection_client_policy
oracle/wss10_x509_token_with_message_protection_service_policy
oracle/wss11_kerberos_token_with_message_protection_client_policy
oracle/wss11_kerberos_token_with_message_protection_service_policy
oracle/wss11_saml_token_with_message_protection_client_policy
oracle/wss11_saml_token_with_identity_switch_message_protection_client_policy
oracle/wss11_saml_token_with_message_protection_service_policy
oracle/wss11_saml_or_username_token_with_message_protection_service_policy
oracle/wss11_username_token_with_message_protection_client_policy
oracle/wss11_username_token_with_message_protection_service_policy
oracle/wss11_x509_token_with_message_protection_client_policy
oracle/wss11_x509_token_with_message_protection_service_policy
Authorization Only Policies
oracle/binding_authorization_denyall_policy
oracle/binding_authorization_permitall_policy
oracle/binding_permission_authorization_policy
oracle/component_authorization_denyall_policy
oracle/component_authorization_permitall_policy
oracle/component_permission_authorization_policy
WS-Addressing Policies
oracle/wsaddr_policy
MTOM Attachment Policies
oracle/wsmtom_policy
Reliable Messaging Policies
oracle/wsrm10_policy
oracle/wsrm11_policy
Management Policies
oracle/log_policy
C
Predefined Assertion Templates
Security Assertion Templates
Authentication Only Assertion Templates
oracle/wss_http_token_client_template
oracle/wss_http_token_service_template
oracle/wss_username_token_client_template
oracle/wss_username_token_service_template
oracle/wss10_saml_token_client_template
oracle/wss10_saml_token_service_template
oracle/wss11_kerberos_token_client_template
oracle/wss11_kerberos_token_service_template
Message-Protection Only Assertion Template
oracle/wss10_message_protection_client_template
oracle/wss10_message_protection_service_template
oracle/wss11_message_protection_client_template
oracle/wss11_message_protection_service_template
Message Protection and Authentication Assertion Templates
oracle/wss_http_token_over_ssl_client_template
oracle/wss_http_token_over_ssl_service_template
oracle/wss_saml_token_bearer_over_ssl_client_template
oracle/wss_saml_token_bearer_over_ssl_service_template
oracle/wss_saml_token_over_ssl_client_template
oracle/wss_saml_token_over_ssl_service_template
oracle/wss_username_token_over_ssl_client_template
oracle/wss_username_token_over_ssl_service_template
oracle/wss10_saml_hok_with_message_protection_client_template
oracle/wss10_saml_hok_with_message_protection_service_template
oracle/wss10_saml_token_with_message_protection_client_template
oracle/wss10_saml_token_with_message_protection_service_template
oracle/wss10_username_token_with_message_protection_client_template
oracle/wss10_username_token_with_message_protection_service_template
oracle/wss10_x509_token_with_message_protection_client_template
oracle/wss10_x509_token_with_message_protection_service_template
oracle/wss11_kerberos_token_with_message_protection_client_template
oracle/wss11_kerberos_token_with_message_protection_service_template
oracle/wss11_saml_token_with_message_protection_client_template
oracle/wss11_saml_token_with_message_protection_service_template
oracle/wss11_username_token_with_message_protection_client_template
oracle/wss11_username_token_with_message_protection_service_template
oracle/wss11_x509_token_with_message_protection_client_template
oracle/wss11_x509_token_with_message_protection_service_template
Authorization Assertion Templates
oracle/binding_authorization_template
oracle/binding_permission_authorization_template
oracle/component_authorization_template
oracle/component_permission_authorization_template
Management Assertions
oracle/security_log_template
Supported Algorithm Suites
Message Signing and Encryption Settings for Request, Response, and Fault Messages
D
Schema Reference for Predefined Assertions
Graphical Representation
Element Descriptions
wsp:Policy
Attributes
Example
wsp:ExactlyOne
Attributes
Example
orasp:Assertion
Attributes
Example
orawsp:bindings
Example
orawsp:Config
Attributes
Example
orawsp:PropertySet
Attributes
Example
orawsp:Property
Attributes
Example
orawsp:Description
Example
orawsp:Value
Example
oralgp:Logging
Example
orasp:binding-authorization
Example
orasp:binding-permission-authorization
Example
orasp:coreid-security
Example
orasp:http-security
Example
orasp:kerberos-security
Example
orasp:sca-component-authorization
Example
orasp:sca-component-permission-authorization
Example
orasp:wss10-anonymous-with-certificates
Example
orasp:wss10-mutual-auth-with-certificates
Example
orasp:wss10-saml-hok-with-certificates
Example
orasp:wss10-saml-token
Example
orasp:wss10-saml-with-certificates
Example
orasp:wss10-username-with-certificates
Example
orasp:wss11-anonymous-with-certificates
Example
orasp:wss11-mutual-auth-with-certificates
Example
orasp:wss11-saml-with-certificates
Example
orasp:wss11-username-with-certificates
Example
orasp:wss-saml-token-bearer-over-ssl
Example
orasp:wss-saml-token-over-ssl
Example
orasp:wss-username-token
Example
orasp:wss-username-token-over-ssl
Example
rm:RMAssertion
Example
wsaw:UsingAddressing
Example
wsoma:OptimizedMimeSerialization
Example
oralgp:fault
Example
oralgp:request
Example
oralgp:response
Example
oralgp:msg-log
Example
orasp:attachment
Attributes
Example
orasp:auth-header
Attributes
Examples
orasp:body
Example
orasp:check-permission
Example
orasp:coreid-token
Attributes
Example
orasp:denyAll
Example
orasp:element
Attributes
Example
orasp:encrypted-elements
Example
orasp:encrypted-parts
Example
orasp:fault
Example
orasp:header
Attributes
Example
orasp:kerberos-token
Attributes
Example
orasp:msg-security
Attributes
Example
orasp:permitAll
Example
orasp:request
Example
orasp:require-tls
Attributes
Examples
orawsp:resource-match
Examples
orasp:response
Example
orasp:role
Attribute
Example
orasp:saml-token
Attributes
Example
orasp:signed-elements
Example
orasp:signed-parts
Example
orasp:username-token
Attributes
Example
orasp:x509-token
Attributes
Example
orawsp:action-match
Examples
orawsp:Description
Example
orawsp:guard
Examples
E
Schema Reference for Custom Assertions
Graphical Representation
Element Descriptions
wsp:Policy
Attributes
Example
orasp:Assertion
Attributes
Example
orawsp:bindings
Example
orawsp:Implementation
Example
orawsp:Config
Attributes
Example
orawsp:PropertySet
Attributes
Example
orawsp:Property
Attributes
Example
orawsp:Description
Example
orawsp:Value
Example
Scripting on this page enhances content navigation, but does not change the content in any way.