1/32
Contents
Title and Copyright Information
Preface
About this Guide
Audience
How to Use This Guide
Documentation Accessibility
Related Documents
Conventions
What's New
11
g
Release 1 (11.1.1.4)
11
g
Release 1 (11.1.1.3)
11g Release 1 (11.1.1.2)
11g Release 1 (11.1.1)
Part I Introduction
1
Overview of Web Services Security and Administration
Web Services Security and Administration in Oracle Fusion Middleware 11
g
Web Service Security and Administration Tasks
Securing and Administering Oracle Infrastructure Web Services
Securing and Administering WebLogic Web Services
Accessing the Security and Administration Tools
Accessing Oracle Enterprise Manager Fusion Middleware Control
Accessing Oracle WebLogic Administration Console
Accessing the Web Services Custom WLST Commands
Installing Oracle WSM on WebLogic Server
2
Understanding Web Services Security Concepts
Securing Web Services
Transport-level Security
Application-level Security
Web Service Security Requirements
How Oracle Fusion Middleware Secures Web Services and Clients
3
Understanding Oracle WSM Policy Framework
Overview of Oracle WSM Policy Framework
What Are Policies?
Building Policies Using Policy Assertions
Attaching Policies to Subjects
Attaching Policies Globally Using Policy Sets
How Policies are Executed
Oracle WSM Predefined Policies and Assertion Templates
Defining Multiple Policy Alternatives (OR Groups)
Overriding Security Policy Configuration
Recommended Naming Conventions for Policies
4
Examining the Rearchitecture of Oracle WSM in Oracle Fusion Middleware
How Oracle WSM 10
g
is Redesigned in Oracle Fusion Middleware 11
g
Release 1 (11.1.1)
Comparing Oracle WSM 10
g
and Oracle WSM 11
g
Policies
Comparing Oracle Application Server 10g WS-Security with Oracle WSM 11
g
Interoperability and Upgrade
Part II Basic Administration
5
Deploying Web Services Applications
Overview
Additional Deployment Documentation Available
Deploying Web Services Applications
Undeploying a Web Services Application
Redeploying a Web Services Application
6
Administering Web Services
Viewing All Current Web Services for a Server
Viewing the Web Services in a Domain Using WLST
Navigating to the Web Services Summary Page for an Application
Viewing the Web Services in Your Application
Using Fusion Middleware Control
Using WLST
Viewing the Web Services and References in a SOA Composite
Viewing the Details for a Web Service Endpoint
Using Fusion Middleware Control
Using WLST
Viewing Web Service Clients
Using Fusion Middleware Control
Viewing SOA References
Viewing Connection-Based Web Service Clients
Viewing WebCenter Portlets
Viewing Asynchronous Web Service Callback Clients
Using WLST
Displaying the Web Service WSDL Document
Configuring the Web Service Endpoint
Using Fusion Middleware Control
Using WLST
Enabling or Disabling a Web Service
Using Fusion Middleware Control
Using WLST
Enabling or Disabling RESTful Web Services
Using Fusion Middleware Control
Using WLST
Enabling or Disabling the Display of the Web Service WSDL Document
Using Fusion Middleware Control
Using WLST
Enabling or Disabling the Exchange of Metadata
Enabling or Disabling the Web Service Test Endpoint
Using Fusion Middleware Control
Using WLST
Validating the Request Message
Configuring Web Services Atomic Transactions
Using Fusion Middleware Control
Using WLST
Setting the Size of the Request Message
Using Fusion Middleware Control
Using WLST
Configuring Asynchronous Web Services
Enabling and Disabling MTOM
Configuring the Web Service Client
Using Fusion Middleware Control
Configuring SOA References
Configuring ADF DC Web Service Clients
Configuring Asynchronous Web Service Callback Clients
Using WLST
7
Managing Web Service Policies
Overview of Web Services Policy Management
Viewing Available Web Services Policies
Navigating to the Web Services Policies Page in Fusion Middleware Control
Displaying a List of the Available Policies Using WLST
Viewing a Web Service Policy
Searching for Web Service Policies
Creating Web Service Policies
Creating a New Web Service Policy
Creating a Web Service Policy from an Existing Policy
Importing Web Service Policies
Creating Custom Policies
Managing Policy Assertion Templates
Navigating to the Web Services Assertion Templates Page
Naming Conventions for Assertion Templates
Viewing an Assertion Template
Searching for an Assertion Template
Creating an Assertion Template
Editing an Assertion Template
Editing the Configuration Properties
Adding Assertions to a Policy
Adding an OR Group to a Policy
Configuring Assertions
Exporting an Assertion Template
Importing an Assertion Template
Deleting an Assertion Template
Validating Web Services Policies
Validating a Policy
Editing Web Service Policies
Versioning Web Service Policies
Viewing the Version History of Web Services Policies
About the Restore and Activate Policy Options
Creating a New Version of a Web Service Policy
Restoring an Earlier Version of a Web Service Policy
Deleting Versions of a Web Service Policy
Exporting Web Service Policies
Deleting Web Service Policies
Generating Client Policies
Enabling or Disabling a Policy for a Single Policy Subject
Using Fusion Middleware Control
Using WLST
Enabling or Disabling a Policy for All Subjects
Enabling or Disabling Assertions Within a Policy
Analyzing Policy Usage
Policy Advertisement
8
Attaching Policies to Web Services
Viewing the Policies That are Attached to a Web Service
Using Fusion Middleware Control
Using WLST
Attaching a Policy to a Single Subject
Attaching a Policy to a Web Service Using Fusion Middleware Control
Attaching a Policy to a Web Service Using WLST
Attaching a Policy to Multiple Subjects (Bulk Attachment)
Validating Policy Subjects
Attaching Policies to Web Service Clients
Using Fusion Middleware Control
Attaching Policies to SOA References
Attaching Policies to Connection-Based Web Service Clients
Attaching Policies to Asynchronous Web Service Callback Clients
Using WLST
Attaching Client Policies Permitting Overrides
Clearing a Configuration Property
Attaching Web Service Policies Permitting Overrides
Configuring Server-Side Override Properties for Message Protection Policies
Setting Default Values for the Configuration Properties
Configuring Server-Side Override Properties for Authorization Policies
Setting Default Values for the Configuration Properties
Configuring User-Defined Client- or Server-Side Override Properties
Scope of User-Defined Configuration Properties
Adding a User-Defined Configuration Property
Editing a User-Defined Configuration Property
Deleting a User-Defined Configuration Property
Overriding the Configuration Properties When Attaching a User-Defined Policy
Overriding Configuration Properties When Attaching a Service Policy
Overriding Configuration Properties When Attaching a Policy Using WLST
9
Creating and Managing Policy Sets
Navigating to the Policy Set Summary Page
Displaying a List of Policy Sets Using WLST
Viewing the Configuration of a Policy Set
Using Fusion Middleware Control
Using WLST
Managing Repository Modification Sessions Using WLST
Creating a Policy Set
Using Fusion Middleware Control
Using WLST
Creating a Policy Set from an Existing Policy Set
Using Fusion Middleware Control
Using WLST
Editing a Policy Set
Using Fusion Middleware Control
Using WLST
Disabling a Globally Attached Policy
Enabling and Disabling a Policy Set
Using Fusion Middleware Control
Using WLST
Deleting a Policy Set
Using Fusion Middleware Control
Using WLST
Migrating Direct Policy Attachments to Global Policy Attachments
Defining the Type and Scope of Resources
Resource Type
Resource Scope
Examples
Validating a Policy Set
Calculating the Effective Set of Policies
10
Setting Up Your Environment for Policies
Configuring Keystores for SSL
Which Policies Require You to Configure SSL?
Which Policies Require You to Configure Two-Way SSL?
How to Configure a Keystore on WebLogic Server
Configuring SSL on WebLogic Server (One-Way)
Configuring SSL on WebLogic Server (Two-Way)
Configuring SSL for a Web Service Client
Configuring Two-Way SSL for a Web Service Client
Setting up the Keystore for Message Protection
Setting Up the Web Service Client Keystore at Design Time
How to Obtain a Trusted Certificate
How to Create and Use a Java Keystore
How to Create Private Keys and Load Trusted Certificates
Configuring SSL on Oracle HTTP Server
One-Way SSL
Two-Way SSL
Using Hardware Security Modules With Oracle WSM
Using SafeNet Luna SA With Oracle WSM for Key Storage
About Installing and Configuring the Luna SA HSM Client
Configuring the JRE Used By Oracle WSM
Logging On to Luna SA
Copying Keys and Certificates from JKS to Luna SA
Configuring Oracle WSM to Use Luna SA
Using Service Identity Certification Extension
Hostname Verification Included in WSDL
Enabling or Disabling Service Identity Certificate Extension and Hostname Verification
Ignoring the Service Identity Certificate Extension From the Client
Ignoring Hostname Verification from the Client
Configuring the Credential Store Provider
Configuring an Authentication Provider in WebLogic Server
What Type of WebLogic Security Authentication Providers Must You Create?
Configuring the SAML and Kerberos Login Modules
Configuring SAML
How the SAML Token is Validated
Which Authentication Provider is Used?
How to Configure SAML Web Service Client at Design Time
Configure the Username for the SAML Assertion
Including User Attributes in the Assertion
Including User Roles in the Assertion
How to Configure Oracle Platform Security Services (OPSS) for SAML Policies
Adding an Additional SAML Assertion Issuer Name
Configuring SAML Web Service Clients for Identity Switching
Set the javax.xml.ws.security.auth.username Property
Set the WSIdentityPermission Permission
Defining a Trusted Distinguished Names List for SAML Signing Certificates
Using Kerberos Tokens
Configuring the KDC
Initializing and Starting the MIT Kerberos KDC
Creating Principals
Configuring the Web Service Client to Use the Correct KDC
Setting the Service Principal Name In the Web Service Client
Setting the Service Principal Name In the Web Service Client at Design Time
Configuring the Web Service to Use the Right KDC
Using the Correct Keytab File in Enterprise Manager
Authenticating the User Corresponding to the Service Principal
Creating a Ticket Cache for the Web Service Client
Using Active Directory with Kerberos and Message Protection
Setting Up the Web Service Client
Create a User Account
Create a Keytab File
Set the Service Principal Name
Set Up the Web Service
SAML Message Protection Use Case
What You Need to Know
Requirements of the wss11_saml_token_with_message_protection_service_policy Policy
How Are Messages Protected Via Symmetric Keys?
What Keys Must Be in the Keystore?
Multi-Domain Use Case (Keystore Hardening)
When to Override the SAML Issuer
Main Steps
Create a WebLogic Server User
Create a Java Keystore
Configure the Web Services Manager Keystore
Store the Password for the Decryption Key in the Credential Store
Attach the Policy to Your Web Service
Attach the Policy to Your Web Service Client
WS-Trust Policies and Configuration Steps
Overview of Web Services WS-Trust
How the STS Configuration is Obtained
Typical Token Request and Response
Example WS-Trust Use Case
On Behalf Of Use Cases
Token Lifetime
What Token Types Are Exchanged?
Overview of Sender Vouches in WS-Trust
Setting Up Automatic Policy Configuration for STS
Requirements for Automatic Policy Configuration
Setting Up Automatic Policy Configuration: Main Steps
Manually Configuring the STS Config Policy From the Web Service Client: Main Steps
Using SAML Sender Vouches with WS Trust
Available WS-Trust Policies
Programmatic Configuration Overrides for WS-Trust Client Policies
Supported STS Servers
Examples Using WS-Trust with OpenSSO STS
Configuring OpenSSO STS
SAML Holder-of-Key With Message Protection Scenario
SAML Sender Vouches with Message Protection Scenario
SAML Bearer with Message Protection Scenario
11
Configuring Policies
Determining Which Security Policies to Use
Protecting Messages
Message Protection Basics
Example for Partial Encryption
Security SwA Attachments
Which Policies Offer Message Protection?
Authentication-Only Policies and Configuration Steps
oracle/wss_http_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_http_token_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss_username_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client At Design Time
oracle/wss_username_token_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_saml_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml20_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml20_token_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss11_kerberos_token_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_kerberos_token_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Configure WebLogic Server
Message Protection-Only Policies and Configuration Steps
oracle/wss10_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Configure the Web Service Client
How to Configure the Web Service Client at Design Time
oracle/wss11_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
Message Protection and Authentication Policies and Configuration Steps
Configuring a Policy With an OR Group
oracle/wss_http_token_over_ssl_client_policy
Setting You Can Change
Properties You Can Configure
How to Set Up the Web Services Client
How to Set Up the Web Service Client at Design Time
oracle/wss_http_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss_saml_token_bearer_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_saml_token_bearer_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss_saml20_token_bearer_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_saml20_token_bearer_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss_saml_token_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_saml_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module.
How to Set Up WebLogic Server
oracle/wss_saml20_token_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_saml20_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module.
How to Set Up WebLogic Server
oracle/wss_username_token_over_ssl_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_username_token_over_ssl_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_saml_hok_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_hok_token_with_message_protection_service_policy
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml_token_with_message_integrity_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_with_message_integrity_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml20_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml20_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_saml_token_with_message_protection_ski_basic256_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_saml_token_with_message_protection_ski_basic256_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up WebLogic Server
oracle/wss10_username_id_propagation_with_msg_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_username_id_propagation_with_msg_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_username_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_username_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_username_token_with_message_protection_ski_basic256_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_username_token_with_message_protection_ski_basic256_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up WebLogic Server
oracle/wss10_x509_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss10_x509_token_with_message_protection_service_policy
Settings You Can Change
Attributes You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_kerberos_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_kerberos_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_kerberos_token_with_message_protection_basic128_client_policy
Settings You Can Change
Properties You Can Configure
How to Set up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_kerberos_token_with_message_protection_basic128_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_saml_token_identity_switch_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_saml_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_saml_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_saml20_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_saml20_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
Configure the Login Module
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_username_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_username_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wss11_x509_token_with_message_protection_client_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_x509_token_with_message_protection_service_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
Authorization Policies and Configuration Steps
Determining Which Resources to Protect
How Authorization Permissions Are Determined
OPSS Resource Name Can Include Operation Name
oracle/binding_authorization_denyall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/binding_authorization_permitall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/binding_permission_authorization_policy
Settings You Can Change
Attributes You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/component_authorization_denyall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/component_authorization_permitall_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/component_permission_authorization_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
oracle/whitelist_authorization_policy
Settings You Can Change
Properties You Can Configure
How to Set Up Oracle Platform Security Services (OPSS)
How to Successfully Invoke Services Using This Policy
Configuring Oracle HTTP Server to Specify Request Origin
WS-Addressing Policies and Configuration Steps
oracle/wsaddr_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
WS-Trust Policies
oracle/sts_trust_config_service_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service
oracle/sts_trust_config_client_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up the Web Service
oracle/wss_sts_issued_saml_bearer_token_over_ssl_client_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service
oracle/wss11_sts_issued_saml_with_message_protection_client_policy
Policy Assertion
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
MTOM Attachment Policies and Configuration Steps
oracle/wsmtom_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
Reliable Messaging Policies and Configuration Steps
WS-RM Policy Properties
oracle/wsrm10_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
oracle/wsrm11_policy
How to Set Up the Web Service Client
How to Set Up the Web Service Client at Design Time
How to Set Up Oracle Platform Security Services (OPSS)
Management Policies and Configuration Steps
oracle/log_policy
Settings You Can Change
Properties You Can Configure
How to Set Up the Web Service or Client
How to Set Up Oracle Platform Security Services (OPSS)
Attaching Policy Files to Web Services and Clients
Using Client Programmatic Configuration Overrides
Configuration Override Example
Configuring Local Optimization for a Policy
Controlling When Local Optimization is Used
Configuring the Policy-Level Optimization Control
12
Testing Web Services
Testing Your Web Services
Editing the Input Arguments as XML Source
Enabling Authentication
Enabling Quality of Service Testing
Enabling HTTP Transport Options
Stress Testing the Web Service Operation
Disabling the Test Page for a Web Service
13
Monitoring the Performance of Web Services
Overview of Performance Monitoring
When Are Web Service Statistics Started or Reset?
Viewing Web Service Statistics from the Summary Page
Viewing Web Service Statistics for a Server Instance
Viewing Web Service-Specific Statistics
Viewing Endpoint-Specific Operations Statistics
Viewing the Security Violations for a Web Service
Part III Advanced Administration
14
Advanced Administration
Registering Web Services and Sources
UDDI Basics
WSIL Basics
Viewing Registered Sources and Web Services
Registering a Source
Registering Web Services from a UDDI Source
Registering Web Services from a WSIL Source
Deleting a Web Service or Web Service Source
Publishing Web Services to UDDI
Configuring the Proxy Server for UDDI
Auditing Web Services
Configuring Audit Policies
Managing Audit Data Collection and Storage
Viewing Audit Reports
Managing the WSDL
Adding Security to a Running Client
Configuring Platform Policy Properties
Configuring a Web Service on a Remote Policy Manager and Tuning the Policy Cache
Configuring Web Service Policy Retrieval
Tuning Web Service Security Policy Enforcement
Defining Identity Extension Properties
Defining a Trusted Distinguished Name List for SAML Signing Certificates
Setting Up the Java Object Cache
Running the configure-joc.py Script
Changing the OracleSystemUser Default User
Changing the JMS System User for Asynchronous Web Services
15
Managing Application Migration Between Environments
Overview of Web Service Application Migration
Overview of Horizontal Policy Migration
Sample Use Cases for Deployment Descriptor Migration
Scaling a Deployed ADF Business Control or WebCenter Web Service Application in a Cluster
Propagating Run-time Policy Changes in an ADF Business Control or WebCenter Web Service Environment
Migrating Policies
Migrating Policy Configuration
Migrating Keystores
Migrating Users and Groups
Migrating Credentials
Migrating Username and Password
Migrating Keystores and Encryption Key Passwords
Migrating Oracle Platform Security Services Application and System Policies
Migrating Oracle Platform Security Services Configuration
Migrating SSL
Migrating Kerberos Configuration
Migrating Assertion Templates
Migrating Deployment Descriptors
16
Diagnosing Problems
Diagnosing Problems with Oracle WSM Policy Manager
Diagnosing Problems Using Logs
Using Diagnostic Logs for Web Services
Setting the Log Level for Diagnostic Logs
Viewing Diagnostic Logs
Filtering Diagnostic Logs
Logging Oracle WSM Debug Messages
Using Message Logs for Web Services
Configuring Message Logs
Viewing Message Logs
Filtering Message Logs
Reviewing Sample Logs
Sample Log: Oracle WSM Policy Manager Not Available
Sample Log: Security Keystore Not Configured
Sample Log: Certificate Not Available
Configuring Log Files for a Web Service
17
Maintaining the Oracle WSM Repository
About the Oracle WSM Repository
Registering an Oracle WSM Repository
Understanding the Different Mechanisms for Importing and Exporting Policies
Importing and Exporting Documents in the Repository
Migrating Policies Between Application Environments
Exporting Policies from the Oracle WSM Repository for Use in JDeveloper
Patching Policies in the Repository
Backing Up and Restoring the Oracle WSM Repository
Upgrading the Oracle WSM Policies in the Repository
Rebuilding the Oracle WSM Repository
Part IV WebLogic Web Service Administration
18
Securing and Administering WebLogic Web Services
Steps to Secure and Administer WebLogic Web Services
Attaching Policies to WebLogic Web Services and Clients
Attaching Oracle WSM Policies to WebLogic Web Services
Attaching Oracle WSM Policies to WebLogic Web Service Clients
Attaching WebLogic Web Service Policies to WebLogic Web Services
Attaching WebLogic Web Service Policies to WebLogic Web Service Clients
Part V Reference
A
Web Service Security Standards
Web Services Interoperability Organization—Basic Security Profile
Transport Layer Security—SSL
XML Encryption (Confidentiality)
XML Signature (Integrity, Authenticity)
WS-Security
WS-Security Tokens
Username
X.509 Certificate
Kerberos Token
SAML Token
WS-Policy
WS-SecurityPolicy
Web Services Addressing (WS-Addressing)
WS-Trust
WS-ReliableMessaging
B
Predefined Policies
Security Policies
Authentication Only Policies
oracle/wss_http_token_client_policy
oracle/wss_http_token_service_policy
oracle/wss_username_token_client_policy
oracle/wss_username_token_service_policy
oracle/wss10_saml_token_client_policy
oracle/wss10_saml_token_service_policy
oracle/wss10_saml20_token_client_policy
oracle/wss10_saml20_token_service_policy
oracle/wss11_kerberos_token_client_policy
oracle/wss11_kerberos_token_service_policy
Message Protection Only Policies
oracle/wss10_message_protection_client_policy
oracle/wss10_message_protection_service_policy
oracle/wss11_message_protection_client_policy
oracle/wss11_message_protection_service_policy
Message Protection and Authentication Policies
oracle/wss_http_token_over_ssl_client_policy
oracle/wss_http_token_over_ssl_service_policy
oracle/wss_saml_or_username_token_over_ssl_service_policy
oracle/wss_saml_token_bearer_over_ssl_client_policy
oracle/wss_saml_token_bearer_over_ssl_service_policy
oracle/wss_saml20_token_bearer_over_ssl_client_policy
oracle/wss_saml20_token_bearer_over_ssl_service_policy
oracle/wss_saml_token_over_ssl_client_policy
oracle/wss_saml_token_over_ssl_service_policy
oracle/wss_saml20_token_over_ssl_client_policy
oracle/wss_saml20_token_over_ssl_service_policy
oracle/wss_username_token_over_ssl_client_policy
oracle/wss_username_token_over_ssl_service_policy
oracle/wss10_saml_hok_with_message_protection_client_policy
oracle/wss10_saml_hok_token_with_message_protection_service_policy
oracle/wss10_saml_token_with_message_integrity_client_policy
oracle/wss10_saml_token_with_message_integrity_service_policy
oracle/wss10_saml_token_with_message_protection_client_policy
oracle/wss10_saml_token_with_message_protection_service_policy
oracle/wss10_saml20_token_with_message_protection_client_policy
oracle/wss10_saml20_token_with_message_protection_service_policy
oracle/wss10_saml_token_with_message_protection_ski_basic256_client_policy
oracle/wss10_saml_token_with_message_protection_ski_basic256_service_policy
oracle/wss10_username_id_propagation_with_msg_protection_client_policy
oracle/wss10_username_id_propagation_with_msg_protection_service_policy
oracle/wss10_username_token_with_message_protection_client_policy
oracle/wss10_username_token_with_message_protection_service_policy
oracle/wss10_username_token_with_message_protection_ski_basic256_client_policy
oracle/wss10_username_token_with_message_protection_ski_basic256_service_policy
oracle/wss10_x509_token_with_message_protection_client_policy
oracle/wss10_x509_token_with_message_protection_service_policy
oracle/wss11_kerberos_token_with_message_protection_client_policy
oracle/wss11_kerberos_token_with_message_protection_service_policy
oracle/wss11_kerberos_token_with_message_protection_basic128_client_policy
oracle/wss11_kerberos_token_with_message_protection_basic128__service_policy
oracle/wss11_saml_token_with_message_protection_client_policy
oracle/wss11_saml20_token_with_message_protection_client_policy
oracle/wss11_saml_token_with_identity_switch_message_protection_client_policy
oracle/wss11_saml_token_with_message_protection_service_policy
oracle/wss11_saml20_token_with_message_protection_service_policy
oracle/wss11_saml_or_username_token_with_message_protection_service_policy
oracle/wss11_username_token_with_message_protection_client_policy
oracle/wss11_username_token_with_message_protection_service_policy
oracle/wss11_x509_token_with_message_protection_client_policy
oracle/wss11_x509_token_with_message_protection_service_policy
WS-Trust Policies
oracle/sts_trust_config_service_policy
oracle/sts_trust_config_client_policy
oracle/wss_sts_issued_saml_bearer_token_over_ssl_client_policy
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_policy
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_policy
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_policy
oracle/wss11_sts_issued_saml_with_message_protection_client_policy
Authorization Only Policies
oracle/binding_authorization_denyall_policy
oracle/binding_authorization_permitall_policy
oracle/binding_permission_authorization_policy
oracle/component_authorization_denyall_policy
oracle/component_authorization_permitall_policy
oracle/component_permission_authorization_policy
oracle/whitelist_authorization_policy
WS-Addressing Policies
oracle/wsaddr_policy
MTOM Attachment Policies
oracle/wsmtom_policy
Reliable Messaging Policies
oracle/wsrm10_policy
oracle/wsrm11_policy
Management Policies
oracle/log_policy
No Behavior Policies
oracle/no_authentication_service_policy
oracle/no_authentication_client_policy
oracle/no_messageprotection_service_policy
oracle/no_messageprotection_client_policy
oracle/no_authorization_service_policy
oracle/no_authorization_component_policy
oracle/no_addressing_policy
oracle/no_mtom_policy
oracle/no_wsrm_policy
C
Predefined Assertion Templates
Security Assertion Templates
Authentication Only Assertion Templates
oracle/wss_http_token_client_template
oracle/wss_http_token_service_template
oracle/wss_username_token_client_template
oracle/wss_username_token_service_template
oracle/wss10_saml_token_client_template
oracle/wss10_saml_token_service_template
oracle/wss10_saml20_token_client_template
oracle/wss10_saml20_token_service_template
oracle/wss11_kerberos_token_client_template
oracle/wss11_kerberos_token_service_template
Message-Protection Only Assertion Templates
oracle/wss10_message_protection_client_template
oracle/wss10_message_protection_service_template
oracle/wss11_message_protection_client_template
oracle/wss11_message_protection_service_template
Message Protection and Authentication Assertion Templates
oracle/wss_http_token_over_ssl_client_template
oracle/wss_http_token_over_ssl_service_template
oracle/wss_saml_token_bearer_over_ssl_client_template
oracle/wss_saml_token_bearer_over_ssl_service_template
oracle/wss_saml20_token_bearer_over_ssl_client_template
oracle/wss_saml20_token_bearer_over_ssl_service_template
oracle/wss_saml_token_over_ssl_client_template
oracle/wss_saml_token_over_ssl_service_template
oracle/wss_saml20_token_over_ssl_client_template
oracle/wss_saml20_token_over_ssl_service_template
oracle/wss_username_token_over_ssl_client_template
oracle/wss_username_token_over_ssl_service_template
oracle/wss10_saml_hok_token_with_message_protection_client_template
oracle/wss10_saml_hok_token_with_message_protection_service_template
oracle/wss10_saml_token_with_message_protection_client_template
oracle/wss10_saml_token_with_message_protection_service_template
oracle/wss10_saml20_token_with_message_protection_client_template
oracle/wss10_saml20_token_with_message_protection_service_template
oracle/wss10_username_token_with_message_protection_client_template
oracle/wss10_username_token_with_message_protection_service_template
oracle/wss10_x509_token_with_message_protection_client_template
oracle/wss10_x509_token_with_message_protection_service_template
oracle/wss11_kerberos_token_with_message_protection_client_template
oracle/wss11_kerberos_token_with_message_protection_service_template
oracle/wss11_saml_token_with_message_protection_client_template
oracle/wss11_saml_token_with_message_protection_service_template
oracle/wss11_saml20_token_with_message_protection_client_template
oracle/wss11_saml20_token_with_message_protection_service_template
oracle/wss11_username_token_with_message_protection_client_template
oracle/wss11_username_token_with_message_protection_service_template
oracle/wss11_x509_token_with_message_protection_client_template
oracle/wss11_x509_token_with_message_protection_service_template
WS-Trust Assertion Templates
oracle/sts_trust_config_client_template
oracle/sts_trust_config_service_template
oracle/wss_sts_issued_saml_bearer_token_over_ssl_client_template
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_template
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_template
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_template
oracle/wss11_sts_issued_saml_with_message_protection_client_template
Authorization Assertion Templates
oracle/binding_authorization_template
oracle/binding_permission_authorization_template
oracle/component_authorization_template
oracle/component_permission_authorization_template
Supported Algorithm Suites
Message Signing and Encryption Settings for Request, Response, and Fault Messages
Management Assertion Templates
oracle/security_log_template
No Behavior Assertion Templates
D
Schema Reference for Predefined Assertions
Graphical Representation
Element Descriptions
wsp:Policy
Attributes
Example
wsp:ExactlyOne
Attributes
Example
orasp:Assertion
Attributes
Example
orawsp:bindings
Example
orawsp:Config
Attributes
Example
orawsp:PropertySet
Attributes
Example
orawsp:Property
Attributes
Example
orawsp:Description
Example
orawsp:Value
Example
orawsp:guard
Examples
orawsp:resource-match
Examples
orawsp:action-match
Examples
orawsp:constraint-match
Example
oralgp:Logging
Example
orasp:binding-authorization
Example
orasp:binding-permission-authorization
Example
orasp:coreid-security
Example
orasp:http-security
Example
orasp:kerberos-security
Example
orasp:sca-component-authorization
Example
orasp:sca-component-permission-authorization
Example
orasp:wss10-anonymous-with-certificates
Example
orasp:wss10-mutual-auth-with-certificates
Example
orasp:wss10-saml-hok-with-certificates
Example
orasp:wss10-saml-token
Example
orasp:wss10-saml-with-certificates
Example
orasp:wss10-username-with-certificates
Example
orasp:wss11-anonymous-with-certificates
Example
orasp:wss11-mutual-auth-with-certificates
Example
orasp:wss11-saml-with-certificates
Example
orasp:wss11-username-with-certificates
Example
orasp:wss-saml-token-bearer-over-ssl
Example
orasp:wss-saml-token-over-ssl
Example
orasp:wss-username-token
Example
orasp:wss-username-token-over-ssl
Example
rm:RMAssertion
Example
wsaw:UsingAddressing
Example
wsoma:OptimizedMimeSerialization
Example
oralgp:fault
Example
oralgp:request
Example
oralgp:response
Example
oralgp:msg-log
Example
orasp:attachment
Attributes
Example
orasp:auth-header
Attributes
Examples
orasp:body
Example
orasp:check-permission
Example
orasp:coreid-token
Attributes
Example
orasp:denyAll
Example
orasp:element
Attributes
Example
orasp:encrypted-elements
Example
orasp:encrypted-parts
Example
orasp:fault
Example
orasp:header
Attributes
Example
orasp:kerberos-token
Attributes
Example
orasp:msg-security
Attributes
Example
orasp:permitAll
Example
orasp:request
Example
orasp:require-tls
Attributes
Examples
orasp:response
Example
orasp:role
Attribute
Example
orasp:saml-token
Attributes
Example
orasp:signed-elements
Example
orasp:signed-parts
Example
orasp:username-token
Attributes
Example
orasp:x509-token
Attributes
Example
orawsp:Description
Example
E
Schema Reference for Policy Sets
Graphical Representation
Element Descriptions
policySet
Attributes
wsp:policyReference
Attributes
Example
Scripting on this page enhances content navigation, but does not change the content in any way.