Use the Security Token Generation Matrix to help you configure OpenSSO STS to generate a web service client security token required by the web service provider. First, in the last column titled OpenSSO STS Output Token, find a description that meets the web service provider token requirements. Then use the parameter values in the same row when you configure the Security Token Service. The "Token Generation Matrix Legend" provides information about the table headings and available options. See Section 5.2.3, "To Configure the Security Token Service" for detailed configuration instructions. For general information about Web Service Security and related terminology, see:
http://www.oracle.com/technology/tech/standards/pdf/security.pdf
http://download.oracle.com/docs/cd/E15523_01/web.1111/b32511/ intro_security.htm#CDDHHGEE
The Security Token Generation Matrix summarizes frequently-used Security Token Service parameter settings and the types of security tokens OpenSSO STS generates based on these settings.
Table 4–1 Security Token Generation Matrix
Row |
Message-Level Security Binding |
Web Service Client Token |
KeyType |
OnBehalfOf Token |
Use Key |
OpenSSO STS Output Token |
1 |
Asymmetric |
X509 |
Bearer |
Yes |
No |
SAML Bearer, no proof key |
2 |
Asymmetric |
Username |
Bearer |
Yes |
No |
SAML Bearer, no proof key |
3 |
Asymmetric |
X509 |
Bearer |
No |
No |
SAML Bearer, no proof key |
4 |
Asymmetric |
Username |
Bearer |
No |
No |
SAML Bearer, no proof key |
5 |
Asymmetric |
X509 |
Symmetric |
Yes |
No |
SAML Holder-of-Key, Symmetric proof key |
6 |
Asymmetric |
Username |
Symmetric |
Yes |
No |
SAML Holder-of-Key, Symmetric proof key |
7 |
Asymmetric |
X509 |
Symmetric |
No |
No |
SAML Holder-of-Key, Symme |
8 |
Asymmetric |
Username |
Symmetric |
No |
No |
SAML Holder-of-Key, Symmetric proof key |
9 |
Asymmetric |
X509 |
Asymmetric |
No |
Web Service Client public key |
SAML Holder-of-Key, Asymmetric proof key |
10 |
Asymmetric |
X509 |
Oracle-proprietary for SAML sender-vouches |
Yes |
No |
SAML sender-vouches, no proof key |
11 |
Asymmetric |
Username |
Oracle-proprietary for SAML sender-vouches |
Yes |
No |
SAML sender-vouches, no proof key |
12 |
Transport |
Username |
Bearer |
Yes |
No |
SAML Bearer, no proof key |
13 |
Transport |
Username |
Bearer |
No |
No |
SAML Bearer, no proof key |
14 |
Transport |
Username |
Symmetric |
Yes |
No |
SAML Holder-of-Key, Symmetric |
15 |
Transport |
Username |
Symmetric |
No |
No |
SAML Holder-of-Key, Symmetric proof key |
16 |
Transport |
Username |
Oracle-proprietary for SAML sender-vouches |
Yes |
No |
SAML sender-vouches, no proof key |
17 |
Asymmetric |
X509 |
Asymmetric |
No |
No |
SAML Holder-of-Key, Asymmetric proof key |
18 |
Asymmetric |
X509 |
No |
No |
No |
SAML Holder-of-Key, Asymmetric proof key |
19 |
Asymmetric |
Username |
No |
No |
No |
SAML Holder-of-Key, Symmetric proof key |
20 |
Transport |
Username |
No |
No |
No |
SAML Holder-of-Key, Symmetric proof key |