test

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Oracle WebLogic Server/Portal 10

Configuring Web Services Security for the WebLogic Server/Portal 10 Agent

The WebLogic Server/Portal 10 agent supports Web Services Security (WSS) for web service providers on WebLogic Server 10 (but not on WebLogic Portal 10).

A web service provider (WSP) deployed on WebLogic Server 10 protected by the agent can have additional security. For example, you can configure the WebLogic Server/Portal 10 agent and OpenSSO Enterprise server to support various Web Services Security profiles, including Username token, X509 token, and SAML2 token.

Configuring the WebLogic Server/Portal 10 agent to use Web Services Security with OpenSSO Enterprise is similar to configuring other Java EE policy agents, with several additional steps specific to WebLogic Server 10.

ProcedureTo Configure Web Services Security for the WebLogic Server/Portal 10 Agent

  1. Perform the general steps, as described in Web Services Security Support for J2EE Agents in Policy Agent 3.0 in Sun OpenSSO Enterprise Policy Agent 3.0 User’s Guide for J2EE Agents.

  2. Stop the WebLogic Server 10 instance.

  3. Copy the xmlsec.jar file from the OpenSSO Enterprise server deployment to the PolicyAgent-base/lib directory.

    PolicyAgent-base is AgentHome/j2ee_agents/weblogic_v10_agent, where AgentHome is where you unzipped the agent distribution file.

    For example: /opt/j2ee_agents/weblogic_v10_agent/lib

  4. Add the xmlsec.jar file to the AGENT_CLASSPATH variable:

    1. Find the setAgentEnv_weblogic-server-name.sh script.

      For example, if WebLogic Server 10 is installed at /usr/local/bea, change to the /usr/local/bea/user_projects/domains/base_domain directory.

    2. In setAgentEnv_weblogic-server-name.sh, add the PolicyAgent-base/lib/xmlsec.jar at the beginning of the AGENT_CLASSPATH variable.

    3. Save the change.

  5. Edit the setDomainEnv.sh script as follows:

    1. Change to the /usr/local/bea/user_projects/domains/base_domain/bin directory.

    2. In setDomainEnv.sh, near the end of the file, find the following lines:

      JAVA_OPTIONS="${JAVA_OPTIONS}"
export JAVA_OPTIONS

    3. Change the JAVA_OPTIONS="${JAVA_OPTIONS}" line to:

      JAVA_OPTIONS="${JAVA_OPTIONS}
-Djavax.xml.soap.MessageFactory=com.sun.xml.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl
-Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"

      Note: The above entry must be on one line in the setDomainEnv.sh file.

    4. Save the change.

  6. Make the following configuration change in the Security Token Service.

    1. Log in to the OpenSSO Enterprise Console as amadmin.

    2. Click Configuration, Global , then Security Token Service.

    3. Under Signing and Encryption, deselect “is Request Signature Verified”.

    4. Click Save.

  7. Start the WebLogic Server 10 instance.