To Configure Web Services Security for the WebLogic Server/Portal 10 Agent

1. Perform the general steps, as described in Web Services Security Support for J2EE Agents in Policy Agent 3.0 in Sun OpenSSO Enterprise Policy Agent 3.0 User’s Guide for J2EE Agents.

2. Stop the WebLogic Server 10 instance.

3. Copy the xmlsec.jar file from the OpenSSO Enterprise server deployment to the PolicyAgent-base/lib directory.

   PolicyAgent-base is AgentHome/j2ee_agents/weblogic_v10_agent, where AgentHome is where you unzipped the agent distribution file.

   For example: /opt/j2ee_agents/weblogic_v10_agent/lib

4. Add the xmlsec.jar file to the AGENT_CLASSPATH variable:

   1. Find the setAgentEnv_weblogic-server-name.sh script.

      For example, if WebLogic Server 10 is installed at /usr/local/bea, change to the /usr/local/bea/user_projects/domains/base_domain directory.

   2. In setAgentEnv_weblogic-server-name.sh, add the PolicyAgent-base/lib/xmlsec.jar at the beginning of the AGENT_CLASSPATH variable.

   3. Save the change.

5. Edit the setDomainEnv.sh script as follows:

   1. Change to the /usr/local/bea/user_projects/domains/base_domain/bin directory.

   2. In setDomainEnv.sh, near the end of the file, find the following lines:

      JAVA_OPTIONS="${JAVA_OPTIONS}"
      export JAVA_OPTIONS

   3. Change the JAVA_OPTIONS="${JAVA_OPTIONS}" line to:

      JAVA_OPTIONS="${JAVA_OPTIONS}
      -Djavax.xml.soap.MessageFactory=com.sun.xml.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl
      -Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0"

      Note: The above entry must be on one line in the setDomainEnv.sh file.

   4. Save the change.

6. Make the following configuration change in the Security Token Service.

   1. Log in to the OpenSSO Enterprise Console as amadmin.

   2. Click Configuration, Global , then Security Token Service.

   3. Under Signing and Encryption, deselect “is Request Signature Verified”.

   4. Click Save.

7. Start the WebLogic Server 10 instance.