43.5 Using and Managing WSS Policies for Oracle WSM Agents

You can use existing Oracle Workspace Studio policies to protect Security Token Service Web Service endpoints.

For instance:

• classpath mode: Existing Oracle Workspace Studio policies defined in $ORACLE_IDM_HOME/oam/server/policy/sts-policies.jar are used in this mode

• SOA deployment: Policies defined in the Oracle WSM Policy Manager available from a SOA deployment are used

The following topics describe how to manage Web Service Security Policies for Security Token Service:

• Using and Modifying Oracle Workspace Studio Policies

• Managing WSS Policies for Security Token Service: Classpath

• Managing WSS Policies for Security Token Service: Oracle WSM Policy Manager

43.5.1 Using and Modifying Oracle Workspace Studio Policies

WS-Security Policies protect Security Token Service WS Endpoint. You can modify these policies.

TheWS-Security Policies that Oracle provides cover most use cases.

See About Security Token Service End Points and Policies.

See "Attaching Policies to Web Services" in the Administering Web Services

43.5.2 Managing WSS Policies for Security Token Service: Classpath

Predefined Oracle Web Services Manager policies are constructed using assertions based on predefined assertion templates. For WSS Policy classpath mode, the OWSM Agent retrieves policies from sts-policies.jar located on the classpath.

If SOA is not deployed in the WebLogic Server domain, the Security Token Service installer configures the WebLogic Server domain for WSS Policy classpath mode. The JAR file containing the WSS Policies used when the WLS Domain is configured for classpath is located at:

$ORACLE_IDM_HOME/oam/server/policy/sts-policies.jar

When your environment is in classpath mode, perform the following tasks to Administrators confirm sts-policies.jar is located on the classpath.

See "About Security Token Service End Points and Policies".

See "Oracle WSM Predefined Policies and Assertion Templates" in the Administering Web Services

43.5.2.1 Task Overview: Managing WSS Policies for Security Token Service: Classpath

You need to perform the following tasks to manage WSS policies for Security Service: Classpath:

1. Define an OWSM Assertion Template.
2. Proceed as follows, depending on your need:

   • Modify an OWSM Policy

   • Define a Policy using the OWSM Assertion Template

3. Bundle the Assertion Template and policy in the sts-policies.jar file:

   META-INF/assertiontemplates/oracle of the $ORACLE_IDM_HOME/oam/server/policy/
   sts-policies.jar
   

4. Confirm that sts-policies.jar is located in the following path to enable the policy URI to be available the Policy URI drop down list.

   $ORACLE_IDM_HOME/oam/server/policy/sts-policies.jar
   

5. Restart the Managed Servers running Security Token Service.
6. Proceed to the Oracle Access Management Console to configure the Security Token Service Endpoints.

43.5.3 Managing WSS Policies for Security Token Service: Oracle WSM Policy Manager

The Oracle WSM Policy Manager is the security linchpin for Oracle Fusion Middleware Web services and SOA applications.

For more information about how the Oracle WSM Policy Manager manages the policy framework, See "Understanding Oracle WSM Policy Framework" in Administering Web Services.

At design time, you attach Oracle WSM and WebLogic Web service policies to applications programmatically using your favorite IDE, such as Oracle JDeveloper. Alternatively, at deployment time you attach policies to SOA composites, ADF, and WebCenter applications using the Oracle Enterprise Manager Fusion Middleware Control, and to WebLogic Web services (Java EE) using the WebLogic Server Administration Console.

System Administrators can leverage the Oracle WSM through the Oracle Enterprise Manager Fusion Middleware Control to:

• Centrally define policies using the Oracle WSM Policy Manager.

• Enforce Oracle WSM security and management polices locally at run time.

When your environment is integrated with the OWSM Policy Manager, perform the following tasks to add or modify WSS policies for Security Token Service using Oracle Web Services Manager.

Note:

All of Oracle WSM's functionality is accessible to Administrators from Oracle Enterprise Manager Fusion Middleware Control.

See Part II, "Basic Administration" and Part III, "Advanced Administration" in the Administering Web Services.

43.5.3.1 Task Overview: Managing WSS Policies for Security Token Service: OWSM Policy Manager

You can locate and modify WSS policies for Security Service using the OWSM Policy Manager.

You need to perform the following tasks to manage WSS policies:

1. From the OWSM Policy Manager, locate and open the desired policy.
2. See the Administering Web Services and make any required changes to the policy.
3. Restart all Managed Servers running Security Token Service.
4. Proceed as follows:

   See Configuring OWSM for WSS Protocol Communication.