41.1 About the Security Token Service

Security Token Service is a Web Service (WS) Trust-based token service that allows for policy-driven trust brokering and secure identity propagation and token exchange between Web Services.

Security Token Service can be deployed as a Security and Identity Service and used to simplify the integration of distributed or federated Web services within an enterprise and its service providers.


Security Token Service is primarily based on the OASIS WS-Trust protocol but it also delegates the processing of other WS-* protocols present in the SOAP message.

Security Token Service brokers trust between a Web Service Consumer (WSC) and a Web Service Provider (WSP) and provides security token lifecycle management services to both. It allows for the use of various federation protocols like SAML, WS-Federation, Liberty, or OpenID.The Oracle Access Management Security Token Service (Security Token Service) is deployed with Access Manager and must be activated as a service.