45.5 Managing Security Token Service Endpoints

An endpoint is a Web Service published by Security Token Service where clients can send WS-Trust requests over SOAP.

An endpoint is:

  • Protected by a WS Security Policy.

  • Bound to WSS Validation Template that will indicate how to validate the security token and how to map it.

  • Specific to a token type, namely, the one specified in the WSS Validation Template.


The WS-Security policy protecting the endpoint must be compatible with the WSS Validation Template bound to the endpoint.

An endpoint is a Web Service endpoint published by Security Token Service and protected by OWSM Agent. An endpoint is bound to:

  • A WS-Security policy that will determine the WSS requirements in terms of message protection and security tokens

  • A WSS Validation template that will indicate how the request will be processed, how the security token will be validated.

This section provides the following information:

45.5.1 About Managing Endpoints

An endpoint is a Web Service endpoint published by Security Token Service and protected by OWSM Agent.

Security Token Service Endpoint definitions consist of three categories, as shown in Figure 45-12.

Table 45-12 describes the required Endpoints categories.

Table 45-12 Endpoints Page

Elements Description

Endpoint URI

The path to the Endpoint, relative to the Security Token Service base URL The Security Token Service base URL is /sts.

Policy URI

Choose from a listing of Oracle WSM policies the one used to protect this Endpoint.

Oracle Access Management Administrators can add a new custom policy to the available listing.To show this newly created Policy URI in the endpoints table list, use the following wlst command to update the owsmpolicies map:

putStringProperty("/stsglobal/owsmpolicies/<index>", "<newcustom_policypath>)

For example:

putStringProperty("/stsglobal/owsmpolicies/31", "sts/newcustom_policy")

Validation Template ID

Choose from a listing of Validation Template names to identify one for use with this Endpoint.

Once an Endpoint is created, you can remove it but you cannot edit the definition.

45.5.2 Managing EndPoints

Users with valid Oracle Access Management Administrator credentials can add, edit, or remove an Endpoint.


Creating a Validation Template

To create or delete an endpoint:

  1. In the Oracle Access Management Console, click Federation at the top of the window.

  2. In the Federation console, select Endpoints from the View menu in the Security Token Service section.

  3. New Endpoint: see Table 45-12 and

    1. Click the Add (+) button above the table (or choose New Endpoint from the Actions menu).

    2. Enter the new Endpoint URI.

    3. Choose one of the Oracle WSM policies to protect this Endpoint.

    4. Choose the Validation Template to use with this Endpoint.

    5. Click Apply to submit the definition and dismiss the confirmation window (or click Revert to dismiss the page without submitting it).

    6. Close the page.

  4. Remove Endpoint:

    1. Highlight a row in the Endpoints table and click the Delete (X) button (or choose Delete Selected from the Actions menu).

    2. Confirm removal (or cancel the removal).