43.7 Managing and Migrating Security Token Service Policies

You need to perform the following task to manage and migrate Security Token Service policies:

43.7.1 About Managing and Migrating Security Token Service Policies

Security Token Service policies for endpoints reside in sts-policies.jar. This file lists all the policies packaged in the directory as file names to allow the server to read the JAR entries programmatically when migrating policies to destination repository.

This jar is copied to following location under $WLS_HOME ($Oracle_IDM1, for example):


The sts-policies.jar contains the stspolicies.prop file at the following location in the JAR:



Be sure to update policies and stspolicies.prop as needed before migration.

43.7.2 Managing Security Token Service Policies

The following procedure outlines the various scenarios for policy updates. Task Overview: Updating Policies and stspolicies.prop

You must perform the following tasks to update policies and stspolicies.prop

  1. Add a Policy to sts-policies jar: Before creating the new jar, you must also update the stspolicies.prop file at META-INF/policies/sts/ to include this new policy file name.
  2. Delete a Policy from sts-policies jar: You must also delete the entry from file META-INF/policies/sts/stspolicies.prop.
  3. Update Existing Policy File Name: When re-naming a policy file at META-INF/policies/sts/, you must also update the corresponding entry in the file META-INF/policies/sts/stspolicies.prop file.
  4. Update Existing Policy Content: When updating the content of a policy file, without touching the file name, there is no need to do anything else.

43.7.3 Migrating Security Token Service Policies

During installation a check is performed to establish whether SOA is deployed within the domain where Security Token Service is being installed. If SOA is installed, the Security Token Service Policies are migrated to the Oracle WSM PM repository.

  • If SOA is not installed, the Oracle WSM protocol is set to classpath and policies are read from the JAR on the class path.

  • If SOA is present within the domain, Security Token Service reads the policies from sts-policies.jar and migrates them to the Oracle WSM PM repository by calling Oracle WSM Mbeans.

  • If SOA is installed after Security Token Service within the same domain, ensure smooth operations between SOA and Security Token Service as follows:

    • The Oracle WSM protocol must be set to 'remote'.

    • Security Token Service policies from sts-policies jar must be migrated to Oracle WSM PM repository using Oracle WSM provided tools.