Oracle Web Services Manager (WSM) includes wss11_saml_token_identity_switch_with_message_protection_client_policy, which enables identity switching. Identity switching means that the policy propagates a different identity than the one based on the authenticated Subject.
The Service-Oriented Architecture (SOA) application requires you to specify which user identity to use in client-side Web service policies, and then dynamically switches the user associated with the SAML token in the outbound Web service request. Instead of using the user name from the Subject, this policy allows you to set a new user name when sending the SAML Web service request.
The wss11_saml_token_identity_switch_with_message_protection_client_policy creates the SAML token based on the user ID set via the property javax.xml.ws.security.auth.username.
The initial identity switching policy requires message encryption, which requires the server-side policy to be the same. You will not want this policy when working in P6. To change the policy, you need to create a new client-side policy based on the existing identity switching policy (this is done through Enterprise Manager (EM), using the "create like" option). Within the new policy definition, you can remove the existing assertion (SAML 1.1 SAML with Certificates) and replace it with a new assertion based on an appropriate template, which in this case is WS-Security SAML Token Client.