The Web service client (for example, the SOA reference binding component) where you attached the wss11_saml_token_identity_switch_with_message_protection_client_policy must have the oracle.wsm.security.WSIdentityPermission.
To use Fusion Middleware Control and add the oracle.wsm.security.WSIdentityPermission to the SOA reference binding component as a System Grant, perform the following steps:
- In the Navigator pane, expand WebLogic Domain to show the domain where you need to configure the application. Select the domain.
- Using Fusion Middleware Control, click WebLogic Domain, Security, System Policies. System policies are the system-wide policies applied to all applications deployed to the current WebLogic Domain.
- From the System Policies page, select the arrow icon in the Permission field to search the system security grants.
- Select one of the codebase permissions to use as a starting point and click Create Like.
- In the Grant Details section of the page, enter file:${common.components.home}/modules/oracle.wsm.agent.common_11.1.1/wsm-agent-core.jar in the Codebase field.
- In the Permissions section of the page, select the starting point permission class and click Edit.
- In the Permission Class field, enter oracle.wsm.security.WSIdentityPermission. The resource name is the composite name for SOA and the application name for a J2EE client. The action is always assert.