C Security Policies for Connector APIs

Connecting to external services usually requires some degree of authentication and authorization. When you configure a connector API, you have the option of specifying the security policies to use when communicating with an external service (except for ICS Connector APIs where the security policy is determined by the WSDL for SOAP-based integrations).

Descriptions of the supported Oracle Web Services Manager (Oracle WSM) security policies for the REST, SOAP, ICS, and Fusion Applications Connector APIs are provided here. Additionally, the policy properties that you can override are also described along with a mapping of policy properties to the policies that contain them.

Note that for connector APIs, only client policies are valid.

Security Policies for REST Connector APIs

The supported Oracle Web Services Manager (Oracle WSM) security policies for REST Connector APIs are described in the following table:

Security Policy Description

http_basic_auth_over_ssl_client_policy

Includes user name and password in an HTTP Basic Authorization header.

http_jwt_token_client_policy

Includes a JWT token in the HTTP header. A JSON Web Token represents claims and is generally used in Federated Identity systems where the source and target have mutual trust and a shared identity realm. The JWT token is create automatically. The issuer name and subject name are provided either programmatically or declaratively through the policy. You can specify the audience restriction condition for this policy.

http_jwt_token_identity_switch_client_policy

Includes JWT token in the HTTP header. Similar to http_jwt_token_client_policy but this policy also performs dynamic identity switching by propagating a different identity than the one based on authenticated Subject (mobile user).

http_jwt_token_over_ssl_client_policy

Includes a JWT token in the HTTP header. A JSON Web Token represents claims and is generally used in Federated Identity systems where the source and target have mutual trust and a shared identity realm. The JWT token is created automatically. The issuer name and subject name are provided either programmatically or declaratively through the policy. You can specify the audience restriction condition for this policy. This version of the policy enforces that connections are made over https.

http_saml20_token_bearer_client_policy

Includes SAML 2.0 tokens in the HTTP header. SAML provides single sign-on in that multiple services can redirect a user to a single identity provider, which supplies signed assertion tokens. The SAML token with confirmation method Bearer is created automatically.

http_saml20_token_bearer_over_ssl_client_policy

Includes SAML 2.0 tokens in the HTTP header. SAML provides single sign-on in that multiple services can redirect a user to a single identity provider, which supplies signed assertion tokens. The SAML token with confirmation method Bearer is created automatically. This version of the policy enforces that connections are made over https.

oauth2_config_client_policy

Provides information about the OAuth2 server, which preforms authorization and issues the access tokens.

You must set both this policy and oracle/http_oauth2_token_client_policy together.

http_oauth2_token_client_policy

Includes OAuth2 access token in the request. OAuth2 allows users to safely grant client applications limited access to protected resources..

You must set both this policy and oracle/oauth2_config_client_policy together.

http_oauth2_token_over_ssl_client_policy

Includes OAuth2 access token in the request. OAuth2 allows users to safely grant client applications limited access to protected resources.

You must set both this policy and oracle/oauth2_config_client_policy together. This version of the policy enforces that connections are made over https.

Security Policies for SOAP Connector APIs

The supported Oracle Web Services Manager (Oracle WSM) security polices for SOAP connectors are described in the following table:

Security Policy Description

http_basic_auth_over_ssl_client_policy

Includes credentials in the HTTP header for outbound client requests. This policy also verifies that the transport protocol is HTTPS. Requests over a non-HTTPS transport protocol are refused. This policy can be applied to any HTTP-based endpoint.

wss_http_token_client_policy

Includes credentials in the HTTP header for outbound client requests. The credentials can be provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. This policy can be applied to any HTTP-based client. Note: Currently only HTTP Basic Authentication is supported.

wss_http_token_over_ssl_client_policy

Includes credentials in the HTTP header for outbound client requests. The credentials are provided either programmatically or through the Java Authentication and Authorization Service (JAAS) subject. It also verifies that the outbound transport protocol is HTTPS. If a non-HTTPS transport protocol is used, then the request is refused. This policy can be applied to any HTTP-based client.

wss_saml_token_bearer_client_policy

Includes the SAML Bearer token in outbound SOAP request messages. The SAML token is automatically created and is by default signed with an enveloped signature. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject.

wss_saml_token_bearer_over_ssl_client_policy

Includes SAML tokens in outbound SOAP request messages. The SAML token with confirmation method Bearer is automatically created. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. The policy also verifies that the transport protocol provides SSL message protection. This policy can be attached to any SOAP-based client

wss_saml20_token_bearer_over_ssl_client_policy

Includes SAML V2.0 tokens in outbound SOAP request messages. The SAML token with confirmation method Bearer is automatically created. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. Optionally, attesting entity and audience restriction condition can be specified. The policy also verifies that the transport protocol provides SSL message protection. This policy can be attached to any SOAP-based client.

wss_saml20_token_over_ssl_client_policy

Includes SAML V2.0 tokens in outbound SOAP request messages. The SAML token is automatically created. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. Optionally, attesting entity and audience restriction condition can be specified. The policy also verifies that the transport protocol provides SSL message protection. This policy can be attached to any SOAP-based client.

wss_username_token_client_policy

Includes credentials in the WS-Security UsernameToken header for all outbound SOAP request messages. Only the plain text mechanism is supported. The credentials can be provided either programmatically, through the Java Authentication and Authorization Service (JAAS), or by a reference in the policy to the configured credential store. This policy can be attached to any SOAP-based client.

wss_username_token_over_ssl_client_policy

Includes credentials in the HTTP header for outbound client requests. The credentials are provided either programmatically or through the Java Authentication and Authorization Service (JAAS) subject. It also verifies that the outbound transport protocol is HTTPS. If a non-HTTPS transport protocol is used, then the request is refused. This policy can be applied to any HTTP-based client.

wss10_message_protection_client_policy

Provides message integrity and confidentiality for outbound SOAP requests in accordance with the WS-Security v1.0 standard. It uses WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanism for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. This policy doesn’t authenticate or authorize the requestor.

wss10_saml_hok_token_with_message_protection_client_policy

Provides message-level protection and a SAML holder of key based authentication for outbound SOAP messages in accordance with the WS-Security 1.0 standard. It uses WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouchers confirmation. These credentials are provided either programmatically or through the security configuration.

wss10_saml_token_client_policy

Includes SAML tokens in outbound SOAP request messages. The SAML token is automatically created. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject.

wss10_saml_token_with_message_protection_client_policy

Provides message-level protection and SAML-based authentication for outbound SOAP messages in accordance with the WS-Security 1.0 standard. It uses WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client is configured either on a per-request basis or through the security configuration. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouchers confirmation. These credentials are provided either programmatically or through the security configuration.

wss10_saml20_token_client_policy

Includes SAML V2.0 tokens in outbound SOAP request messages. The SAML token is automatically created. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. Optionally, attesting entity and audience restriction can be specified.

wss10_saml20_token_with_message_protection_client_policy

Provides message-level protection and SAML V2.0 based authentication for outbound SOAP messages in accordance with the WS-Security 1.0 and SAML Token profile 1.1 standards. It uses WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client is configured either on a per-request basis or through the security configuration. A SAML V2.0 token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. These credentials are provided either programmatically or through the security configuration.

wss10_x509_token_with_message_protection_client_policy

Provides message-level protection and certificate credential population for outbound SOAP requests in accordance with the WS-Security 1.0 standard. It uses WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. Authentication credentials are included in the SOAP message through the WS-Security binary security token. These credentials are provided either programmatically or through the security configuration

wss10_saml_token_with_message_protection_ski_basic256_client_policy

Provides message-level protection and SAML-based authentication for outbound SOAP messages in accordance with the WS-Security 1.0 standard. It uses WS-Security's Basic 256 suite of asymmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-256 bit encryption. This policy uses the Subject Key Identifier (ski) reference mechanism for an encryption key in the request and for both signature and encryption keys in the response. The keystore on the client is configured either on a per-request basis or through the security configuration. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. These credentials are provided either programmatically or through the security configuration.

wss10_username_id_propagation_with_msg_protection_client_policy

Enables message-level protection (that is, integrity and confidentiality) and identity propagation for outbound SOAP requests using mechanisms described in WS-Security 1.0. Message protection is provided using WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanisms for confidentiality, SHA-1 hashing algorithm for integrity and AES-128 bit encryption. The keystore on the client side is configured either on a per request basis or through the security configuration. Credentials (only user name) are included in outbound SOAP request messages via a WS-Security UsernameToken header. No password is included. The user name included can be provided either programmatically, via the current JAAS Subject or by a reference in the policy itself to the configured credential store. This policy can be applied to any SOAP-based client.

wss10_username_token_with_message_protection_client_policy

Provides message-level protection (message integrity and confidentiality) and authentication for outbound SOAP requests in accordance with the WS-Security v1.0 standard. It uses WS-Security's Basic 128 suite of asymmetric key technologies, specifically RSA key mechanism for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. Credentials are included in the WS-Security UsernameToken header in the outbound SOAP message. Only plain text mechanism is supported. Credentials can be provided either programmatically through the current Java Authentication and Authorization Service (JAAS) subject, or by a reference in the policy to the configured credential store. This policy can be attached to any SOAP-based client.

wss10_username_token_with_message_protection_ski_basic256_client_policy

Provides message-level protection and SAML-based authentication for outbound SOAP messages in accordance with the WS-Security 1.0 standard. It uses WS-Security's Basic 256 suite of asymmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-256 bit encryption. This policy uses the Subject Key Identifier (ski) reference mechanism for encryption key in the request and for both signature and encryption keys in the response. The keystore on the client is configured either on a per-request basis or through the security configuration. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. These credentials are provided either programmatically or through the security configuration.

wss11_x509_username_token_with_message_protection_client_policy

Provides message-level protection and certificate-based authentication for outbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. Credentials are included in the WS-Security binary security token of the SOAP message. These credentials are provided either programmatically or through the security configuration.

wss11_saml_token_identity_switch_with_message_protection_client_policy

Provides message-level protection and SAML-based authentication for outbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client is configured either on a per-request basis or through the security configuration. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. These credentials are provided either programmatically or through the security configuration. This policy performs dynamic identity switching by propagating a different identity than the one based on an authenticated Subject. This policy can be attached to any SOAP-based client.

wss11_message_protection_client_policy

Provides message integrity and confidentiality for outbound SOAP requests in accordance with the WS-Security 1.1 standard. It uses WS-Security's Basic 128 suite of symmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. This policy doesn’t authenticate or authorize the requestor.

wss11_saml_token_with_message_protection_client_policy

Provides message-level protection and SAML-based authentication for outbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client is configured either on a per-request basis or through the security configuration. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. These credentials are provided either programmatically or through the security configuration. This policy can be attached to any SOAP-based client.

wss11_username_token_with_message_protection_client_policy

Provides message-level protection and authentication for outbound SOAP requests in accordance with the WS-Security 1.1 standard. Messages are protected using WS-Security's Basic 128 suite of symmetric key technologies, specifically RSA key mechanisms for message confidentiality, SHA-1 hashing algorithm for message integrity, and AES-128 bit encryption. The keystore on the client side is configured either on a per-request basis or through the security configuration. Credentials are included in the WS-Security UsernameToken header of outbound SOAP request messages. Only the plain text mechanism is supported. Credentials are provided either programmatically through the current Java Authentication and Authorization Service (JAAS) subject or by a reference in the policy to the configured credential store. This policy can be attached to any SOAP-based client.

Security Policies for ICS Connector APIs

The supported Oracle Web Services Manager (Oracle WSM) security policies for ICS Connector APIs are described in the following table:

Security Policy Description

http_basic_auth_over_ssl_client_policy

Includes credentials in the HTTP header for outbound client requests. This policy also verifies that the transport protocol is HTTPS. Requests over a non-HTTPS transport protocol are refused. This policy can be applied to any HTTP-based endpoint.

wss_http_token_over_ssl_client_policy

Includes credentials in the HTTP header for outbound client requests. The credentials are provided either programmatically or through the Java Authentication and Authorization Service (JAAS) subject. This policy also verifies that the transport protocol is HTTPS. Requests over a non-HTTPS transport protocol are refused. This policy can be applied to any HTTP-based endpoint.

wss_username_token_over_ssl_client_policy

Includes credentials in the HTTP header for outbound client requests. The credentials are provided either programmatically or through the Java Authentication and Authorization Service (JAAS) subject. It also verifies that the outbound transport protocol is HTTPS. If a non-HTTPS transport protocol is used, then the request is refused. This policy can be applied to any HTTP-based client.

Security Policies for Fusion Applications Connector APIs

The supported Oracle Web Services Manager (Oracle WSM) security policies for REST Connector APIs are described in the following table:

Security Policy Description

wss_http_token_client_policy

Includes credentials in the HTTP header for outbound client requests. The credentials can be provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. This policy can be applied to any HTTP-based client. Note: Currently only HTTP Basic Authentication is supported.

wss_saml_token_bearer_over_ssl_client_policy

Includes SAML tokens in outbound SOAP request messages. The SAML token with confirmation method Bearer is automatically created. The issuer name and subject name are provided either programmatically or through the current Java Authentication and Authorization Service (JAAS) subject. The policy also verifies that the transport protocol provides SSL message protection. This policy can be attached to any SOAP-based client

oauth2_config_client_policy

Provides information about the OAuth2 server, which preforms authorization and issues the access tokens.

You must set both this policy and oracle/http_oauth2_token_client_policy together.

http_oauth2_token_client_policy

Includes OAuth2 access token in the request. OAuth2 allows users to safely grant client applications limited access to protected resources..

You must set both this policy and oracle/oauth2_config_client_policy together.

http_oauth2_token_over_ssl_client_policy

Includes OAuth2 access token in the request. OAuth2 allows users to safely grant client applications limited access to protected resources.

You must set both this policy and oracle/oauth2_config_client_policy together. This version of the policy enforces that connections are made over https.

Security Policy Properties

Every security policy has a set of attributes that defines it. Some of these attributes can be overridden (see Setting Security Policies and Policy Overrides for REST Connector APIs and Setting Security Policies and Policy Overrides for SOAP Connector APIs ). The following table lists the attributes that you can modify and their descriptions:

Property Description

attesting.mapping.structure

The mapping attribute used to represent the attesting entity. Only the DN (distinguished name) is currently supported. This attribute is applicable only to sender vouches and then only to message protection use cases. It isn’t applicable to SAML over SSL policies.

audience.uri

Audience restriction. The following conditions are supported:

  • If not set, the service URL is used as the audience URI

  • If set to NONE (case insensitive), the audience URI is set to null

  • If set to a value other than NONE, the audience URI is set to this value

authz.code

The previously obtained OAuth2 authorization code.

csf.key

Credential Store key that maps to a user name and password in the Oracle Platform Security Services identity store.

csf.map

Oracle WSM map in the credential store that contains the CSF aliases.

federated.client.token

The federated identity that enables you to consolidate the multiple local identities that you’ve configured among multiple service providers. Allows you to log on at one service provider site without having to re-authenticate or re-establish your identity.

include.certificate

The signer's certificate.

issuer.name

Name of the JWT issuer. The default value is www.oracle.com

keystore.enc.csf.key

The alias and password used for storing the decryption key password in the keystore. If you set this value, then you can override it. If you do override this value, then the key for the new value must be in the keystore. That is, overriding the value doesn’t free you from the requirement of configuring the key in the keystore.

keystore.recipient.alias

Keystore alias associated with the peer certificate. The security runtime uses this alias to extract the peer certificate from the configured keystore and to encrypt messages to the peer. Valid value is orakey.

keystore.sig.csf.key

The alias and password used for storing the signature key password in the keystore. This property allows you to specify the signature key on a per-attachment level instead of at the domain level.

oauth2.client.csf.key

The Credential Store Framework key to the OAuth2 client username and password. The client credentials are the same on every request.

propagate.identity.context

Propagation of the identity context from the web service client to the web service, and then makes it available ("publishes it") to other components for authentication and authorization purposes. This is applicable to both SAML and OAuth, but not to HTTP Basic Authentication.

redirect.uri

The redirect URI specified when obtaining the authorization code (set this property if setting authz.code).

role

SOAP role

saml.assertion.filename

Name of the SAML token file.

saml.audience.uri

Representation of the relying party, as a comma-separated URI. This field accepts the following wildcards:

  • * in any location

  • /* at the end of the URI

  • .* at the end of the URI

saml.enveloped.signature.required

Flag that specifies whether the Bearer token is signed using the domain signature key. You can override the domain signature key using the private signature key configured using keystore.sig.csf.key. Set this flag to false (in both the client and service policy) to have the Bearer token be unsigned.

saml.issuer.name

Name identifier for the issuer of the SAML token.

scope

Ability for a user to grant the client application access to specific resources rather than a blanket authorization. .Passed to the OAuth2 server token request

subject.precedence

Identification of the authenticated principal. If set to false, then allows use of a client-specific user name rather than the authenticated subject. If set to true, then the user name to create the SAML assertion is obtained only from the Subject. Similarly, if set to false, the user name to create the SAML assertion is obtained only from the csf-key user name property.

token.uri

The OAuth2 server's token endpoint URI, which issues the access tokens.

user.attributes

User attributes related to the principal of the SAML token. Attributes are added as a comma-separated list. The attribute names that you specify must exactly match valid attributes in the configured identity store. The Oracle WSM runtime reads the values for these attributes from the configured identity store, and then includes the attributes and their values in the SAML assertion.

user.roles.include

(SOAP) Flag that specifies whether to include SOAP roles.

(REST) User roles to be included in the token. If set to true, then the authenticated user roles are included in the token as private claims. The default is false.

user.tenant.name

Reserved for use with Oracle Cloud.

The following table shows which security policies have these attributes:

Property Security Policies Containing the Property

attesting.mapping.structure

SOAP security policies:

wss10_saml20_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

audience.uri

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

authz.code

REST security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

csf.key

REST security policies:

http_basic_auth_over_ssl_client_policy

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

SOAP security policies:

http_basic_auth_over_ssl_client_policy

wss_http_token_client_policy

wss_http_token_over_ssl_client_policy

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss_username_token_client_policy

wss_username_token_over_ssl_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20__token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss10_username_token_with_message_protection_client_policy

wss10_username_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

wss11_username_token_with_message_protection_client_policy

Fusion Applications security policies:

wss_http_token_client_policy

wss_saml_token_bearer_over_ssl_client_policy

ICS security policies:

http_basic_auth_over_ssl_client_policy

ICS security policies:

http_basic_auth_over_ssl_client_policy

Fusion Applications security policies:

wss_http_token_client_policy

wss_saml_token_bearer_over_ssl_client_policy

csf.map

REST security policy:

http_jwt_token_identity_switch_client_policy

federated.client.token

REST security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

include.certificate

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

issuer.name

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

keystore.enc.csf.key

SOAP security policies:

wss10_message_protection_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_x509_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss10_username_id_propagation_with_msg_protection_client_policy

wss10_username_token_with_message_protection_client_policy

wss10_username_token_with_message_protection_ski_basic256_client_policy

wss11_x509_token_with_message_protection_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

wss11_username_token_with_message_protection_client_policy

keystore.recipient.alias

SOAP security policies:

wss10_message_protection_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_x509_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss10_username_id_propagation_with_msg_protection_client_policy

wss10_username_token_with_message_protection_client_policy

wss10_username_token_with_message_protection_ski_basic256_client_policy

wss11_x509_token_with_message_protection_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

wss11_username_token_with_message_protection_client_policy

keystore.sig.csf.key

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss10_message_protection_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_x509_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss10_username_id_propagation_with_msg_protection_client_policy

wss10_username_token_with_message_protection_client_policy

wss10_username_token_with_message_protection_ski_basic256_client_policy

wss11_x509_token_with_message_protection_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

wss_saml_bearer_token_over_ssl_client_policy

oauth2.client.csf.key

REST security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

propagate.identity.context

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

wss_saml_token_bearer_over_ssl_client_policy

redirect.uri

REST security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

role

REST security policy:

oauth2_config_client_policy

SOAP security policies:

wss_http_token_client_policy

wss_http_token_over_ssl_client_policy

wss_username_token_client_policy

wss_username_token_over_ssl_client_policy

wss10_message_protection_client_policy

wss10_x509_token_with_message_protection_client_policy

wss10_username_id_propagation_with_msg_protection_client_policy

wss10_username_token_with_message_protection_client_policy

wss10_username_token_with_message_protection_ski_basic256_client_policy

wss11_message_protection_client_policy

ICS security policies:

wss_username_token_over_ssl_client_policy

Fusion Applications security policies:

wss_http_token_client_policy

http_oauth2_config_client_policy

saml.assertion.filename

SOAP security policy:

wss10_saml_hok_token_with_message_protection_client_policy

saml.audience.uri

REST security policies:

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

wss_saml_token_bearer_over_ssl_client_policy

saml.enveloped.signature.required

REST security policies:

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

Fusion Applications security policies:

wss_saml_token_bearer_over_ssl_client_policy

saml.issuer.name

REST security policies:

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

wss_saml_token_bearer_over_ssl_client_policy

scope

REST security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

subject.precedence

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

wss_saml_token_bearer_over_ssl_client_policy

token.uri

REST security policy:

oauth2_config_client_policy

Fusion Applications security policies:

http_oauth2_config_client_policy

user.attributes

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

wss_saml_token_bearer_over_ssl_client_policy

user.roles.include

REST security policies:

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

SOAP security policies:

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

Fusion Applications security policies:

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

wss_saml_token_bearer_over_ssl_client_policy

user.tenant.name

REST security policies:

http_basic_auth_over_ssl_client_policy

http_jwt_token_client_policy

http_jwt_token_identity_switch_client_policy

http_jwt_token_over_ssl_client_policy

http_saml20_token_bearer_client_policy

http_saml20_token_bearer_over_ssl_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

SOAP security policies:

http_basic_auth_over_ssl_client_policy

wss_http_token_client_policy

wss_saml_token_bearer_client_policy

wss_saml_token_bearer_over_ssl_client_policy

wss_saml20_token_bearer_over_ssl_client_policy

wss_saml20_token_over_ssl_client_policy

wss_username_token_client_policy

wss_username_token_over_ssl_client_policy

wss10_saml_hok_token_with_message_protection_client_policy

wss10_saml_token_client_policy

wss10_saml_token_with_message_integrity_client_policy

wss10_saml_token_with_message_protection_client_policy

wss10_saml20_token_client_policy

wss10_saml20_token_with_message_protection_client_policy

wss10_saml_token_with_message_protection_ski_basic256_client_policy

wss11_saml_token_identity_switch_with_message_protection_client_policy

wss11_saml_token_with_message_protection_client_policy

wss11_saml20_token_with_message_protection_client_policy

wss11_username_token_with_message_protection_client_policy

ICS security policies:

http_basic_auth_token_over_ssl_client_policy

http_username_token_over_ssl_client_policy

Fusion Applications security policies:

wss_http_token_client_policy

http_oauth2_token_client_policy

http_oauth2_token_over_ssl_client_policy

wss_saml_token_bearer_over_ssl_client_policy