Before you begin
You must first create the Web service security configuration that is associated with a Web service before you can configure specific features.
See Create a Web service security configuration for details about creating a security configuration.
By default, the WebLogic Web services runtime always validates the
X.509 certificate specified in any associated security policy file. To
disable this validation when using SAML holder_of_key
assertions, you must configure the Web service security configuration
associated with the Web service by setting a property on the SAML token
handler, as described in the following procedure.
Web services programmers associate a Web service security
configuration using the @WssConfiguration
JWS
annotation; the value
attribute specifies the
associated configuration name. If the programmer does not specify
the value
attribute, the Web service is associated
with the default security configuration:
default_wss
.
default_saml_handler
.weblogic.wsee.security.saml.SAMLTokenHandler
.saml
.0
.EnableHolderOfKeyValidation
.false
.Leave the Is Encrypted check box unchecked.
After you finish
You must redeploy any Web service which is associated with this security configuration for the security changes to take effect.