This chapter describes interoperability of Oracle Web Services Manager (OWSM) with OWSM 10g security environments.
This chapter includes the following sections:
Overview of Interoperability with OWSM 10g Security Environments
Anonymous Authentication with Message Protection (WS-Security 1.0)
SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)
Mutual Authentication with Message Protection (WS-Security 1.0)
With OWSM 10g, you specify policy steps at each policy enforcement point. The policy enforcement points in OWSM 10g include Gateways and Agents. Each policy step is a fine-grained operational task that addresses a specific security operation, such as authentication and authorization; encryption and decryption; security signature, token, or credential verification; and transformation. Each operational task is performed on either the web service request or response. For more details about the OWSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
.
With OWSM 12c, you attach policies to web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box.
Table 2-1 and Table 2-2 summarize the most common OWSM 10g interoperability scenarios based on the following security requirements: authentication, message protection, and transport.
For more information about:
OWSM predefined policies, see "Predefined Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Configuring and attaching OWSM 12c policies, see "Securing Web Services" and "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
OWSM 10g policy steps, see "Oracle Web Services Manager Policy Steps" in Oracle Web Services Manager Administrator's Guide 10g (10.1.3.4) at http://download.oracle.com/docs/cd/E12524_01/web.1013/e12575/policy_steps.htm#BABIAHEG
Note:
In the following scenarios, ensure that you are using a keystore with v3 certificates. By default, the JDK 1.5 keytool generates keystores with v1 certificates.Review "A Note About OWSM 10g Gateways" and "A Note About Third-party Software" for important information about your usage of OWSM 10g Gateways and third-party software.
Table 2-1 OWSM 10g Service Policy and OWSM 12c Client Policy Interoperability
Identity Token | WS-Security Version | Message Protection | Transport Security | Service Policy | Client Policy |
---|---|---|---|---|---|
Anonymous |
1.0 |
Yes |
No |
Request pipeline: Decrypt and Verify Signature Response pipeline: Sign Message and Encrypt |
|
Username |
1.0 |
Yes |
No |
Request pipeline:
Response pipeline: Sign Message and Encrypt |
|
SAML |
1.0 |
Yes |
No |
Request pipeline:
Response pipeline: Sign Message and Encrypt |
|
Mutual Authentication |
1.0 |
Yes |
No |
Request pipeline: Decrypt and Verify Response pipeline: Sign Message and Encrypt |
|
Username over SSL |
1.0 and 1.1 |
No |
Yes |
Request pipeline:
|
|
SAML over SSL |
1.0 and 1.1 |
No |
Yes |
Request pipeline:
|
|
Table 2-2 OWSM 12c Service Policy and OWSM 10g Client Policy Interoperability
Identity Token | WS-Security Version | Message Protection | Transport Security | Service Policy | Client Policy |
---|---|---|---|---|---|
Anonymous |
1.0 |
Yes |
No |
|
Request pipeline: Sign Message and Encrypt Response pipeline: Decrypt and Verify Signature |
Username |
1.0 |
Yes |
No |
|
Request pipeline: Sign Message and Encrypt Response pipeline: Decrypt and Verify Signature |
SAML |
1.0 |
Yes |
No |
|
Request pipeline:
Response pipeline: Decrypt and Verify Signature |
Mutual Authentication |
1.0 |
Yes |
No |
|
Request pipeline: Sign Message and Encrypt Response pipeline: Decrypt and Verify Signature |
Username over SSL |
1.0 and 1.1 |
No |
Yes |
|
N/A |
SAML over SSL |
1.0 and 1.1 |
No |
Yes |
|
Request pipeline:
|
The following sections provide additional interoperability information about using OWSM 10g Gateways and third-party software with OWSM 12c.
Oracle Fusion Middleware 12c does not include a Gateway component. You can continue to use the OWSM 10g Gateway components with OWSM 10g policies in your applications.
OWSM 10g supports policy enforcement for third-party application servers, such as IBM WebSphere and Red Hat JBoss. Oracle Fusion Middleware 12c only supports Oracle WebLogic Server. You can continue to use the third-party application servers with OWSM 10g policies.
This section describes how to implement anonymous authentication with message protection that conforms to the WS-Security 1.0 standard, in the following interoperability scenarios:
"Configuring an OWSM 12c Web Service and an OWSM 10g Client"
"Configuring an OWSM 10g Web Service and an OWSM 12c Client"
The following instructions tell how to configure an OWSM 12c web service and an OWSM 10g client to implement anonymous authentication with message protection that conforms to the WS-Security 1.0 standard:
Table 2-3 Configuring the OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Clone the following policy: |
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Edit the policy settings, as follows:
|
-- |
3 |
Attach the policy to a web service. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 2-4 Configuring the OWSM 10g Client
Task | Description | More Information |
---|---|---|
1 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy step to the request pipeline: Sign Message and Encrypt. |
-- |
3 |
Configure the Sign Message and Encrypt policy step in the request pipeline, as follows:
|
-- |
4 |
Attach the following policy step to the response pipeline: Decrypt and Verify Signature. |
-- |
5 |
Configure the Decrypt and Verify Signature policy step in the response pipeline, by configuring the keystore properties for decryption and signature verification. The configuration should be in accordance with the keystore used on the server side. |
-- |
6 |
Navigate to the OWSM Test page and enter the virtualized URL of the web service. |
-- |
7 |
Invoke the web service. |
-- |
The following instructions tell how to configure an OWSM 10g web service and an OWSM 12c client to implement anonymous authentication with message protection that conforms to the WS-Security 1.0 standard:
Table 2-5 Configuring the OWSM 10g Web Service
Task | Description | More Information |
---|---|---|
1 |
Register the web service with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy step in the request pipeline: Decrypt and Verify Signature |
-- |
3 |
Configure the Decrypt and Verify Signature policy step in the request pipeline, as follows. Configure the keystore properties for decryption and signature verification. The configuration should be in accordance with the keystore used on the server side. |
-- |
4 |
Attach the following policy step in the response pipeline: Sign Message and Encrypt |
-- |
5 |
Configure the Sign Message and Encrypt policy response pipeline as follows:
|
-- |
Table 2-6 Configuring the OWSM 12c Client
Task | Description | More Information |
---|---|---|
1 |
Create a client proxy using the virtualized URL of the web service registered on the OWSM Gateway. |
-- |
2 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
3 |
Attach the policy to the web service client. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
4 |
Configure the policy |
"oracle/wss10_message_protection_client_policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
5 |
Invoke the web service. |
-- |
This section tells how to implement username token with message protection that conforms to the WS-Security 1.0 standard:
"Configuring an OWSM 12c Web Service and an OWSM 10g Client"
"Configuring an OWSM 10g Web Service and an OWSM 12c Client"
The following instructions tell how to configure an OWSM 12c web service and an OWSM 10g client to implement username token with message protection that conforms to the WS-Security 1.0 standard:
Table 2-7 Configuring the OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Attach the policy to a web service. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 2-8 Configuring the OWSM 10g Client
Task | Description | More Information |
---|---|---|
1 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy step to the request pipeline: Sign Message and Encrypt |
-- |
3 |
Configure the Sign Message and Encrypt policy step in the request pipeline, as follows:
|
-- |
4 |
Attach the following policy step to the response pipeline: Decrypt and Verify Signature. |
-- |
5 |
Configure the Decrypt and Verify Signature policy step in the response pipeline, as follows: Configure the keystore properties for decryption and signature verification. The configuration should be in accordance with the keystore used on the server side. |
-- |
6 |
Navigate to the OWSM Test page and enter the virtualized URL of the web service. |
-- |
7 |
Select the Include Header checkbox against WS-Security and provide valid credentials. |
-- |
8 |
Invoke the web service. |
-- |
The following instructions tell how to configure an OWSM 10g web service and an OWSM 12c client to implement username token with message protection that conforms to the WS-Security 1.0 standard:
Table 2-9 Configuring the OWSM 10g Web Service
Task | Description | More Information |
---|---|---|
1 |
Register the web service with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy steps in the request pipeline:
Note: You can substitute File Authenticate with LDAP Authenticate, Oracle Access Manager Authenticate, Active Directory Authenticate, or SiteMinder Authenticate. |
-- |
3 |
Configure the Decrypt and Verify Signature policy step in the request pipeline, as follows:
|
-- |
4 |
Configure the Extract Credentials policy step in the request pipeline, as follows:
|
-- |
5 |
Configure the File Authenticate policy step in the request pipeline to use valid credentials. |
-- |
6 |
Attach the following policy step in the response pipeline: Sign Message and Encrypt. |
-- |
7 |
Configure the Sign Message and Encrypt policy response pipeline, as follows:
|
-- |
Table 2-10 Configuring the OWSM 12c Client
Task | Description | More Information |
---|---|---|
1 |
Create a client proxy using the virtualized URL of the web service registered on the OWSM Gateway. |
-- |
2 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
3 |
Attach the policy to the web service client. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
4 |
Configure the policy. |
"oracle/wss10_username_token_with_message_protection_client_policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
5 |
Invoke the web service. |
-- |
This section tells how to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.0 standard, in the following interoperability scenarios:
"Configuring an OWSM 12c Web Service and an OWSM 10g Client"
"Configuring an OWSM 10g Web Service and an OWSM 12c Client"
The following instructions tell how to configure an OWSM 12c web service and an OWSM 10g client to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.0 standard:
Table 2-11 Configuring the OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Clone the following policy: Note: Oracle recommends that you do not change the predefined policies so that you will always have a known set of valid policies to work with. Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Attach the policy to the web service. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 2-12 Configuring the OWSM 10g Client
Task | Description | More Information |
---|---|---|
1 |
Register the web service (discussed in Table 2-11) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy steps in the request pipeline:
|
-- |
3 |
Configure the Extract Credentials policy step in the request pipeline, as follows:
|
-- |
4 |
Configure the SAML—Insert WSS 1.0 Sender-Vouches Token policy step in the request pipeline, as follows:
|
-- |
5 |
Configure the Sign Message and Encrypt policy step in the request pipeline, as follows:
|
-- |
6 |
Attach the following policy step in the response pipeline: Decrypt and Verify Signature. |
-- |
7 |
Configure the Decrypt and Verify Signature policy step in the response pipeline, as follows:
|
-- |
8 |
Navigate to the OWSM Test page and enter the virtualized URL of the web service. |
-- |
9 |
Select Include Header checkbox against WS-Security and provide valid credentials. |
-- |
10 |
Invoke the web service. |
-- |
The following instructions tell how to configure an OWSM 10g web service and an OWSM 12c client to implement SAML token (sender vouches) with message protection that conforms to the WS-Security 1.0 standard:
Table 2-13 Configuring the OWSM 10g Web Service
Task | Description | More Information |
---|---|---|
1 |
Register the web service with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy steps in the request pipeline:
|
-- |
3 |
Configure the XML Decrypt policy step in the request pipeline, as follows:
|
-- |
4 |
Configure the SAML—Verify WSS 1.0 Token policy step in the request pipeline, as follows:
|
-- |
5 |
Attach the following policy step in the response pipeline: Sign Message and Encrypt. |
-- |
6 |
Configure the Sign Message and Encrypt policy step in the response pipeline, follows:
|
-- |
Table 2-14 Configuring the OWSM 12c Client
Task | Description | More Information |
---|---|---|
1 |
Create a client proxy using the virtualized URL of the web service registered on the OWSM Gateway. |
-- |
2 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
3 |
Attach the policy to the web service client. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
4 |
Configure the policy. |
"oracle/wss10_saml_token_with_message_protection_client_policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager. |
5 |
Invoke the web service. |
This section tells how to implement mutual authentication with message protection that conform to the WS-Security 1.0 standard, in the following interoperability scenarios:
"Configuring an OWSM 12c Web Service and an OWSM 10g Client"
"Configuring an OWSM 10g Web Service and an OWSM 12c Client"
The following instructions tell how to configure an OWSM 12c web service and an OWSM 10g client to implement mutual authentication with message protection that conform to the WS-Security 1.0 standard:
Table 2-15 Configuring the OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Attach the policy to the web service. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 2-16 Configuring the OWSM 10g Client
Task | Description | More Information |
---|---|---|
1 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy step in the request pipeline: Sign Message and Encrypt. |
-- |
3 |
Configure the Sign Message and Encrypt policy step in the request pipeline, as follows:
|
-- |
4 |
Attach the following policy step in the response pipeline: Decrypt and Verify Signature. |
-- |
5 |
Configure the Decrypt and Verify Signature policy step in the response pipeline, as follows:
|
-- |
6 |
Update the following property in the
|
-- |
7 |
Restart OWSM 10g Gateway. |
-- |
Navigate to the OWSM Test page and enter the virtualized URL of the web service. |
-- |
|
Invoke the web service. |
-- |
The following instructions tell how to configure an OWSM 10g web service and an OWSM 12c client to implement mutual authentication with message protection that conform to the WS-Security 1.0 standard:
Table 2-17 Configuring the OWSM 10g Web Service
Task | Description | More Information |
---|---|---|
1 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
2 |
Attach the following policy steps in the request pipeline: Decrypt and Verify. |
-- |
3 |
Configure the Decrypt and Verify Signature policy step in the request pipeline, as follows:
|
-- |
4 |
Attach the following policy steps in the response pipeline: Sign Message and Encrypt. |
-- |
5 |
Configure the Sign Message and Encrypt policy step in the response pipeline, as follows:
|
-- |
Table 2-18 Configuring the OWSM 12c Client
Task | Description | More Information |
---|---|---|
1 |
Create a client proxy using the virtualized URL of the web service registered on the OWSM Gateway. |
-- |
2 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
3 |
Attach the policy to the web service client. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
4 |
Configure the policy. |
"oracle/wss10_x509_token_with_message_protection_client_policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
5 |
Invoke the web service. |
-- |
This section tells how to implement username token over SSL, in the following interoperability scenarios:
"Configuring an OWSM 12c Web Service and an OWSM 10g Client"
"Configuring an OWSM 10g Web Service and an OWSM 12c Client"
For more information about:
Configuring SSL on WebLogic Server, see "Configuring Transport-Level Security (SSL)" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Configuring SSL on OC4J, see http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
.
The following instructions tell how to configure an OWSM 12c web service and an OWSM 10g client to implement username token over SSL:
Table 2-19 Configuring the OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Configure the server for SSL. |
"Configuring Transport-Level Security (SSL)" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Attach the following policy: |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 2-20 Configuring the OWSM 10g Client
Task | Description | More Information |
---|---|---|
1 |
Configure the server for SSL |
" Configuring OC4J and SSL" in Oracle Application Server Containers for J2EE Security Guide at |
2 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
3 |
Navigate to the OWSM Test page and enter the virtualized URL of the web service. |
-- |
4 |
Select the Include Header checkbox against WS-Security and provide valid credentials. |
-- |
5 |
Invoke the web service. |
-- |
The following instructions tell how to configure an OWSM 10g web service and an OWSM 12c client to implement username token over SSL:
Table 2-21 Configuring the OWSM 10g Web Service
Task | Description | More Information |
---|---|---|
1 |
Configure the server for SSL |
" Configuring OC4J and SSL" in Oracle Application Server Containers for J2EE Security Guide at |
1 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
3 |
Attach the following policy steps to the request pipeline:
Note: You can substitute File Authenticate with LDAP Authenticate, Oracle Access Manager Authenticate, Active Directory Authenticate, or SiteMinder Authenticate. |
-- |
4 |
Configure the Extract Credentials policy step in the request pipeline, as follows:
|
-- |
5 |
Configure the File Authentication policy step in the request pipeline with the appropriate credentials. |
-- |
Table 2-22 Configuring the OWSM 12c Client
Task | Description | More Information |
---|---|---|
1 |
Create a client proxy using the virtualized URL of the web service registered on the OWSM Gateway. Ensure that when generating the client, HTTP is specified in the URL along with the HTTP port number. |
-- |
2 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
3 |
Attach the policy to the web service client. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
4 |
Configure the policy. |
"oracle/wss_username_token_over_ssl_client_policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
5 |
Invoke the web service. |
-- |
This section tells how to implement SAML token (sender vouches) over SSL that conforms to the WS-Security 1.0 standard, in the following interoperability scenarios:
For more information about:
Configuring SSL on WebLogic Server, see "Configuring Transport-Level Security (SSL)" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Configuring SSL on OC4J, see http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
.
The following instructions tell how to configure an OWSM 12c web service and an OWSM 10g client to implement SAML token (sender vouches) over SSL that conforms to the WS-Security 1.0 standard:
Table 2-23 Configuring the OWSM 12c Web Service
Task | Description | More Information |
---|---|---|
1 |
Configure the server for two-way SSL. |
"Configuring Transport-Level Security (SSL)" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Clone the following policy: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
3 |
Attach the policy. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
Table 2-24 Configuring the OWSM 10g Client
Task | Description | More Information |
---|---|---|
1 |
Configure the server for two-way SSL. |
" Configuring OC4J and SSL" in Oracle Application Server Containers for J2EE Security Guide at |
2 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
3 |
Attach the following policy steps to the request pipeline:
|
-- |
4 |
Configure the Extra Credentials policy step in the request pipeline, as follows:
|
-- |
5 |
Configure the SAML—Insert WSS 1.0 Sender-Vouches Token policy step in the request pipeline, as follows:
|
-- |
6 |
Navigate to the OWSM Test page and enter the virtualized URL of the web service. |
-- |
7 |
Select Include Header checkbox against WS-Security and provide valid credentials. |
-- |
8 |
Invoke the web service. |
-- |
The following instructions tell how to configure an OWSM 10g web service and an OWSM 12c client to implement SAML token (sender vouches) over SSL that conforms to the WS-Security 1.0 standard:
Table 2-25 Configuring the OWSM 10g Web Service
Task | Description | More Information |
---|---|---|
1 |
Configure the server for two-way SSL. |
" Configuring OC4J and SSL" in Oracle Application Server Containers for J2EE Security Guide at |
2 |
Register the web service (above) with the OWSM 10g Gateway. |
"Registering Web Services to an OWSM Gateway" in the OWSM Administrator's Guide 10g at: |
3 |
Attach the policy step: SAML—Verify WSS 1.0 Token |
-- |
4 |
Configure the SAML—Verify WSS 1.0 Token policy step in the request pipeline, as follows:
|
-- |
Table 2-26 Configuring the OWSM 12c Client
Task | Description | More Information |
---|---|---|
1 |
Configure the server for two-way SSL. |
"Configuring SSL on WebLogic Server (Two-Way)" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
2 |
Create a client proxy using the virtualized URL of the web service registered on the OWSM gateway. |
-- |
3 |
s: Edit the policy settings, as follows:
|
"Cloning a Web Service Policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
3 |
Attach the policy to the web service client. |
"Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
4 |
Configure the policy. |
"oracle/wss_username_token_over_ssl_client_policy" in Securing Web Services and Managing Policies with Oracle Web Services Manager |
5 |
Invoke the web service. |
-- |