This guide describes interoperability of Oracle Web Services Manager (OWSM) with various security stacks.
Each chapter includes the following information:
Overview of each security stack
An explanation of the usage scenarios
For details regarding limitations and known problems, see "Web Services" in Release Notes for Oracle Fusion Middleware Infrastructure.
For definitions of unfamiliar terms found in this and other books, see the Glossary.
You attach OWSM policies to web service endpoints. Each policy consists of one or more assertions, defined at the domain-level, that define the security requirements. A set of predefined policies and assertions are provided out-of-the-box.
For more details about the predefined policies, see "Predefined Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
For information about configuring and attaching policies, see "Securing Web Services" and "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager.
Table 1-1 describes the most common OWSM interoperability scenarios.
Table 1-1 Common OWSM Interoperability Scenarios
Security Stack | OWSM Policies | Interoperability Scenario |
---|---|---|
OWSM 10g |
|
"Anonymous Authentication with Message Protection (WS-Security 1.0)" |
OWSM 10g |
|
|
OWSM 10g |
|
"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)" |
OWSM 10g |
|
"Mutual Authentication with Message Protection (WS-Security 1.0)" |
OWSM 10g |
|
|
OWSM 10g |
|
|
OC4J 10g |
|
"Anonymous Authentication with Message Protection (WS-Security 1.0)" |
OC4J 10g |
|
|
OC4J 10g |
|
"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)" |
OC4J 10g |
|
"Mutual Authentication with Message Protection (WS-Security 1.0)" |
OC4J 10g |
OR
|
|
OC4J 10g |
o OR
|
|
Oracle WebLogic Server 12c |
|
|
Oracle WebLogic Server 12c |
|
"Username Token With Message Protection (WS-Security 1.1) and MTOM" |
Oracle WebLogic Server 12c |
|
|
Oracle WebLogic Server 12c |
|
|
Oracle WebLogic Server 12c |
|
|
Oracle WebLogic Server 12c |
|
|
Oracle WebLogic Server 12c |
|
|
Oracle WebLogic Server 12c |
|
"SAML Token 2.0 (Sender Vouches) With Message Protection (WS-Security 1.1)" |
Oracle WebLogic Server 12c |
|
"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)" |
Oracle WebLogic Server 12c |
|
"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1) and MTOM " |
Oracle WebLogic Server 12c |
|
"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.0)" |
Oracle WebLogic Server 12c |
|
"Mutual Authentication with Message Protection (WS-Security 1.0)" |
Oracle WebLogic Server 12c |
|
"Mutual Authentication with Message Protection (WS-Security 1.1)" |
Microsoft WCF/.NET 3.5 |
|
|
Microsoft WCF/.NET 3.5 |
OR
|
|
Microsoft WCF/.NET 3.5 |
OR
|
|
Microsoft WCF/.NET 3.5 |
|
"Mutual Authentication with Message Protection (WS-Security 1.1)" |
Microsoft WCF/.NET 3.5 |
|
|
Microsoft WCF/.NET 3.5 |
|
|
Microsoft WCF/.NET 3.5 |
Policy created with |
|
Microsoft WCF/.NET 3.5 |
Policy created with |
"Kerberos with SPNEGO Negotiation and Credential Delegation" |
Oracle Service Bus 10g |
|
"Implementing a Username Token with WS-Security 1.0 Message Protection" |
Oracle Service Bus 10g |
|
"Implementing a SAML Sender Vouches Token with WS-Security 1.0 Message Protection" |
Oracle Service Bus 10g |
|
|
Oracle Service Bus 10g |
|
"Implementing Mutual Authentication with WS-Security 1.0 Message Protection" |
Axis 1.4 and WSS4J 1.5.8 |
|
|
Axis 1.4 and WSS4J 1.5.8 |
|
|
Axis 1.4 and WSS4J 1.5.8 |
|
|
Axis 1.4 and WSS4J 1.5.8 |
|
|
GlassFish Enterprise Server |
|
"SAML Token (Sender Vouches) with Message Protection (WS-Security 1.1)" |