This chapter contains the following sections:
The use case summary helps you quickly determine whether information in this chapter meets your needs.
The following list summarizes the use case goals, solution, and components. Links to required documentation are also provided.
Configure web services federation with Microsoft ADFS 2.0 STS as the IP-STS and Oracle STS as the RP-STS.
Attach Oracle Web Services Manager (OWSM) WS-Trust policies to the web service and client, and configure Oracle STS and Microsoft ADFS 2.0 STS to establish trust across security domains.
Oracle WebLogic Server
Oracle Web Services Manager (OWSM)
Oracle STS
Microsoft ADFS 2.0 STS
Web service and client applications to be secured
This use case demonstrates the steps required to:
Attach the appropriate OWSM security policies to enforce message-level protection using SAML bearer authentication.
Specifically, you attach the following policies to the client and service, respectively:
oracle/wss_sts_issued_saml_bearer_token_over_ssl_client_policy
and policies based on oracle/sts_trust_config_client_template
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_policy
Configure web services federation using Microsoft ADFS 2.0 STS as the IP-STS and Oracle STS is used as the RP-STS.
Transport security with SSL is used to protect the service, the RP-STS, and IP-STS.
To implement the use case, complete the following tasks:
Note:
In the following sections, high-level configuration steps for Oracle STS and Microsoft ADFS 2.0 STS are provided. For detailed information about how to perform these configuration steps, refer to the documentation for the particular STS:
For Oracle STS: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oraclests-166231.html
For Microsoft ADFS 2.0 STS: http://technet.microsoft.com/en-us/library/adfs2(v=ws.10).aspx
To configure the web service:
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_policy
policy to the web service. For the complete procedure, see "Attaching Policies" in Securing Web Services and Managing Policies with Oracle Web Services Manager./wssbearer
endpoint into the OWSM keystore.To configure Oracle STS as the RP-STS, perform the following steps.
For the complete procedure, see the Oracle STS documentation at http://www.oracle.com/technetwork/middleware/id-mgmt/overview/oraclests-166231.html
.
To configure Microsoft ADFS 2.0 STS as the IP-STS, perform the following steps.
For the complete procedure, see the Microsoft ADFS 2.0 STS documentation at http://technet.microsoft.com/en-us/library/adfs2(v=ws.10).aspx
.)
/usernamemixed
endpoint is enabled.See the following resources for more information about the technologies and tools used to implement the solutions in this chapter: