Go to main content
1/35
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
How to Use This Guide
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide
New and Changed Features for Release 12c (12.2.1.2)
New and Changed Features for Release 12c (12.2.1.1)
New and Changed Features for Release 12c (12.2.1)
New and Changed Features for Release 12c (12.1.3)
Other Significant Changes in This Document for Release 12c (12.1.3)
New and Changed Features for Release 12c (12.1.2)
Other Significant Changes in this Book for Release 12c (12.1.2)
Part I Introduction to Oracle Web Services
1
Overview of Oracle Web Services Security and Policy Management
1.1
Web Services Security and Policy Management
1.2
Categories of Oracle Web Services Secured Using OWSM
2
Using Oracle Web Services Manager with Oracle WebLogic Server
2.1
Installing Oracle Web Services Manager with WebLogic Server
2.2
OWSM Configuration with a Domain-Wide Administration Port
2.2.1
Targeting the Policy Manager to the Administration Server Using the WebLogic Administration Console
2.2.2
Specifying the policy accessor URL for the Policy Manager on the Administration Server Using Fusion Middleware Control
2.3
Cross-Component Wiring for Auto-Discovery of Policy Manager
2.4
About Verifying Service Table Entries and Agent Bindings
2.4.1
Verifying Service Table Entries and Components Using Fusion Middleware Control
2.4.2
Verifying Agent Bindings Using Fusion Middleware Control
2.5
About Modifying the Default User
2.5.1
Configuring an Authentication Provider
2.5.2
Configuring the Credential Store Provider
2.5.3
Configuring the Policy Manager CSF Key for the Domain
2.5.4
Modifying the User's Group or Role
2.5.5
Determining that the User Has the Required Role
2.5.6
Examples of Using OPSS Scripts to Manage Application Roles
3
Determining Which Predefined Policies to Use for a Web Service
3.1
Security Policy Questionnaire for a Web Service
3.1.1
Choosing the Right Authentication Policy for a Web Service
3.1.2
Choosing the Right Confidentiality and Integrity Policy for a Web Service
3.2
Summary of Predefined Security Policies for a Web Service
3.2.1
Authentication Only Policies
3.2.2
Message Protection Only Policies
3.2.3
Message Protection and Authentication Policies
3.2.4
Authorization Policies
3.2.5
WS-Trust Policies
3.2.6
MTOM Attachment Policies
3.2.7
Reliable Messaging Policies
3.2.8
No Behavior Policies
3.3
OWSM Policies Supported for Java EE Web Services and Clients
3.4
OWSM Policies Supported for RESTful Web Services and Clients
3.5
OWSM Policies Supported for Web Services and Clients That Use SOAP Over JMS Transport
3.6
OWSM Policies Supported for SOA Composite Services and Clients
3.7
OWSM Policies that Require You to Configure SSL
3.7.1
List of Policies That Require You to Configure SSL
3.7.2
List of Templates to Create Policies that Require SSL
3.7.3
List of Policies That Require You to Configure Two-Way SSL
3.7.4
List of Templates to Create Policies that Require Two-way SSL
3.8
OWSM Policies Supported for Identity Context
3.9
OWSM Policies Supported for WS-SecureConversation
3.10
OWSM Policies Supported for JCA Adapters
3.11
OWSM Policies Supported for OES Integration
3.12
OWSM Policies Are Supported for PII
3.13
OWSM Policies Supported for Oracle Service Bus
Part II Attaching and Managing Policies
4
Attaching Policies to Manage and Secure Web Services
4.1
Overview of Policy Attachment
4.2
Understanding Attaching Policies to Web Services and Clients at Design Time
4.2.1
About Attaching Policies to Java EE Web Services and Clients at Design Time
4.2.1.1
Attaching Policies to Java EE Web Services and Clients Using Annotations
4.2.1.2
Attaching Policies to Java EE Web Service Clients Using Feature Classes
4.2.1.3
Attaching Policies to Java EE Web Services and Clients Using JDeveloper
4.2.2
About Attaching Policies to RESTful Web Services and Clients at Design Time
4.2.2.1
Attaching Policies to RESTful Web Services Using Annotations
4.2.2.2
Attaching Policies to RESTful Web Service Clients Using Feature Classes
4.2.2.3
Attaching Policies to RESTful Web Services and Clients Using JDeveloper
4.2.3
About Attaching Policies to Oracle Infrastructure Web Services and Clients at Design Time
4.2.3.1
Attaching Policies to Oracle Infrastructure Web Services Using Annotations
4.2.3.2
Attaching Policies to Oracle Infrastructure Web Service Clients Using Feature Classes
4.2.3.3
Attaching Policies to Oracle Infrastructure Web Services Using Oracle JDeveloper
4.3
About Attaching Policies to Web Services and Clients Using Fusion Middleware Control
4.3.1
Attaching Policies Directly Using Fusion Middleware Control
4.3.1.1
Attaching Policies Directly to a Single Subject Using Fusion Middleware Control
4.3.1.2
Attaching Policies Directly to Web Service Clients Using Fusion Middleware Control
4.3.1.2.1
Attaching Policies to SOA References Using Fusion Middleware Control
4.3.1.2.2
Attaching Policies to Connection-Based Web Service Clients Using Fusion Middleware Control
4.3.1.2.3
Attaching Policies to Asynchronous Web Service Callback Clients Using Fusion Middleware Control
4.3.1.2.4
Attaching Policies to Java EE Web Service Clients Using Fusion Middleware Control
4.3.1.3
Enabling or Disabling Directly Attached Policies Using Fusion Middleware Control
4.3.1.4
Detaching Directly Attached Policies Using Fusion Middleware Control
4.3.2
About Attaching Policies Globally Using Fusion Middleware Control
4.3.2.1
Navigating to the WSM Policy Set Summary Page Using Fusion Middleware Control
4.3.2.2
Viewing the Configuration of a Policy Set Using Fusion Middleware Control
4.3.2.3
Creating a Policy Set Using Fusion Middleware Control
4.3.2.4
Cloning a Policy Set Using Fusion Middleware Control
4.3.2.5
Editing a Policy Set Using Fusion Middleware Control
4.3.2.6
Specifying Run-time Constraints in a Policy Set Using Fusion Middleware Control
4.3.2.7
Enabling and Disabling a Policy Set Using Fusion Middleware Control
4.3.2.8
Deleting Policy Sets Using Fusion Middleware Control
4.3.3
Viewing Policies Attached to a Web Service Using Fusion Middleware Control
4.3.4
Validating Policy Attachments
4.3.5
About Validating a Policy Set
4.4
About Attaching Policies to Web Services and Clients Using WLST
4.4.1
Viewing Available Policies Using WLST
4.4.2
About Attaching Policies Directly to Java EE Web Services and Clients Using WLST
4.4.2.1
Viewing the Policies That Are Attached to a Java EE Web Service
4.4.2.2
Viewing the Policies That Are Attached to a Java EE Web Service Client
4.4.2.3
Attaching Policies Directly to a Java EE Web Service Using WLST
4.4.2.4
Attaching Policies Directly to Java EE Web Service Clients Using WLST
4.4.2.5
Detaching Directly Attached Policies from Java EE Web Service and Clients Using WLST
4.4.2.5.1
Detaching Directly Attached Policies from a Java EE Web Service Using WLST
4.4.2.5.2
Detaching Directly Attached Policies from Java EE Web Service Clients Using WLST
4.4.2.6
Enabling and Disabling Web Service Client Policies Using WLST
4.4.3
About Attaching Policies Directly to RESTful and Oracle Infrastructure Web Services and Clients Using WLST
4.4.3.1
Identifying and Selecting the Policy Subject Using WLST
4.4.3.2
Attaching Policies Directly Using WLST
4.4.3.3
Enabling and Disabling Directly Attached Policies Using WLST
4.4.3.4
About Detaching Directly Attached Policies Using WLST
4.4.3.4.1
Detaching Policies from a Service Endpoint
4.4.3.4.2
Detaching Policies from a Client Endpoint
4.4.4
About Attaching Policies Globally Using WLST
4.4.4.1
Viewing a List of Policy Sets
4.4.4.2
Displaying the Configuration of a Policy Set
4.4.4.3
Managing Sessions Using WLST
4.4.4.4
Creating a New Policy Set Using WLST
4.4.4.5
Cloning a Policy Set using WLST
4.4.4.6
Editing a Policy Set
4.4.4.7
Validating a Policy Set
4.4.4.8
Enabling and Disabling a Policy Set
4.4.4.9
Deleting Policy Sets Using WLST
4.4.4.10
Specifying Runtime Constraints in Policy Sets Using WLST
4.4.5
Viewing Policies Attached to a Web Service with WLST
4.4.6
Displaying the Effective Policy Set Using WLST
4.5
About Attaching Policies to Servlet Applications
4.5.1
Attaching Policies Directly to Servlet Applications
4.5.2
Attaching Policies Globally to Servlet Applications
4.6
Run-time Constraints in Policy Sets
4.7
About Defining the Type and Scope of Resources for Globally Attached Policies
4.7.1
Defining the Resource Type
4.7.2
Defining the Resource Scope
4.7.3
Determining the Namespace for a Web Service
4.7.4
Examples of Creating Policy Sets Using Different Resource Types and Scopes
4.8
Migrating Direct Policy Attachments to Global Policy Attachments
4.9
Disabling a Globally Attached Policy
4.10
Specifying the Priority of a Policy Attachment
4.11
Managing Endpoint Configuration Properties Using Fusion Middleware Control
4.12
Determining the Secure Status of an Endpoint
4.13
How the Effective Set of Policies is Calculated
4.14
Determining the Source of Policy Attachments
5
Overriding Policy Configuration Properties
5.1
Overview of Policy Configuration Overrides
5.2
Scope of Predefined Configuration Properties
5.3
About Overriding Client Policy Configuration Properties at Design Time
5.3.1
Java EE Web Services
5.3.2
RESTful Web Services
5.3.3
Understanding Oracle Infrastructure Web Services
5.3.3.1
Client Policy Configuration Properties That Can Be Overridden at Design Time
5.3.3.2
Example for Overriding the Client Policy Configuration Properties for Keystore, Username, and Password Using RequestContext
5.3.3.3
Example for Overriding the RESTful Web Service Client Policy Configuration Properties for the Username and Password
5.4
About Overriding Policy Configuration Properties Using Fusion Middleware Control
5.4.1
Overriding Configuration Properties at the Domain Level (Defining the Default Value)
5.4.2
Overriding Configuration Properties for Directly Attached Service Policies Using Fusion Middleware Control
5.4.3
Overriding Configuration Properties at the Web Service Client Application Level Using Fusion Middleware Control
5.4.4
Overriding Configuration Properties for Globally Attached Policies Using Fusion Middleware Control
5.5
About Overriding Policy Configuration Properties Using WLST
5.5.1
Overriding Configuration Properties for Directly Attached Service Policies Using WLST
5.5.2
Overriding Configuration Properties at the Web Service Client Application Using WLST
5.5.3
Overriding Configuration Properties for Globally Attached Policies Using WLST
5.6
About Configuring User-Defined Properties for Web Service and Client Policies Using Fusion Middleware Control
5.6.1
Scope of User-Defined Configuration Properties
5.6.2
Adding a User-Defined Configuration Property
5.6.3
Editing a User-Defined Configuration Property
5.6.4
Deleting a User-Defined Configuration Property
5.6.5
Overriding the User-Defined Configuration Properties
6
Managing Web Service Policies with Fusion Middleware Control
6.1
Overview of Web Services Policy Management
6.2
Managing Web Service Policies
6.2.1
Navigating to the WSM Policies Page
6.2.2
Searching for Policies in the WSM Policies Page
6.2.2.1
Using Advanced Search
6.2.2.2
Using the Query by Example Filter
6.2.3
Viewing the Details of a Web Service Policy
6.2.4
Creating and Editing Web Service Policies
6.2.4.1
Creating a New Web Service Policy
6.2.4.2
Cloning a Web Service Policy
6.2.4.3
Creating Custom Policies
6.2.4.4
Editing a Web Service Policy
6.2.5
Using Local Optimization with OWSM Policies (SOA Composites)
6.2.5.1
Viewing the Default Local Optimization Setting in OWSM Policies
6.2.5.2
Controlling When Local Optimization is Used
6.2.6
Generating Client Policies from a WSDL
6.2.7
Adding Assertions to a Policy
6.2.8
Adding an OR Group to a Policy
6.2.9
Importing Web Service Policies
6.2.10
Exporting Web Service Policies
6.2.11
Versioning Web Service Policies
6.2.11.1
Viewing the Version History of a Web Service Policy
6.2.11.2
Changing the Current Version of a Policy
6.2.11.3
Deleting Versions of a Web Service Policy
6.2.11.4
Exporting a Version of a Policy
6.2.12
Deleting a Web Service Policy
6.3
Validating Web Service Policies
6.4
Managing Policy Assertion Templates
6.4.1
About Navigating to the Assertion Templates Page
6.4.2
Understanding Search Options on the Assertion Templates Page
6.4.2.1
Searching for an Assertion Template Using Advanced Search
6.4.2.2
Searching for an Assertion Template Using the Query by Example Filter
6.4.3
Viewing the Details of an Assertion Template
6.4.4
Naming Conventions for Assertion Templates
6.4.5
Cloning an Assertion Template
6.4.6
Editing an Assertion Template
6.4.7
Editing the Configuration Properties in an Assertion Template
6.4.8
Exporting an Assertion Template
6.4.9
Importing an Assertion Template
6.4.10
Deleting an Assertion Template
6.5
Managing Policies and Assertions
6.5.1
Enabling or Disabling a Policy for all Policy Subjects
6.5.2
Enabling or Disabling Assertions Within a Policy
6.6
Analyzing Policy Usage
6.7
About Advertising Policy Assertions
6.8
About Advertising WS-Policy and WS-SecurityPolicy Versions
Part III Securing Web Services
7
Configuring Message Protection for Web Services
7.1
Overview of Message Protection Configuration for Web Services
7.2
Overview of Configuring Keystores for Message Protection
7.2.1
Understanding OPSS Keystore Service for Message Protection
7.2.1.1
Configuring Message Protection Using the OPSS Keystore Service
7.2.1.2
Migrating a JKS Keystore Into the KSS Keystore
7.2.1.3
Importing Certificates Into the KSS Keystore
7.2.1.4
Overriding keystore.sig.csf.key and keystore.enc.csf.key Attributes
7.2.1.5
Renewing or Regenerating the Expiring Certificates or Keys
7.2.2
Understanding Java Keystore for Message Protection
7.2.2.1
Generating Private Keys and Creating the Java Keystore
7.2.2.2
Obtaining a Trusted Certificate and Importing it into the Keystore
7.2.2.3
Configuring the OWSM Keystore
7.2.3
Adding Keys and User Credentials to Configure the Credential Store
7.2.3.1
Adding Keys and User Credentials to the Credential Store Using Fusion Middleware Control
7.2.3.2
Adding Keys and User Credentials to the Credential Store Using WLST
7.3
About Creating an Application-level Credential Map
7.3.1
How CSF Keys Are Retrieved from an Application-level Credential Map
7.3.2
About Permissions to Access an Application-level Credential Map
7.3.2.1
Configuring the csf.map Property Override
7.3.2.2
About Granting CredentialAccessPermission to wsm-agent-core.jar
7.3.2.2.1
Granting CredentialAccessPermission Using Oracle Enterprise Manager
7.3.2.2.2
Granting CredentialAccessPermission Using WLST
7.3.2.3
About Grant WSIdentityPermission to wsm-agent-core.jar
7.3.2.3.1
Granting WSIdentityPermission Using Oracle Enterprise Manager
7.3.2.3.2
Granting WSIdentityPermission Using WLST
7.3.2.4
Example of Granting Permission for Application-level In system-jazn-data.xml
7.3.3
Policies that Can Be Used to Access an Application-level CSF Map
7.4
Understanding Service Identity Certificate Extensions
7.4.1
Ignoring the Service Identity Certificate Extension From the Client
7.4.2
Ignoring Hostname Verification from the Client
7.5
Caching the Nonce with Oracle Coherence
7.5.1
Caching the Nonce Where There Are No Managed Coherence Servers
7.5.1.1
Understanding Coherence Cluster Topology Where There Are No Managed Coherence Servers
7.5.1.2
Configuring the Standard Topology Using Fusion Middleware Configuration Wizard
7.5.2
Caching the Nonce for Storage-Disabled WebLogic Servers and Storage-Enabled Managed Coherence Servers
7.5.2.1
Understanding Coherence Cluster Topology For Storage-Disabled WebLogic Servers and Storage-Enabled Managed Coherence Servers
7.5.2.2
Configuring the Cluster Topology Using Fusion Middleware Configuration Wizard
7.6
About Configuring Partial Encryption with Fusion Middleware Control
7.6.1
Configuring Partial Encryption Using Fusion Middleware Control
7.6.2
Securing SwA Attachments
8
Protecting Personally Identifiable Information
8.1
Main Steps in Protecting PII Information
8.1.1
Approach to Follow to Determine What PII Data to Protect
8.1.2
Composing the XPath Expressions to Protect the PII Data
8.1.3
Configuring the PII Encryption Key
8.1.4
Attaching the pii_security_policy Policy
8.1.5
Attaching the pii_security_policy to SOA Composite
8.1.6
Attaching the pii_security_policy to Oracle Service Bus
8.1.7
Attaching the pii_security_policy to JCA Binding
8.2
Overriding the pii_security_policy Attributes Using WLST
8.3
Decrypting PII Using API
9
Configuring Transport-Level Security (SSL)
9.1
About Configuring Keystores for SSL
9.1.1
Understanding KSS Keystore Configuration on WebLogic Server
9.1.1.1
Configuring the OPSS Keystore Service for Demo Identity and Trust
9.1.1.2
Recreating the OPSS Keystore Service for Demo Identity and Trust
9.1.1.3
Configuring the OPSS Keystore Service for Custom Identity and Trust
9.1.2
Configuring a JKS Keystore on WebLogic Server
9.1.3
Configuring Synchronization of JKS Keystore File on Cluster
9.2
Configuring One-Way SSL on WebLogic Server
9.3
Configuring Two-Way SSL on WebLogic Server
9.4
Configuring One-Way SSL for a Web Service Client
9.5
Configuring Two-Way SSL for a Web Service Client
9.6
Understanding SSL Configuration on Oracle HTTP Server
9.6.1
Configuring One-Way SSL on Oracle HTTP Server
9.6.2
Configuring Two-Way SSL on Oracle HTTP Server
10
Configuring Authorization Using Oracle Web Services Manager
10.1
Overview of Authorization
10.2
Determining Which Resources to Protect
10.3
Determining Authorization Permissions
10.4
Determining the OPSS Resource Name
10.5
About Configuring Fine-Grained Authorization Using Oracle Entitlements Server
10.5.1
Prerequisites for Configuring OES Integration
10.5.2
Understanding Attributes for Obligations
10.5.3
About Configuring OES Policies For Fine-Grained Authorization
10.5.3.1
Configuring the OES Resource for Masking
10.5.3.2
Creating Authorization Policy to Return Obligations
10.5.3.3
Creating Actual OES Authorization Policy for Coarse-Grained Authorization
10.5.4
About Configuring OES Policies For Coarse-Grained Authorization
10.5.4.1
Configuring the OES Resource for Coarse-Grained Authorization
10.5.4.2
Creating Actual OES Authorization Policy for Fine-Grained Authorization
10.5.5
About Configuring OES Policy For Masking
10.5.5.1
Configuring the OES Resource
10.5.5.2
Creating Masking Policy to Return Obligations
10.5.5.3
Creating Actual OES Masking Policy
10.5.6
Understanding How to Attach OWSM OES Policy
10.5.6.1
Attaching the OWSM OES Policy
10.5.6.2
Configuration Properties and Overrides
10.6
Configuring the Oracle HTTP Server to Specify the Request Origin
10.7
Using OAuth2 with Oracle Web Services Manager
10.7.1
About OAuth2 with Oracle Web Services Manager
10.7.1.1
Understanding 2-legged OAuth2
10.7.1.2
Supported Authorization Grant Types in 2-Legged Authorization
10.7.1.3
How Client Credentials Are Determined in 2-Legged Authorization
10.7.1.4
Relationship of User Credentials, Client Credentials, and Subject in 2-Legged Authorization
10.7.2
Configuring OAuth2 for Use With Oracle Web Services Manager Policies
11
Configuring Authentication Using Oracle Web Services Manager
11.1
Overview of Authentication Configuration
11.2
Supported Authentication Providers in WebLogic Server
11.3
About Configuring Digest Authentication
11.3.1
Prerequisites for Configuring Digest Authentication
11.3.2
Configuring the Default Authenticator and Identity Asserter
11.3.3
Attaching a Policy and Enabling Digest Authentication
11.4
About SAML Configuration
11.4.1
Overview of Flow of SAML Token Validation
11.4.1.1
Validating a SAML Assertion
11.4.1.2
Use Cases for SAML Token Validation
11.4.2
Configuring SAML Web Service Client at Design Time
11.4.3
Including User Attributes in the Assertion
11.4.4
Including User Roles in the Assertion
11.4.5
Understanding the Configuration of Oracle Platform Security Services (OPSS) for SAML Policies
11.4.6
Adding an Additional SAML Assertion Issuer Name
11.4.7
About SAML Web Service Client Configuration for Identity Switching
11.4.7.1
Understanding Identity Switching Use Case Scenarios
11.4.7.2
Setting the javax.xml.ws.security.auth.username Property
11.4.7.3
Setting the Permission Using WSIdentityPermission
11.4.8
Understanding Trusted Issuers and Trusted Distinguished Names List for SAML Signing Certificates
11.4.9
Understanding How to Use Anonymous Users with SAML Policies
11.5
About Propagating Identity Context with OWSM
11.5.1
Overview of Identity Context
11.5.2
Propagating Identity Context Using SAML Policies
11.5.3
Configuring Identity Context Propagation: Main Steps
11.6
Understanding Kerberos Token Configuration
11.6.1
About MIT Kerberos
11.6.1.1
Initializing and Starting the MIT Kerberos KDC
11.6.1.2
Creating Principals
11.6.1.3
Configuring the Web Service Client to Use the Correct KDC
11.6.2
About Using Microsoft Active Directory with Key Distribution Center
11.6.2.1
Web Service Client Set Up Tasks
11.6.2.1.1
Creating a User Account
11.6.2.1.2
Setting the Service Principal Name
11.6.2.1.3
Creating a Keytab File
11.6.2.2
Setting Up the Web Service
11.6.3
Setting the Service Principal Name In the Web Service Client
11.6.4
Configuring the Web Service to Use the Correct KDC
11.6.5
About Using the Correct Keytab File in Enterprise Manager
11.6.5.1
Extracting the Keytab File
11.6.5.2
Exporting the Keytab File
11.6.5.3
Modifying the krb5 Login Module to use the Keytab File
11.6.6
Authenticating the User Corresponding to the Service Principal
11.6.7
Creating a Ticket Cache for the Web Service Client
11.6.8
Kerberos Configuration Over SSL
11.6.9
Kerberos Configuration with SPNEGO Negotiation
11.6.10
About Configuration of Credential Delegation
11.6.10.1
Configuring Credential Delegation in Kerberos
11.6.10.2
Configuring Delegation Permission to OWSM
11.6.10.3
Enabling Credential Delegation in the Client Policy and the Service Policy
11.6.10.4
Configuring Credential Delegation for a Service in Active Directory
11.6.10.5
Configuring Credential Delegation With An Example
11.7
About WS-Trust Configuration
11.7.1
Overview of Web Services WS-Trust
11.7.1.1
Understanding the Mechanism to Obtain STS Configuration
11.7.1.2
Understanding the Token Types Exchanged
11.7.2
Supported STS Servers
11.7.3
Understanding Token Lifetime and Token Caching
11.7.4
Setting Up Automatic Policy Configuration for STS
11.7.4.1
Understanding the Requirements for Automatic Policy Configuration
11.7.4.2
Main Steps in Setting Up Automatic Policy Configuration
11.7.4.2.1
Configuring a Policy for Automatic Policy Configuration
11.7.4.2.2
Configuring a Web Service Client for Automatic Policy Configuration
11.7.4.2.3
Configuring a Web Service for Automatic Policy Configuration
11.7.4.3
Manually Configuring the STS Config Policy From the Web Service Client: Main Steps
11.7.5
About Configuring Web Services Federation
11.7.5.1
Configuring a Web Service for Web Services Federation
11.7.5.2
About Configuring a Web Client for Web Services Federation
11.7.5.2.1
Configuring the Web Client When Issuer Is in the Service WSDL and Is Not in the RP-STS WSDL
11.7.5.2.2
Configuring the Web Client When Issuer Is Not in the Service WSDL and Is Not in the RP-STS WSDL
11.7.5.2.3
Configuring the Web Client When Issuer Is in the Service WSDL and Is in the RP-STS WSDL
11.7.5.2.4
Configuring the Web Client When Issuer Is Not in the Service WSDL and Is in the RP-STS WSDL
11.7.5.3
Configuring an STS for Web Services Federation
11.7.6
Overview of SAML Holder of Key and SAML Bearer as Issued Tokens
11.7.6.1
Determining the Proof Key for SAML HOK Only
11.7.6.1.1
About Symmetric Proof Key
11.7.6.1.2
About Asymmetric Proof Key
11.7.7
Understanding SAML Sender Vouches as Issued Tokens
11.7.8
Overview of On Behalf Of Use Cases
11.7.9
Programmatically Overriding Policy Configuration for WS-Trust Client Policies
12
Configuring Secure Conversation Using Oracle Web Services Manager
12.1
Overview of Web Services Secure Conversation Language Specification
12.2
About Configuring Secure Conversation
12.2.1
Configuring Secure Conversation Using Fusion Middleware Control
12.2.2
Configuring Secure Conversation Using WLST
12.3
Attaching a Secure Conversation Policy at Design Time
12.4
About Configuring Persistence
12.4.1
Overview of Persistence
12.4.2
Configuring Persistence for a Web Service
12.4.3
Configuring Persistence for a Client
12.5
Understanding Secure Conversation Sessions
13
Integrating Hardware with Oracle Web Services Manager
13.1
Using Hardware Security Modules With OWSM
13.1.1
Understanding SafeNet Luna SA With OWSM for Key Storage
13.1.2
About Installing and Configuring the Luna SA HSM Client
13.1.3
Configuring the JRE Used By OWSM
13.1.4
Logging On to Luna SA
13.1.5
Copying Keys and Certificates to Luna SA
13.1.6
About Configuring OWSM to Use Luna SA
13.2
About Configuring OWSM for Oracle SPARC T5 and SPARC T4 Cryptographic Acceleration
13.2.1
Terms You Need to Understand
13.2.2
Overview of Oracle SPARC T5 and SPARC T4 Hardware Assisted Cryptographic Acceleration
13.2.3
Configuring Transport-Level Security for Cryptographic Acceleration
13.2.4
Configuring Message-level Security for Cryptographic Acceleration
13.2.5
Additional Reading for Cryptographic Acceleration
Part IV Managing and Troubleshooting Oracle Web Services Manager
14
Managing Oracle Web Services Manager Domain Configuration
14.1
Overview of OWSM Domain Configuration
14.2
Navigating to the WSM Domain Configuration Page
14.3
Viewing the General OWSM Domain Configuration Using Fusion Middleware Control
14.4
Configuring Domain-Level Authentication Using Fusion Middleware Control
14.4.1
SAML Trusted Issuers and DN Lists Using Fusion Middleware Control
14.4.1.1
Overview of SAML Trusted Issuers and DN Lists
14.4.1.2
Adding SAML Issuers and Defining a Trusted DN List Using Fusion Middleware Control
14.4.1.3
Deleting Trusted Issuers, DNs, or DN Lists Using Fusion Middleware Control
14.4.2
Configuring JWT Trusted Issuers and DN Lists Using Fusion Middleware Control
14.4.2.1
About JWT Trusted Issuers and DN Lists
14.4.2.2
Adding JWT Issuers and Defining a Trusted DN List Using Fusion Middleware Control
14.4.3
Configuring Token Attribute Rules for Trusted Issuers Using Fusion Middleware Control
14.4.4
Configuring the Lifetime for the Issued Token Using Fusion Middleware Control
14.4.5
Configuring the SAML and SAML2 Login Modules Using Fusion Middleware Control
14.4.6
Configuring the Kerberos Login Module
14.4.7
Configuring Subject Properties Using Fusion Middleware Control
14.4.8
Configuring the X509 Login Module Using Fusion Middleware Control
14.4.9
Creating Custom Login Modules
14.5
Domain-Level Message Security Configuration Using Fusion Middleware Control
14.5.1
OWSM Keystore Configuration Using Fusion Middleware Control
14.5.1.1
Configuring OWSM to Use the KSS Keystore
14.5.1.2
Configuring OWSM to Use the JKS Keystore
14.5.1.3
Configuring OWSM to Use HSM Keystores
14.5.1.4
Configuring OWSM to Use the PKCS11 Keystore
14.5.2
Configuring Security Policy Enforcement Using Fusion Middleware Control
14.5.3
Configuring Identity Extension Properties Using Fusion Middleware Control
14.5.4
Secure Conversation Configuration for the Domain Using Fusion Middleware Control
14.5.4.1
About Secure Conversation
14.5.4.2
Configuring Secure Conversation with Fusion Middleware Control
14.6
OWSM Policy Access Configuration Using Fusion Middleware Control
14.6.1
Understanding Configuring the Policy Manager Connection Using Fusion Middleware Control
14.6.1.1
About Auto-Discovery and Connecting to the Policy Manager
14.6.1.2
Configuring a Connection to the Policy Manager Using Fusion Middleware Control
14.6.2
About Refreshing Configuration Cache in OWSM Manually by using Fusion Middleware Control
14.6.2.1
Disabling Automatic Refresh Option in OWSM by using Fusion Middleware Control
14.6.2.2
Checking Status of Automatic Refresh in OWSM by using Fusion Middleware Control
14.6.2.3
Refreshing the OWSM Cache Manually by using Fusion Middleware Control
14.6.3
Configuring SSL for the Policy Manager Connection Using Fusion Middleware Control
14.6.4
High Availability Configuration and Cache Management Using Fusion Middleware Control
14.6.4.1
About High Availability and Cache Management
14.6.4.2
Configuring High Availability and Managing the Cache Using Fusion Middleware Control
14.7
About Managing OWSM Domain Configuration Properties Using WLST
14.7.1
Viewing OWSM Domain Configuration Using WLST
14.7.2
Setting OWSM Domain Configuration Properties Using the setWSMConfiguration Command
14.8
Configuring Domain-Level Authentication Using WLST
14.8.1
Configuring SAML and JWT Trusted Issuers, DN Lists, and Token Attribute Rules Using WLST
14.8.2
Deleting a Token Issuer Trust Document Using WLST
14.8.3
Configuring the Lifetime for the Issued Token Using WLST
14.8.4
Configuring Subject Properties Using WLST
14.8.5
Configuring the SAML and SAML2 Login Modules Using WLST
14.8.6
Configuring the Kerberos Login Module Using WLST
14.8.7
Configuring the X509 Login Module Using WLST
14.8.8
Configuring Custom Login Modules Using WLST
14.9
About Configuring Domain-Level Message Security Using WLST
14.9.1
Configuring the OWSM Keystore Using WLST
14.9.2
Configuring Security Policy Enforcement Using WLST
14.9.3
Configuring Identity Extension Properties Using WLST
14.9.4
Configuring Secure Conversation for the Domain Using WLST
14.10
About Configuring Policy Access Using WLST
14.10.1
Configuring the Policy Manager Connection Using WLST
14.10.2
Updating Bootstrap Configuration Properties Using the setWSMBootstrapConfig Command
14.10.3
About Refreshing Configuration Cache in OWSM Manually by using WLST
14.10.3.1
Disabling Automatic Refresh Option in OWSM by using WLST
14.10.3.2
Checking Status of Automatic Refresh in OWSM by using WLST
14.10.3.3
Refreshing the OWSM Cache Manually by using WLST
14.10.4
Configuring High Availability and Cache Management Using WLST
15
Managing the Oracle Web Services Manager Repository
15.1
Overview of OWSM Repository
15.2
Registering an OWSM Repository
15.3
Understanding the Different Mechanisms for Importing and Exporting Policies
15.4
About Importing and Exporting Documents in the Repository Using WLST
15.4.1
Exporting Documents from the Repository Using WLST
15.4.2
Exporting Application Metadata from the Repository Using WLST
15.4.3
Importing Documents into the Repository Using WLST
15.5
Exporting Policies from the OWSM Repository for Use in JDeveloper
15.6
About Patching Policies in the Repository
15.7
Creating Back Up and Restoring the OWSM Repository
15.8
Upgrading the OWSM Repository
15.9
Rebuilding the OWSM Repository
16
Diagnosing Problems with Oracle Web Services Manager
16.1
Diagnosing Policy Manager Problems Using the OWSM Policy Manager Page
16.2
Overview of Common Problems with Oracle Web Services Manager
16.2.1
Overview of Common Policy Manager Connection Problems
16.2.1.1
Understanding Common Policy Manager Connection Problems
16.2.1.2
Solving Policy Manager Connection Problems
16.2.2
Overview of Key Store or Credential Store Errors After an Application Invokes a Web Service
16.2.2.1
Understanding Common Key or Credential Store Errors
16.2.2.2
Solving Key and Credential Store Problems
16.2.3
Overview of Trust Certificate Error After Application Invokes a Web Service
16.2.3.1
Understanding a Trust Certificate Error
16.2.3.2
Solving Trust Certificate Problems
16.2.4
About Troubleshooting SAML Assertion Errors During Identity Propagation
16.2.4.1
Understanding Common SAML Assertion Problems
16.2.4.2
Troubleshooting SAML Assertion Problems
16.2.5
Overview of Policy Access Problems After an Application Invokes a Web Service
16.2.5.1
Understanding Common Policy Access Problems
16.2.5.2
Solving Common Policy Access Problems
16.2.6
Overview of Problems Accessing Users in the Credential Store
16.2.6.1
Understanding Common User Access Problems
16.2.6.2
Solving User Access Problems
16.2.7
Overview of Common User Authorization Problems After an Application Invokes a Web Service
16.2.7.1
Understanding Common User Authorization Problems
16.2.7.2
Solving a User Authorization Problem
16.2.8
Overview of Timestamp Errors After an Application Invokes a Web Service
16.2.8.1
Understanding the Causes a Timestamp or clockSkew Error
16.2.8.2
Solving Timestamp or clockSkew Errors
16.2.9
Overview of Multiple Authentication Security Policy Errors After an Application Invokes a Web Service
16.2.9.1
Understanding Common Multiple Authentication Security Policy Errors
16.2.9.2
Solving Multiple Authentication Security Policy Errors
16.3
Overview of Policy Attachment Issues Using WLST
16.3.1
Understanding the Use of listWSMPolicySubjects Command to Identify Policy Attachment Issues
16.3.2
Viewing a Sample Configuration Output with Globally and Directly Attached Policies
16.3.3
Viewing a Sample Valid Configuration Output with Directly Attached Policies Only
16.4
About Diagnosing Problems With a Domain Configuration Using WLST
16.4.1
Understanding the Use of checkWSMStatus Command to Identify Domain Configuration Issues
16.4.2
Viewing checkWSMStatus Output Showing Status
16.4.3
Viewing checkWSMStatus Output Showing Credential Store Failure
16.4.4
Viewing checkWSMStatus Output With OAuth2 Global Policy Set Configured
16.4.5
Viewing checkWSMStatus Output With OAuth2 Global Policy Set Not Configured
16.5
Common Oracle Web Services Manager Exceptions for WS-Trust Use Cases
Part V Oracle Web Services Manager Predefined Policies and Assertions Templates
17
Oracle Web Services Manager Predefined Policies
17.1
Addressing Policies
17.2
Atomic Transaction Policies
17.3
Configuration Policies
17.4
Management Policies
17.5
MTOM Policies
17.6
Reliable Messaging Policies
17.7
Security Policies-Authentication Only
17.8
Security Policies-Authorization Only
17.9
Security Policies-Message Protection Only
17.10
Security Policies-Messages Protection and Authentication
17.11
Security Policies-Sha256 Only
17.12
Security Policies—Oracle Entitlements Server
17.13
SOAP Over JMS Transport Policies
17.14
oracle/wsaddr_policy
17.15
oracle/no_addressing_policy
17.16
oracle/atomic_transaction_policy
17.17
oracle/no_atomic_transaction_policy
17.18
oracle/async_web_service_policy
17.19
oracle/cache_binary_content_policy
17.20
oracle/fast_infoset_client_policy
17.21
oracle/fast_infoset_service_policy
17.22
oracle/max_request_size_policy
17.23
oracle/mex_request_processing_service_policy
17.24
oracle/mtom_encode_fault_service_policy
17.25
oracle/no_async_web_service_policy
17.26
oracle/no_cache_binary_content_policy
17.27
oracle/no_fast_infoset_client_policy
17.28
oracle/no_fast_infoset_service_policy
17.29
oracle/no_max_request_size_policy
17.30
oracle/no_mex_request_processing_service_policy
17.31
oracle/no_mtom_encode_fault_service_policy
17.32
oracle/no_persistence_policy
17.33
oracle/no_pox_http_binding_service_policy
17.34
oracle/no_request_processing_service_policy
17.35
oracle/no_schema_validation_policy
17.36
oracle/no_soap_request_processing_service_policy
17.37
oracle/no_test_page_processing_service_policy
17.38
oracle/no_ws_logging_level_policy
17.39
oracle/no_wsdl_request_processing_service_policy
17.40
oracle/persistence_policy
17.41
oracle/pox_http_binding_service_policy
17.42
oracle/request_processing_service_policy
17.43
oracle/schema_validation_policy
17.44
oracle/soap_request_processing_service_policy
17.45
oracle/test_page_processing_policy
17.46
oracle/ws_logging_level_policy
17.47
oracle/wsdl_request_processing_service_policy
17.48
oracle/log_policy
17.49
oracle/no_mtom_policy
17.50
oracle/wsmtom_policy
17.51
oracle/no_reliable_messaging_policy
17.52
oracle/no_wsrm_policy
17.53
oracle/reliable_messaging_policy
17.54
oracle/wsrm10_policy
17.55
oracle/wsrm11_policy
17.56
oracle/http_basic_auth_over_ssl_client_policy
17.57
oracle/http_basic_auth_over_ssl_service_policy
17.58
oracle/http_oam_token_service_policy
17.59
oracle/http_saml20_token_bearer_client_policy
17.60
oracle/http_saml20_token_bearer_service_policy
17.61
oracle/http_saml20_token_bearer_over_ssl_client_policy
17.62
oracle/http_saml20_bearer_token_over_ssl_service_policy
17.63
oracle/multi_token_rest_service_policy
17.64
oracle/multi_token_over_ssl_rest_service_policy
17.65
oracle/no_authentication_client_policy
17.66
oracle/no_authentication_service_policy
17.67
oracle/wss_http_token_client_policy
17.68
oracle/wss_http_token_service_policy
17.69
oracle/wss_username_token_client_policy
17.70
oracle/wss_username_token_service_policy
17.71
oracle/wss10_saml_token_client_policy
17.72
oracle/wss10_saml_token_service_policy
17.73
oracle/wss10_saml20_token_client_policy
17.74
oracle/wss10_saml20_token_service_policy
17.75
oracle/wss11_kerberos_token_client_policy
17.76
oracle/wss11_kerberos_token_service_policy
17.77
oracle/http_oauth2_token_client_policy
17.78
oracle/http_jwt_token_service_policy
17.79
oracle/http_oauth2_token_identity_switch_over_ssl_client_policy
17.80
oracle/http_jwt_token_over_ssl_service_policy
17.81
oracle/http_oauth2_token_opc_oauth2_client_policy
17.82
oracle/http_oauth2_token_over_ssl_client_policy
17.83
oracle/http_jwt_token_over_ssl_service_policy
17.84
oracle/oauth2_config_client_policy
17.85
oracle/http_jwt_token_client_policy
17.86
oracle/http_jwt_token_over_ssl_client_policy
17.87
oracle/http_oauth2_token_identity_switch_opc_oauth2_over_ssl_client_policy
17.88
oracle/http_oauth2_token_opc_oauth2_over_ssl_client_policy
17.89
oracle/http_jwt_token_identity_switch_client_policy
17.90
oracle/binding_authorization_denyall_policy
17.91
oracle/binding_authorization_permitall_policy
17.92
oracle/binding_permission_authorization_policy
17.93
oracle/component_authorization_denyall_policy
17.94
oracle/component_authorization_permitall_policy
17.95
oracle/component_permission_authorization_policy
17.96
oracle/no_authorization_component_policy
17.97
oracle/no_authorization_service_policy
17.98
oracle/whitelist_authorization_policy
17.99
oracle/no_messageprotection_client_policy
17.100
oracle/no_messageprotection_service_policy
17.101
oracle/wss10_message_protection_client_policy
17.102
oracle/wss10_message_protection_service_policy
17.103
oracle/wss11_message_protection_client_policy
17.104
oracle/wss11_message_protection_service_policy
17.105
oracle/pii_security_policy
17.106
oracle/sts_trust_config_client_policy
17.107
oracle/sts_trust_config_service_policy
17.108
oracle/wss_saml_bearer_or_username_token_service_policy
17.109
oracle/wss_saml_or_username_token_service_policy
17.110
oracle/wss_saml_or_username_token_over_ssl_service_policy
17.111
oracle/wss_saml_token_bearer_client_policy
17.112
oracle/wss_saml_token_bearer_over_ssl_client_policy
17.113
oracle/wss_saml_token_bearer_over_ssl_service_policy
17.114
oracle/wss_http_token_over_ssl_client_policy
17.115
oracle/wss_http_token_over_ssl_service_policy
17.116
oracle/wss_saml_token_over_ssl_client_policy
17.117
oracle/wss_saml_token_over_ssl_service_policy
17.118
oracle/wss_saml20_token_bearer_over_ssl_client_policy
17.119
oracle/wss_saml20_token_bearer_over_ssl_service_policy
17.120
oracle/wss_saml20_token_over_ssl_client_policy
17.121
oracle/wss_saml20_token_over_ssl_service_policy
17.122
oracle/wss_sts_issued_saml_bearer_token_over_ssl_client_policy
17.123
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_policy
17.124
oracle/wss_username_token_over_ssl_client_policy
17.125
oracle/wss_username_token_over_ssl_service_policy
17.126
oracle/wss_username_token_over_ssl_wssc_client_policy
17.127
oracle/wss_username_token_over_ssl_wssc_service_policy
17.128
oracle/wss_username_token_over_ssl_notimestamp_client_policy
17.129
oracle/wss_username_token_over_ssl_notimestamp_service_policy
17.130
oracle/wss10_saml_hok_token_with_message_protection_client_policy
17.131
oracle/wss10_saml_hok_token_with_message_protection_service_policy
17.132
oracle/wss10_saml_token_with_message_integrity_client_policy
17.133
oracle/wss10_saml_token_with_message_integrity_service_policy
17.134
oracle/wss10_saml_token_with_message_protection_client_policy
17.135
oracle/wss10_saml_token_with_message_protection_service_policy
17.136
oracle/wss10_saml_token_with_message_protection_ski_basic256_client_policy
17.137
oracle/wss10_saml_token_with_message_protection_ski_basic256_service_policy
17.138
oracle/wss10_saml20_token_with_message_protection_client_policy
17.139
oracle/wss10_saml20_token_with_message_protection_service_policy
17.140
oracle/wss10_username_id_propagation_with_msg_protection_client_policy
17.141
oracle/wss10_username_id_propagation_with_msg_protection_service_policy
17.142
oracle/wss10_username_token_with_message_protection_client_policy
17.143
oracle/wss10_username_token_with_message_protection_service_policy
17.144
oracle/wss10_username_token_with_message_protection_ski_basic256_client_policy
17.145
oracle/wss10_username_token_with_message_protection_ski_basic256_service_policy
17.146
oracle/wss10_x509_token_with_message_protection_client_policy
17.147
oracle/wss10_x509_token_with_message_protection_service_policy
17.148
oracle/wss11_kerberos_token_with_message_protection_client_policy
17.149
oracle/wss11_kerberos_token_with_message_protection_service_policy
17.150
oracle/wss11_kerberos_token_with_message_protection_basic128_client_policy
17.151
oracle/wss11_kerberos_token_with_message_protection_basic128_service_policy
17.152
oracle/wss11_saml_or_username_token_with_message_protection_service_policy
17.153
oracle/wss11_saml_or_username_token_with_message_protection_sha256_service_policy
17.154
oracle/wss11_saml_token_identity_switch_with_message_protection_client_policy
17.155
oracle/wss11_saml_token_identity_switch_with_message_protection_sha256_client_policy
17.156
oracle/wss11_saml_token_with_message_protection_client_policy
17.157
oracle/wss11_saml_token_with_message_protection_service_policy
17.158
oracle/wss11_saml_token_with_message_protection_sha256_client_policy
17.159
oracle/wss11_saml_token_with_message_protection_sha256_service_policy
17.160
oracle/wss11_saml_token_with_message_protection_wssc_client_policy
17.161
oracle/wss11_saml_token_with_message_protection_wssc_service_policy
17.162
oracle/wss11_saml_token_with_message_protection_wssc_reauthn_client_policy
17.163
oracle/wss11_saml_token_with_message_protection_wssc_reauthn_service_policy
17.164
oracle/wss11_saml20_token_with_message_protection_client_policy
17.165
oracle/wss11_saml20_token_with_message_protection_service_policy
17.166
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_policy
17.167
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_policy
17.168
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_policy
17.169
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_policy
17.170
oracle/wss11_sts_issued_saml_with_message_protection_client_policy
17.171
oracle/wss11_username_token_with_message_protection_client_policy
17.172
oracle/wss11_username_token_with_message_protection_service_policy
17.173
oracle/wss11_username_token_with_message_protection_sha256_client_policy
17.174
oracle/wss11_username_token_with_message_protection_sha256_service_policy
17.175
oracle/wss11_username_token_with_message_protection_wssc_client_policy
17.176
oracle/wss11_username_token_with_message_protection_wssc_service_policy
17.177
oracle/wss11_x509_token_with_message_protection_client_policy
17.178
oracle/wss11_x509_token_with_message_protection_service_policy
17.179
oracle/wss11_x509_token_with_message_protection_wssc_client_policy
17.180
oracle/wss11_x509_token_with_message_protection_wssc_service_policy
17.181
oracle/wss_saml_bearer_or_username_token_sha256_service_policy
17.182
oracle/wss_saml_token_bearer_identity_switch_client_policy
17.183
oracle/wss_saml_token_bearer_identity_switch_sha256_client_policy
17.184
oracle/wss_saml_token_bearer_over_ssl_sha256_client_policy
17.185
oracle/wss_saml_token_bearer_over_ssl_sha256_service_policy
17.186
oracle/wss_saml_token_bearer_service_policy
17.187
oracle/wss_saml_token_bearer_sha256_client_policy
17.188
oracle/wss_saml_token_bearer_sha256_service_policy
17.189
oracle/binding_oes_authorization_policy
17.190
oracle/binding_oes_masking_policy
17.191
oracle/component_oes_authorization_policy
17.192
oracle/jms_transport_client_policy
17.193
oracle/jms_transport_service_policy
17.194
oracle/no_jms_transport_client_policy
17.195
oracle/no_jms_transport_service_policy
17.196
oracle/http_oauth2_token_over_ssl_salesforce_jwt_client_policy
18
Oracle Web Services Manager Predefined Assertion Templates
18.1
Authentication Only Assertion Templates
18.2
Message-Protection Only Assertion Templates
18.3
Message Protection and Authentication Assertion Templates
18.4
Oracle Entitlements Server (OES) Integration Templates
18.5
PII Assertion Templates
18.6
WS-Trust Assertion Templates
18.7
Authorization Assertion Templates
18.8
Management Assertion Templates
18.9
oracle/http_oam_token_service_template
18.10
oracle/http_saml20_token_bearer_client_template
18.11
oracle/http_saml20_token_bearer_service_template
18.12
oracle/http_spnego_token_client_template
18.13
oracle/http_spnego_token_service_template
18.14
oracle/wss_http_token_client_template
18.15
oracle/wss_http_token_service_template
18.16
oracle/wss_username_token_client_template
18.17
oracle/wss_username_token_service_template
18.18
oracle/wss10_saml_token_client_template
18.19
oracle/wss10_saml_token_service_template
18.20
oracle/wss10_saml20_token_client_template
18.21
oracle/wss10_saml20_token_service_template
18.22
oracle/wss11_kerberos_token_client_template
18.23
oracle/wss11_kerberos_token_service_template
18.24
oracle/http_oauth2_token_client_template
18.25
oracle/http_jwt_token_service_template
18.26
oracle/http_oauth2_token_over_ssl_client_template
18.27
oracle/http_jwt_token_over_ssl_service_template
18.28
oracle/oauth2_config_client_template
18.29
oracle/http_jwt_token_client_template
18.30
oracle/http_jwt_token_over_ssl_client_template
18.31
oracle/wss10_message_protection_client_template
18.32
oracle/wss10_message_protection_service_template
18.33
oracle/wss11_message_protection_client_template
18.34
oracle/wss11_message_protection_service_template
18.35
oracle/wss_http_token_over_ssl_client_template
18.36
oracle/wss_http_token_over_ssl_service_template
18.37
oracle/wss_saml_token_bearer_client_template
18.38
oracle/wss_saml_token_bearer_service_template
18.39
oracle/wss_saml_token_bearer_over_ssl_client_template
18.40
oracle/wss_saml_token_bearer_over_ssl_service_template
18.41
oracle/wss_saml20_token_bearer_over_ssl_client_template
18.42
oracle/wss_saml20_token_bearer_over_ssl_service_template
18.43
oracle/wss_saml_token_over_ssl_client_template
18.44
oracle/wss_saml_token_over_ssl_service_template
18.45
oracle/wss_saml20_token_over_ssl_client_template
18.46
oracle/wss_saml20_token_over_ssl_service_template
18.47
oracle/wss_username_token_over_ssl_client_template
18.48
oracle/wss_username_token_over_ssl_service_template
18.49
oracle/wss10_saml_hok_token_with_message_protection_client_template
18.50
oracle/wss10_saml_hok_token_with_message_protection_service_template
18.51
oracle/wss10_saml_token_with_message_protection_client_template
18.52
oracle/wss10_saml_token_with_message_protection_service_template
18.53
oracle/wss10_saml20_token_with_message_protection_client_template
18.54
oracle/wss10_saml20_token_with_message_protection_service_template
18.55
oracle/wss10_username_token_with_message_protection_client_template
18.56
oracle/wss10_username_token_with_message_protection_service_template
18.57
oracle/wss10_x509_token_with_message_protection_client_template
18.58
oracle/wss10_x509_token_with_message_protection_service_template
18.59
oracle/wss11_kerberos_token_over_ssl_client_template
18.60
oracle/wss11_kerberos_token_over_ssl_service_template
18.61
oracle/wss11_kerberos_token_with_message_protection_client_template
18.62
oracle/wss11_kerberos_token_with_message_protection_service_template
18.63
oracle/wss11_saml_token_with_message_protection_client_template
18.64
oracle/wss11_saml_token_with_message_protection_service_template
18.65
oracle/wss11_saml20_token_with_message_protection_client_template
18.66
oracle/wss11_saml20_token_with_message_protection_service_template
18.67
oracle/wss11_username_token_with_message_protection_client_template
18.68
oracle/wss11_username_token_with_message_protection_service_template
18.69
oracle/wss11_x509_token_with_message_protection_client_template
18.70
oracle/wss11_x509_token_with_message_protection_service_template
18.71
oracle/binding_oes_authorization_template
18.72
oracle/binding_oes_masking_template
18.73
oracle/component_oes_authorization_template
18.74
oracle/pii_security_template
18.75
oracle/sts_trust_config_client_template
18.76
oracle/sts_trust_config_service_template
18.77
oracle/wss_sts_issued_saml_bearer_token_over_ssl_client_template
18.78
oracle/wss_sts_issued_saml_bearer_token_over_ssl_service_template
18.79
oracle/wss11_sts_issued_saml_hok_with_message_protection_client_template
18.80
oracle/wss11_sts_issued_saml_hok_with_message_protection_service_template
18.81
oracle/wss11_sts_issued_saml_with_message_protection_client_template
18.82
oracle/binding_authorization_template
18.83
oracle/binding_permission_authorization_template
18.84
oracle/component_authorization_template
18.85
Supported Algorithm Suites
18.86
oracle/component_permission_authorization_template
18.87
Supported Algorithm Suites
18.88
Message Signing and Encryption Settings for Request, Response, and Fault Messages
18.89
oracle/security_log_template
Part VI Security and Policy Reference for Oracle Web Services
A
Security and Policy Annotations for Oracle Web Services
A.1
About Security and Policy Annotations for Web Services
A.2
Summary of Security and Policy Annotations for Web Services
A.3
List of Security and Policy Annotations for Web Services
A.3.1
@Addressing
A.3.1.1
@Addressing Attributes
A.3.1.2
@Addressing Example
A.3.2
@AtomicTransaction
A.3.2.1
@AtomicTransaction Attributes
A.3.2.2
@AtomicTransaction Example
A.3.3
@Buffering
A.3.4
@CacheBinaryContent
A.3.4.1
@CacheBinaryContent Attributes
A.3.4.2
@CacheBinaryContent Example
A.3.5
@CallbackManagementPolicy
A.3.5.1
@CallbackManagementPolicy Attributes
A.3.5.2
@CallbackManagementPolicy Example
A.3.6
@CallbackMtomPolicy
A.3.6.1
@CallbackMtomPolicy Attributes
A.3.6.2
@CallbackMtomPolicy Example
A.3.7
@CallbackPolicySet
A.3.7.1
@CallbackPolicySet Attributes
A.3.7.2
@CallbackPolicySet Example
A.3.8
@CallbackSecurityPolicy
A.3.8.1
@CallbackSecurityPolicy Attributes
A.3.8.2
@CallbackSecurityPolicy Example
A.3.9
@FastInfosetCallbackClient
A.3.9.1
@FastInfosetCallbackClient Attributes
A.3.9.2
@FastInfosetCallbackClient Example
A.3.10
@FastInfosetClient
A.3.11
@FastInfosetService
A.3.11.1
@FastInfosetService Attribute
A.3.11.2
@FastInfosetService Example
A.3.12
@JMSTransportClient
A.3.12.1
@JMSTransportClient Attributes
A.3.12.2
@JMSTransportClient Example
A.3.13
@JMSTransportService
A.3.13.1
@JMSTransportService Attributes
A.3.13.2
@JMSTransportService Example
A.3.14
@ManagementPolicy
A.3.14.1
@ManagementPolicy Attributes
A.3.14.2
@ManagementPolicy Example
A.3.15
@MaxRequestSize
A.3.15.1
@MaxRequestSize Attributes
A.3.15.2
@MaxRequestSize Example
A.3.16
@MEXRequestProcessingService
A.3.16.1
@MEXRequestProcessingService Attribute
A.3.16.2
@MEXRequestProcessingService Example
A.3.17
@MTOM
A.3.17.1
@MTOM Attribute
A.3.17.2
@MTOM Example
A.3.18
@MTOMEncodeFaultService
A.3.18.1
@MTOMEncodeFaultService Attribute
A.3.18.2
@MTOMEncodeFaultService Example
A.3.19
@MtomPolicy
A.3.19.1
@MtomPolicy Attributes
A.3.19.2
@MtomPolicy Example
A.3.20
@Persistence
A.3.20.1
@Persistence Attributes
A.3.20.2
@Persistence Example
A.3.21
@PolicyReference
A.3.21.1
@PolicyReference Attributes
A.3.21.2
@PolicyReference Example
A.3.22
@PolicySet
A.3.22.1
@PolicySet Attributes
A.3.22.2
@PolicySet Example
A.3.23
@POXHttpBindingService
A.3.23.1
@POXHttpBindingService Attribute
A.3.23.2
@POXHttpBindingService Example
A.3.24
@Property
A.3.24.1
@Property Attributes
A.3.24.2
@Property Example
A.3.25
@ReliabilityPolicy
A.3.25.1
@ReliabilityPolicy Attributes
A.3.25.2
@ReliabilityPolicy Example
A.3.26
@ReliableMessaging
A.3.26.1
@ReliableMessaging Attributes
A.3.26.2
@ReliableMessaging Example
A.3.27
@RequestProcessingService
A.3.27.1
@RequestProcessingService Attribute
A.3.27.2
@RequestProcessingService Example
A.3.28
@SchemaValidation
A.3.28.1
@SchemaValidation Attribute
A.3.28.2
@SchemaValidation Example
A.3.29
@SecurityPolicies (Oracle Infrastructure Web Services)
A.3.30
@SecurityPolicies (Java EE Web Services)
A.3.30.1
@SecurityPolicies Example
A.3.31
@SecurityPolicy (Oracle Infrastructure Web Services)
A.3.31.1
@SecurityPolicy Attributes
A.3.31.2
@SecurityPolicy Example
A.3.32
@SecurityPolicy (Java EE Web Services)
A.3.32.1
@SecurityPolicy Attributes
A.3.32.2
@SecurityPolicy Example
A.3.33
@SOAPRequestProcessingService
A.3.33.1
@SOAPRequestProcessingService Attribute
A.3.33.2
@SOAPRequestProcessingService Example
A.3.34
@TestPageProcessingService
A.3.34.1
@TestPageProcessingService Attribute
A.3.34.2
@TestPageProcessingService Example
A.3.35
@WSDLRequestProcessingService
A.3.35.1
@WSDLRequestProcessingService Attribute
A.3.35.2
@WSDLRequestProcessingService Example
A.3.36
@WSLoggingLevel
A.3.36.1
@WSLoggingLevel Attributes
A.3.36.2
@WSLoggingLevel Example
B
Predefined Assertion Templates for Oracle Web Services
B.1
Assertion Template Settings for Oracle Web Services
B.1.1
Action Match
B.1.2
Algorithm Suite
B.1.3
Authentication Header—Header Name
B.1.4
Authentication Header—Mechanism
B.1.5
Body Elements
B.1.6
Bootstrap Message Security
B.1.7
Client Entropy
B.1.8
Client Policy URI
B.1.9
Confirm Signature
B.1.10
Confirmation Type
B.1.11
Constraint Match
B.1.12
Creation Time Required
B.1.13
Derived Keys
B.1.14
Enabled
B.1.15
Encrypt Signature
B.1.16
Encryption Key Reference Mechanism
B.1.17
Fault
B.1.18
Fault Message Settings
B.1.19
Header Elements
B.1.20
Include Entire Body
B.1.21
Include MIME Headers
B.1.22
Include SwA Attachment
B.1.23
Include Timestamp
B.1.24
Is Encrypted
B.1.25
Is Signed
B.1.26
Kerberos Token Type
B.1.27
Key Type
B.1.28
Keystore Recipient Alias
B.1.29
Mutual Authentication Required
B.1.30
Name Identifier Format
B.1.31
Nonce Required
B.1.32
Password Type
B.1.33
Permissions
B.1.34
Permission Class
B.1.35
Port Endpoint
B.1.36
Port URI
B.1.37
Re-authenticate
B.1.38
Recipient Encryption Key Reference Mechanism
B.1.39
Recipient Sign Key Reference Mechanism
B.1.40
Request
B.1.41
Request Message Settings
B.1.42
Request XPaths
B.1.43
Request Namespaces
B.1.44
Require Applies To
B.1.45
Require Client Entropy
B.1.46
Require External Reference
B.1.47
Require Internal Reference
B.1.48
Require Server Entropy
B.1.49
Resource Match
B.1.50
Response
B.1.51
Response Message Settings
B.1.52
Response Namespaces
B.1.53
Response XPaths
B.1.54
Roles
B.1.55
Server Entropy
B.1.56
Sign Key Reference Mechanism
B.1.57
Sign Then Encrypt
B.1.58
Token Type
B.1.59
Transport Layer Security
B.1.60
Transport Layer Security—Include Timestamp
B.1.61
Transport Layer Security—Mutual Authentication Required
B.1.62
Version
B.1.63
Trust Version
B.1.64
Use Derived Keys
B.1.65
Use PKI Path
B.1.66
WSDL Exist
B.1.67
WSDL
B.2
Assertion Template Configuration Properties for Oracle Web Services
B.2.1
algorithm
B.2.2
application.name
B.2.3
attesting.mapping.attribute
B.2.4
caller.principal.name
B.2.5
credential.delegation
B.2.6
csf.map
B.2.7
csf-key
B.2.8
encryption-algorithm
B.2.9
execute.action
B.2.10
ignore.timestamp.in.response
B.2.11
issued.token.caching
B.2.12
issued.token.lifetime
B.2.13
iteration
B.2.14
keysize
B.2.15
keytab.location
B.2.16
keystore.enc.csf.key
B.2.17
keystore.recipient.alias
B.2.18
keystore.sig.csf.key
B.2.19
lookup.action
B.2.20
on.behalf.of
B.2.21
policy.reference.uri
B.2.22
port.endpoint
B.2.23
port.uri
B.2.24
propagate.identity.context
B.2.25
realm
B.2.26
reference.priority
B.2.27
resource.mapping.model
B.2.28
resource.name
B.2.29
resource.type
B.2.30
rm.encrypt.body
B.2.31
role
B.2.32
salt
B.2.33
saml.assertion.filename
B.2.34
saml.audience.uri
B.2.35
saml.envelope.signature.required
B.2.36
saml.issuer.name
B.2.37
saml.trusted.issuers
B.2.38
sc.token.lifetime
B.2.39
service.principal.name
B.2.40
subject.precedence
B.2.41
sts.auth.caller.principal.name
B.2.42
sts.auth.keytab.location
B.2.43
sts.auth.on.behalf.of.csf.key
B.2.44
sts.auth.on.behalf.of.username.only
B.2.45
sts.auth.service.principal.name
B.2.46
sts.auth.user.csf.key
B.2.47
sts.auth.x509.csf.key
B.2.48
sts.in.order
B.2.49
sts.keystore.recipient.alias
B.2.50
use.single.step
B.2.51
user.attributes
B.2.52
user.roles.include
B.2.53
user.tenant.name
B.2.54
wsdl.uri
C
Schema Reference for Predefined Assertions for Oracle Web Services
C.1
wsp:Policy Element
C.1.1
WS-Policy Attributes
C.1.2
Example of WS-Policy
C.2
wsp:ExactlyOne Element
C.2.1
wsp:ExactlyOne Element Attribute
C.2.2
Example of wsp:ExactlyOne Element
C.3
orasp:Assertion Element
C.3.1
orasp:Assertion Element Attributes
C.3.2
Example of orasp:Assertion Element
C.4
orawsp:bindings Element
C.4.1
Example of orawsp:bindings Element
C.5
orawsp:Config Element
C.5.1
orawsp:Config Element Attributes
C.5.2
Example of orawsp:Config Element
C.6
orawsp:PropertySet Element
C.6.1
orawsp:PropertySet Element Attributes
C.6.2
Example of orawsp:PropertySet Element
C.7
orawsp:Property Element
C.7.1
orawsp:Property Element Attributes
C.7.2
Example of orawsp:Property Element
C.8
orawsp:Description Element
C.8.1
Example of orawsp:Description Element
C.9
orawsp:Value Element
C.9.1
Example of orawsp:Value Element
C.10
orawsp:guard Element
C.10.1
Examples of orawsp:guard Element
C.11
orawsp:resource-match Element
C.11.1
Examples of orawsp:resource-match
C.12
orawsp:action-match Element
C.12.1
Examples of orawsp:action-match Element
C.13
orawsp:constraint-match Element
C.13.1
Example of orawsp:constraint-match Element
C.14
oralgp:Logging Element
C.14.1
Example of oralgp:Logging Element
C.15
orasp:binding-authorization Element
C.15.1
Example of orasp:binding-authorization Element
C.16
orasp:binding-permission-authorization Element
C.16.1
Example of orasp:binding-permission-authorization Element
C.17
orasp:coreid-security Element
C.17.1
Example of orasp:coreid-security Element
C.18
orasp:http-security Element
C.18.1
Example of orasp:http-security Element
C.19
orasp:kerberos-security Element
C.19.1
Example of orasp:kerberos-security Element
C.20
orasp:sca-component-authorization Element
C.20.1
Example of orasp:sca-component-authorization Element
C.21
orasp:sca-component-permission-authorization Element
C.21.1
Example of orasp:sca-component-permission-authorization Element
C.22
orasp:sts-trust-config Element
C.22.1
orasp:sts-trust-config Element Attributes
C.22.2
Example of orasp:sts-trust-config Element
C.23
orasp:wss10-anonymous-with-certificates Element
C.23.1
Example of orasp:wss10-anonymous-with-certificates Element
C.24
orasp:wss10-mutual-auth-with-certificates Element
C.24.1
Example of orasp:wss10-mutual-auth-with-certificates Element
C.25
orasp:wss10-saml-hok-with-certificates Element
C.25.1
Example of orasp:wss10-saml-hok-with-certificates Element
C.26
orasp:wss10-saml-token Element
C.26.1
Example of orasp:wss10-saml-token Element
C.27
orasp:wss10-saml-with-certificates Element
C.27.1
Example of orasp:wss10-saml-with-certificates Element
C.28
orasp:wss10-username-with-certificates Element
C.28.1
Example of orasp:wss10-username-with-certificates Element
C.29
orasp:wss11-anonymous-with-certificates Element
C.29.1
Example of orasp:wss11-anonymous-with-certificates Element
C.30
orasp:wss11-mutual-auth-with-certificates Element
C.30.1
Example of orasp:wss11-mutual-auth-with-certificates Element
C.31
orasp:wss11-saml-with-certificates Element
C.31.1
Example of orasp:wss11-saml-with-certificates Element
C.32
orasp:wss11-sts-issued-token-with-certificates Element
C.32.1
orasp:wss11-sts-issued-token-with-certificates Element Attributes
C.32.2
Example of orasp:wss11-sts-issued-token-with-certificates Element
C.33
orasp:wss11-username-with-certificates Element
C.33.1
Example of orasp:wss11-username-with-certificates Element
C.34
orasp:wss-saml-token-bearer-over-ssl Element
C.34.1
Example of orasp:wss-saml-token-bearer-over-ssl Element
C.35
orasp:wss-saml-token-over-ssl Element
C.35.1
Example of orasp:wss-saml-token-over-ssl Element
C.36
orasp:wss-sts-issued-token-over-ssl Element
C.36.1
orasp:wss-sts-issued-token-over-ssl Element Attributes
C.36.2
Example of orasp:wss-sts-issued-token-over-ssl Element
C.37
orasp:wss-username-token Element
C.37.1
Example of orasp:wss-username-token Element
C.38
orasp:wss-username-token-over-ssl Element
C.38.1
Example of orasp:wss-username-token-over-ssl Element
C.39
rm:RMAssertion Element
C.39.1
Example of rm:RMAssertion Element
C.40
wsaw:UsingAddressing Element
C.40.1
Example of wsaw:UsingAddressing Element
C.41
wsoma:OptimizedMimeSerialization Element
C.41.1
Example of wsoma:OptimizedMimeSerialization Element
C.42
oralgp:fault Element
C.42.1
Example of oralgp:fault Element
C.43
oralgp:request Element
C.43.1
Example of oralgp:request Element
C.44
oralgp:response Element
C.44.1
Example of oralgp:response Element
C.45
oralgp:msg-log Element
C.45.1
Example of oralgp:msg-log Element
C.46
orasp:attachment Element
C.46.1
orasp:attachment Element Attributes
C.46.2
Example of orasp:attachment Element
C.47
orasp:auth-header Element
C.47.1
orasp:auth-header Element Attributes
C.47.2
Example of rasp:auth-header Element
C.48
orasp:body Element
C.48.1
Example of orasp:body Element
C.49
orasp:check-permission Element
C.49.1
Example of orasp:check-permission Element
C.50
orasp:coreid-token Element
C.50.1
orasp:coreid-token Element Attributes
C.50.2
Example of orasp:coreid-token Element
C.51
orasp:denyAll Element
C.51.1
Example of orasp:denyAll Element
C.52
orasp:element Element
C.52.1
orasp:element Element Attributes
C.52.2
Example of orasp:element Element
C.53
orasp:encrypted-elements Element
C.53.1
Example of orasp:encrypted-elements Element
C.54
orasp:encrypted-parts Element
C.54.1
Example of orasp:encrypted-parts Element
C.55
orasp:fault Element
C.55.1
Example of orasp:fault Element
C.56
orasp:header Element
C.56.1
orasp:header Element Attributes
C.56.2
Example of orasp:header Element
C.57
orasp:issued-token Element
C.57.1
orasp:issued-token Element Attributes
C.57.2
Example of orasp:issued-token Element
C.58
orasp:kerberos-token Element
C.58.1
orasp:kerberos-token Element Attributes
C.58.2
Example of orasp:kerberos-token Element
C.59
orasp:msg-security Element
C.59.1
orasp:msg-security Element Attributes
C.59.2
Example of orasp:msg-security Element
C.60
orasp:permitAll Element
C.60.1
Example of orasp:permitAll Element
C.61
orasp:request Element
C.61.1
Example of orasp:request Element
C.62
orasp:require-tls Element
C.62.1
orasp:require-tls Element Attributes
C.62.2
Example of orasp:require-tls Element
C.63
orasp:response Element
C.63.1
Example of orasp:response Element
C.64
orasp:role Element
C.64.1
orasp:role Element Attribute
C.64.2
Example of orasp:role Element
C.65
orasp:saml-token Element
C.65.1
orasp:saml-token Element Attributes
C.65.2
Example of orasp:saml-token Element
C.66
orasp:signed-elements Element
C.66.1
Example of orasp:signed-elements Element
C.67
orasp:signed-parts Element
C.67.1
Example of orasp:signed-parts Element
C.68
orasp:username-token Element
C.68.1
orasp:username-token Element Attributes
C.68.2
Example of orasp:username-token Element
C.69
orasp:x509-token Element
C.69.1
orasp:x509-token Element Attributes
C.69.2
Example of orasp:x509-token Element
C.70
orawsp:Description Element
C.70.1
Example of orawsp:Description Element
D
Schema Reference for Web Services Policy Sets
D.1
policySet Element
D.2
wsp:policyReference Element
D.3
orawsp:OverrideProperty Element
E
Oracle Web Services Manager Introspection Plug-in for Oracle Virtual Assembly Builder
E.1
About the OWSM Introspection Plug-in for Oracle Virtual Assembly Builder
E.2
Understanding the OWSM Introspection Plug-in
E.2.1
OWSM Introspection Plug-in Parameter
E.2.2
OWSM Introspection Plug-in Reference System Prerequisites
E.2.3
OWSM Introspection Plug-in Usage Requirements
E.2.4
OWSM Introspection Plug-in Resulting Artifact Type
E.2.5
OWSM Introspection Plug-in Wiring
E.2.6
OWSM Introspection Plug-in Wiring Properties
E.2.7
OWSM Introspection Plug-in Appliance Properties
E.2.8
OWSM Introspection Plug-in Supported Template Types
Scripting on this page enhances content navigation, but does not change the content in any way.