10-40 Oracle Fusion Middleware Security and Administrators Guide for Web Services ■ oraclewss10_saml_token_with_message_protection_service_policy ■ oraclewss_saml_token_over_ssl ■ oraclewss_saml_token_bearer_over_ssl_service_policy ■ oraclewss10_saml_hok_token_with_message_protection_service_policy ■ oraclewss11_saml_token_with_message_protection_service_policy ■ oraclewss10_saml_token_with_message_protection_ski_basic256_service_ policy ■ oraclewss11_x509_token_with_message_protection_service_policy What Type of WebLogic Security Authentication Providers Must You Create? You can use any WebLogic Authentication provider that can validate the credentials in the NameCallback and PasswordCallback callbacks, or the NameCallback alone, as appropriate. This means that you can use the WebLogic Default Authentication provider and authenticate the user against the embedded LDAP data store if you so choose, or the Default Identity Asserter, and so forth. See Configure Authentication and Identity Assertion Providers in the Oracle WebLogic Server Administration Console Help for information on how to do this. Configuring the SAML and Kerberos Login Modules The SAML and Kerberos policies have associated login modules, as determined by the assertions that make up the policy. When you attach a SAML policy to a Web service, you can edit the login policy and make any needed changes. You can configure the following SAML and Kerberos login modules: ■ saml.loginmodule—The SAML login module is a Java Authentication and Authorization Service JAAS login module that accepts SAML assertions for a login. The SAML login module enables the Web services to run using the login context of the principal created from the SAML assertion. ■ saml2.loginmodule—The SAML2 login module is a JAAS login module that accepts SAML2 assertions for a login. The SAML2 login module enables the Web services to run using the login context of the principal created from the SAML2 assertion. ■ krb5.loginmodule—The Kerberos login module is a JAAS login module that authenticates users using Kerberos protocols. The Kerberos login module has optional properties that you can configure. Login modules associated with other policy types do not have settings specific to the Web service policies. To configure a login module:

1. In the navigator pane, expand WebLogic Domain to show the domain for which

you need to configure the login module. Select the domain.

2. Using Fusion Middleware Control, click WebLogic Domain, then Security, and

then Security Provider Configuration. 3. From the list of login modules, select a login module and click Edit. For example, if you select the saml.loginmodule from the list of login modules and click Edit, the Edit Login Module page shown in Figure 10–11 is displayed.