4-8 Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 3. Configure the client for server encryption key and client certificates, as described in Updating a Client Application to Invoke a Message-Secured Web Service in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server. Ensure that the encryption key specified is in accordance with the decryption key configured for the Web service. 4. Invoke the Web service method from the client.

4.4.2 Configuring Oracle WSM 11g Client and Oracle WebLogic Server 11g Web Service

To configure Oracle WSM 11g client and Oracle WebLogic Server 11g Web service, perform the following steps:

4.4.2.1 Configuring Oracle WebLogic Server 11g Web Service

1. Create a Web service.

2. Attach the following policies:

■ Wssp1.2-2007-SignBody.xml ■ Wssp1.2-wss10_username_token_with_message_protection_owsm_policy.xml ■ Wssp1.2-2007-EncryptBody.xml For more information, see Updating the JWS File with Policy and Policies Annotations in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server.

3. Configure identity and trust stores, as described in Configure identity and trust

in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help

4. Configure message-level security, as described in:

- Configuring Message-Level Security in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server - Create a Web Service security configuration in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. 5. Deploy the Web service. See Oracle Fusion Middleware Deploying Applications to Oracle WebLogic Server.

4.4.2.2 Configuring Oracle WSM 11g Client

1. Create a client proxy to the Web service above. 2. Attach the following policy to the Web service client: oraclewss10_username_ token_with_message_protection_client_policy. For more information about attaching the policy, see Attaching Policies to Web Service Clients in Oracle Fusion Middleware Security and Administrators Guide for Web Services. 3. Configure the policy, as described in oraclewss10_username_token_with_ message_protection_client_policy in Oracle Fusion Middleware Security and Administrators Guide for Web Services. 4. Ensure that you use different keys for client sign and decrypt key and keystore recipient alias server public key used for encryption. Ensure that the recipient Interoperability with Oracle WebLogic Server 11g Web Service Security Environments 4-9 alias is in accordance with the keys defined in the Web service policy security configuration. 5. Ensure that the signing and encryption keys specified for the client exist as trusted certificate entries in the trust store configured for the Web service. 6. Provide a valid username and password as part of the configuration. 7. Invoke the Web service method from the client.

4.5 Username Token Over SSL

The following section describes how to implement username token over SSL, describing the following interoperability scenario: ■ Configuring Oracle WebLogic Server 11g Client and Oracle WSM 11g Web Service