Configuring Message-Level Security 2-33 5. Select Finish.

2.8.2.9 Configuring the STS SOAP and WS-Trust Version: Standalone Client

For a SAML STS, you need to configure the WS-Trust version only if it is not the default WS-Trust 1.3. The supported values for WSEESecurityConstants.TRUST_ VERSION are as follows: ■ http:docs.oasis-open.orgws-sxws-trust200512 WS-Trust 1.3 ■ http:schemas.xmlsoap.orgws200502trust You also need to configure the SOAP version if it is different from the SOAP version of the target Web service for which you generated the standalone client. See Interface SOAPConstants http:java.sun.comjavaee5docsapijavaxxmlsoapSOAPConsta nts.html for the definitions of the constants. The supported values for WSEESecurityConstants.TRUST_SOAP_VERSION are as follows: ■ javax.xml.soap.SOAPConstants.URI_NS_SOAP_1_1_ENVELOPE as per http:schemas.xmlsoap.orgsoapenvelope ■ javax.xml.soap.SOAPConstants.URI_NS_SOAP_1_2_ENVELOPE as per http:www.w3.org200305soap-envelope Example 2–8 shows an example of setting the WS-Trust and SOAP versions. Example 2–8 Setting the WS-Trust and SOAP Versions set WS-Trust version stub._setPropertyWSEESecurityConstants.TRUST_VERSION, http:docs.oasis-open.orgws-sxws-trust200512; set SOAP version stub._setPropertyWSEESecurityConstants.TRUST_SOAP_VERSION, SOAPConstants.URI_NS_ SOAP_1_1_ENVELOPE;

2.8.2.10 Configuring the SAML STS Server Certificate: Standalone Client

For a SAML STS, you need to configure the STS server X.509 certificate if you use a message-level policy to protect the request and response between the STS server and the WS-Trust client. If you use a transport-level policy, you do not need to configure the STS server certificate. Example 2–9 shows an example of setting the STS server certificate under JAX-RPC, assuming the location of the STS sever certificate is known. Example 2–9 Setting STS Server Certificate under JAX-RPC import import weblogic.wsee.security.util.CertUtils; import java.security.cert.X509Certificate; import weblogic.wsee.jaxrpc.WLStub; . . . get X509 Certificate String stsCertLocation = ....certWssIP.cer; X509Certificate stsCert = CertUtils.getCertificatestsCertLocation; set STS Server Cert stub._setPropertyWLStub.STS_ENCRYPT_CERT,stsCert; 2-34 Securing WebLogic Web Services for Oracle WebLogic Server Example 2–10 shows the same example of setting the STS server certificate under JAX-WS. The JAX-WS specific code in the example is shown in bold. Example 2–10 Setting STS Server Certificate under JAX-WS import import weblogic.wsee.security.util.CertUtils; import java.security.cert.X509Certificate; import weblogic.wsee.jaxrpc.WLStub; . . . get X509 Certificate String stsCertLocation = ....certWssIP.cer; X509Certificate stsCert = CertUtils.getCertificatestsCertLocation; set STS Server Cert context.putWLStub.STS_ENCRYPT_CERT,stsCert;

2.8.3 Sample WS-Trust Client for SAML 2.0 Bearer Token Over HTTPS