Configuring Message-Level Security 2-33
5.
Select Finish.
2.8.2.9 Configuring the STS SOAP and WS-Trust Version: Standalone Client
For a SAML STS, you need to configure the WS-Trust version only if it is not the default WS-Trust 1.3. The supported values for WSEESecurityConstants.TRUST_
VERSION are as follows:
■
http:docs.oasis-open.orgws-sxws-trust200512 WS-Trust 1.3
■
http:schemas.xmlsoap.orgws200502trust You also need to configure the SOAP version if it is different from the SOAP version of
the target Web service for which you generated the standalone client. See Interface SOAPConstants
http:java.sun.comjavaee5docsapijavaxxmlsoapSOAPConsta nts.html
for the definitions of the constants. The supported values for WSEESecurityConstants.TRUST_SOAP_VERSION are as follows:
■
javax.xml.soap.SOAPConstants.URI_NS_SOAP_1_1_ENVELOPE as per http:schemas.xmlsoap.orgsoapenvelope
■
javax.xml.soap.SOAPConstants.URI_NS_SOAP_1_2_ENVELOPE as per http:www.w3.org200305soap-envelope
Example 2–8 shows an example of setting the WS-Trust and SOAP versions.
Example 2–8 Setting the WS-Trust and SOAP Versions
set WS-Trust version stub._setPropertyWSEESecurityConstants.TRUST_VERSION,
http:docs.oasis-open.orgws-sxws-trust200512; set SOAP version
stub._setPropertyWSEESecurityConstants.TRUST_SOAP_VERSION, SOAPConstants.URI_NS_ SOAP_1_1_ENVELOPE;
2.8.2.10 Configuring the SAML STS Server Certificate: Standalone Client
For a SAML STS, you need to configure the STS server X.509 certificate if you use a message-level policy to protect the request and response between the STS server and
the WS-Trust client. If you use a transport-level policy, you do not need to configure the STS server certificate.
Example 2–9 shows an example of setting the STS server certificate under JAX-RPC,
assuming the location of the STS sever certificate is known.
Example 2–9 Setting STS Server Certificate under JAX-RPC
import import weblogic.wsee.security.util.CertUtils;
import java.security.cert.X509Certificate; import weblogic.wsee.jaxrpc.WLStub;
. . . get X509 Certificate
String stsCertLocation = ....certWssIP.cer; X509Certificate stsCert = CertUtils.getCertificatestsCertLocation;
set STS Server Cert stub._setPropertyWLStub.STS_ENCRYPT_CERT,stsCert;
2-34 Securing WebLogic Web Services for Oracle WebLogic Server
Example 2–10 shows the same example of setting the STS server certificate under
JAX-WS. The JAX-WS specific code in the example is shown in bold.
Example 2–10 Setting STS Server Certificate under JAX-WS
import import weblogic.wsee.security.util.CertUtils;
import java.security.cert.X509Certificate; import weblogic.wsee.jaxrpc.WLStub;
. . . get X509 Certificate
String stsCertLocation = ....certWssIP.cer; X509Certificate stsCert = CertUtils.getCertificatestsCertLocation;
set STS Server Cert context.putWLStub.STS_ENCRYPT_CERT,stsCert;
2.8.3 Sample WS-Trust Client for SAML 2.0 Bearer Token Over HTTPS