Configuring Message-Level Security 2-31 2. Edit the Web services security configuration to create a credential provider, as described in the Oracle WebLogic Server Administration Console Help: ■ On the Create Credential Provider tab, enter the following: – A provider name, which is your name for this MBean instance. – The provider class name, which can be weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvider or weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider or weblogic.wsee.security.saml.SAMLTrustCredentialProvider – The token type, which is a short name to identify the token. For example, sct or saml. 3. Select Next. 4. Enter the namevalue pairs for the STS URI. 5. Select Finish. 6. On the Security Configuration General tab, set the value of the Default Credential Provider STS URI. The Default Credential Provider STS URL is the default STS endpoint URL for all WS-Trust enabled credential providers of this Web service security configuration.

2.8.2.6 Configuring STS Security Policy: Standalone Client

The following code example demonstrates setting the STS security policy on a client stub, under JAX-RPC, as indicated in bold. import weblogic.wsee.message.WlMessageContext; . . . String wsdl = http:myserversamlsecuredservice?wsdl; SamlSecuredService service = new SamlSecuredService_Implwsdl; SamlSecured port = service.getSamlSecuredSoapPort; Stub stub = Stub port; InputStream policy = loadPolicy; stub._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy; The following code example demonstrates setting the STS security policy on a client stub, under JAX-WS, as indicated in bold. import weblogic.wsee.message.WlMessageContext; . . . String wsdl = http:myserverwsssecuredservice?wsdl; WsSecuredService service = new WsSecuredService_Implwsdl; WsscSecured port = service.getWsSecuredSoapPort; BindingProvider provider = BindingProvider port; Map context = provider.getRequestContext; InputStream policy = loadPolicy; context._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy;

2.8.2.7 Configuring STS Security Policy Using WLST: Client On Server Side

Example 2–7 demonstrates using WLST to create a credential provider for the default Web services security configuration, and then configuring the STS security policy, as indicated by bold text. The value for the StsPolicy property must be either a policy 2-32 Securing WebLogic Web Services for Oracle WebLogic Server included in WebLogic Server see Section 2.16, Using WS-SecurityPolicy 1.2 Policy Files or a custom policy file in a J2EE library see Section 2.7, Creating and Using a Custom Policy File . Example 2–7 Configuring STS Security Policy Using WLST userName = sys.argv[1] passWord = sys.argv[2] host = sys.argv[3]+:+sys.argv[4] sslhost = sys.argv[3]+:+sys.argv[5] samlstsurl = sys.argv[6] url=t3:+ host print Connect to the running adminSever connectuserName, passWord, url edit startEdit defaultWss = cmo.lookupWebserviceSecuritydefault_wss Create credential provider for SAML Trust Client wtm = defaultWss.createWebserviceCredentialProvidertrust_client_saml_cp wtm.setClassNameweblogic.wsee.security.saml.SAMLTrustCredentialProvider wtm.setTokenTypesaml_trust cpm = wtm.createConfigurationPropertyStsUri cpm.setValuesamlstsurl cpm = wtm.createConfigurationPropertyStsPolicy cpm.setValueWssp1.2-2007-Https-UsernameToken-Plain save activateblock=true disconnect exit

2.8.2.8 Configuring STS Security Policy: Using the Console

Perform the following steps to configure the STS security policy using the console: 1. Create a Web services security configuration, as described in the Oracle WebLogic Server Administration Console Help. This creates an empty configuration. 2. Edit the Web services security configuration to create a credential provider, as described in the Oracle WebLogic Server Administration Console Help: ■ On the Create Credential Provider tab, enter the following: – A provider name, which is your name for this MBean instance. – The provider class name, which can be weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvider or weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider or weblogic.wsee.security.saml.SAMLTrustCredentialProvider – The token type, which is a short name to identify the token. For example, sct or saml. 3. Select Next. 4. Enter the namevalue pairs for the STS policy. Configuring Message-Level Security 2-33 5. Select Finish.

2.8.2.9 Configuring the STS SOAP and WS-Trust Version: Standalone Client