Setting Up Your Environment for Policies 10-43 Configuring SAML The SAML standard defines a common XML framework for creating, requesting, and exchanging security assertions between software entities on the Web. The SAML Token profile is part of the core set of WS-Security standards, and specifies how SAML assertions can be used for Web services security. SAML also provides a standard way to represent a security token that can be passed across the multiple steps of a business process or transaction, from browser to portal to networks of Web services. If you use any of the following predefined policies, you must configure SAML: ■ oraclewss_saml_token_bearer_over_ssl_server_policy ■ oraclewss_saml_token_bearer_over_ssl_client_policy ■ oraclewss_saml_token_over_ssl_service_policy ■ oraclewss_saml_token_over_ssl_client_policy ■ oraclewss10_saml_token_service_policy ■ oraclewss10_saml_token_client_policy ■ oraclewss10_saml20_token_service_policy ■ oraclewss10_saml20_token_client_policy ■ oraclewss10_saml_token_with_message_protection_client_policy ■ oraclewss10_saml_token_with_message_protection_service_policy ■ oraclewss10_saml20_token_with_message_protection_client_policy ■ oraclewss10_saml20_token_with_message_protection_service_policy ■ oraclewss10_saml_token_with_message_protection_ski_basic256_client_policy useKeyTab True or false. Set this to true if you want the module to get the principals key from the keytab default value is False. If keytab is not set, then the module will locate the keytab from the Kerberos configuration file. If it is not specified in the Kerberos configuration file then it will look for the file {user.home}{file.separator}krb5.keytab. storeKey Set this to True to if you want the principals key to be stored in the Subjects private credentials. keyTab Set this to the file name of the keytab to get principals secret key. doNotPrompt Set this to true if you do not want to be prompted for the password if credentials cannot be obtained from the cache or keytab default is false. If set to true, authentication will fail if credentials cannot be obtained from the cache or keytab. Table 10–1 Cont. SAML and Kerberos Login Modules Attributes and Properties Login Module Service Name Property Description