Interoperability with Oracle WebLogic Server 11g Web Service Security Environments 4-17 8. Create a SAML relying party, as described in Create a SAML 1.1 Relying Party and Configure a SAML 1.1 Relying Party in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. Set the Profile to WSSSender-Vouches. 9. Configure the SAML relying party, as described in Configure a SAML 1.1 Relying Party in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. Ensure the Target URL is set to the URL used for the client Web service. 10. Invoke the Web application client. Enter the credentials of the user whose identity is to be propagated using SAML token.

4.10.2 Configuring Oracle WSM 11g Client and Oracle WebLogic Server 11g Web Service

To configure Oracle WSM 11g client and Oracle WebLogic Server 11g Web service, perform the following steps:

4.10.2.1 Configuring Oracle WebLogic Server 11g Web Service

1. Create a Web service.

2. Attach the following policies:

■ Wssp1.2-wss11_saml_token_with_message_protection_owsm_policy.xml ■ Wssp1.2-2007-SignBody.xml ■ Wssp1.2-2007-EncryptBody.xml For more information, see Updating the JWS File with Policy and Policies Annotations in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server.

3. Configure identity and trust stores, as described in Configure identity and trust

in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help 4. Configure message-level security, as described in: ■ Configuring Message-Level Security in Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server ■ Create a Web Service security configuration in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. Since this is a WS-Security 1.1 policy, you need to configure Confidentiality Key only. 5. Deploy the Web service. See Oracle Fusion Middleware Deploying Applications to Oracle WebLogic Server. 6. Create a SAMLIdentityAsserterV2 authentication provider, as described in Configuring Authentication and Identity Assertion providers in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. In the WebLogic Server Administration Console, navigate to Security Realms RealmName Providers Credential Mapping page and create a New Credential Mapping Provider of type SAMLCredentialMapperV2. 4-18 Oracle Fusion Middleware Interoperability Guide for Oracle Web Services Manager 7. Restart WebLogic Server. 8. Select the authentication provider created in step 5. 9. Create a SAML asserting party, as described in Create a SAML 1.1 Asserting Party in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. Set Profile to WSSSender-Vouches. 10. Configure the SAML asserting party, as described in Configure a SAML 1.1 Asserting Party in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Help. Configure the SAML asserting party as follows: a. Set Issuer URI to www.oracle.com. b. Set Target URL to url_used_to_access_Web_service.

4.10.2.2 Configuring Oracle WSM 11g Client