Understanding Workflow Agents 10-7 Payload Properties Page with the normal workflow process instance payload mappings. If the service has a OWSM policy applied, Oracle IPM detects this policy and provides an additional payload mapping section labeled with the policy name. The full set of keys that are possible for all OWSM policies is provided by the OWSM API in the class oracle.wsm.security.util.SecurityConstants. Oracle IPM however filters out the full set and lists only those parameters relevant to the server policy in use. Currently, only parameters are provided for wss_username_token and wss11_username_ token_with_message_protection policies. The following parameters are possible:

10.2.3.1 Configuring Message Protection Policies

When configuring message protection policies, the proper credentials and certificates must also be configured to support encryption of the message. In default installations, the exact keys required are defined in the jps-config.xml file located in the DOMAIN_ HOMEconfigfmwconfig directory. This file also defines the location of the default keystore file. The jps-config.xml file is generally configured to look for this file in the fmwconfig directory with the file name default-keystore.jks. However, this file does not exist by default and must be provided. The default jps-config.xml file defines the following: For more information on setting up keystores, CSF keys and aliases for Oracle Web Services Manager, see Oracle Web Services Manager Administrators Guide.

10.2.3.2 Configuring SAML Policies

The user used to connect to a workflow for a SAML policy is provided by the basic.credential CSF key value. In order for the server to be allowed to authenticate as the user provided by the CSF key, the following policy grant must be issued from WebLogic Scripting Tool WLST, where MW_HOME is the correct path to the installations Oracle Fusion Middleware Home directory: grantPermissionpermClass=oracle.wsm.security.WSIdentityPermission, permTarget=resource=imaging,permActions=assert,codeBaseURL=file:MW_ HOMEoracle_commonmodulesoracle.wsm.agent.common_11.1.1wsm-agent-core.jar Parameter Description Policies csf.key Provides the username and password for the policy. wss_username_token wss11_username_token_with_message_ protection policies recipient.key.alias Provides the key store alias for encrypting the sent message. wss11_username_token_with_message_ protection policies Description Policies keystore-csf-key Provides the credentials for opening the keystore file. Only the password portion of the credential is used. enc-csf-key Provides the credentials for accessing the encryption certificate within the keystore used to encrypt the message. sign-csf-key Provides the credentials for accessing the certificate used to sign the message. Note that the jps-config.xml file may be configured to use the enc-csf-key for both encryption and signing. In such a case the sign-csf-key is not necessary but does not cause a problem if defined. 10-8 Administrators Guide for Oracle Imaging and Process Management

10.2.4 Changing WebLogic Server Work Manager Settings