2-30 Securing WebLogic Web Services for Oracle WebLogic Server Stub stub = Stub port; String sts = https:stsserverstandaloneSTSsamlSTS; stub._setPropertyweblogic.wsee.jaxrpc.WLStub.WST_STS_ENDPOINT_ON_SAML, sts; The following code example demonstrates setting the STS URI for SAML on a client stub under JAX-WS. String wsdl = http:myserverwsssecuredservice?wsdl; WsSecuredService service = new WsSecuredService_Implwsdl; String sts = https:stsserverstandaloneSTSsamlSTS; WsscSecured port = service.getWsSecuredSoapPort; BindingProvider provider = BindingProvider port; Map context = provider.getRequestContext; context.putweblogic.wsee.jaxrpc.WLStub.WST_STS_ENDPOINT_ON_SAML, sts

2.8.2.4 Configuring STS URI Using WLST: Client On Server Side

Example 2–6 demonstrates using the WebLogic Scripting Tool WLST to create a credential provider for the WS-Trust client and then configuring the STS URI, as indicated by bold text. The provider class name can be one of the following: ■ weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvi der ■ weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider ■ weblogic.wsee.security.saml.SAMLTrustCredentialProvider Example 2–6 Configuring STS URI Using WLST userName = sys.argv[1] passWord = sys.argv[2] host = sys.argv[3]+:+sys.argv[4] sslhost = sys.argv[3]+:+sys.argv[5] url=t3:+ host connectuserName, passWord, url edit startEdit defaultWss = cmo.lookupWebserviceSecuritydefault_wss Create credential provider for SCT Trust Client wtm = defaultWss.createWebserviceCredentialProvidertrust_client_sct_cp wtm.setClassNameweblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider wtm.setTokenTypesct_trust cpm = wtm.createConfigurationPropertyStsUri cpm.setValuehttps: + sslhost + standaloneSTSwssc13STS save activateblock=true disconnect exit

2.8.2.5 Configuring STS URI Using Console: Client On Server Side

Configuring the STS URI through the WebLogic Server Administration Console allows the decision about which URI to use to be made at runtime, and not during the Web service development cycle. Follow these steps to configure the STS URI through the Console: 1. Create a Web services security configuration, as described in the Oracle WebLogic Server Administration Console Help. This creates an empty configuration. Configuring Message-Level Security 2-31 2. Edit the Web services security configuration to create a credential provider, as described in the Oracle WebLogic Server Administration Console Help: ■ On the Create Credential Provider tab, enter the following: – A provider name, which is your name for this MBean instance. – The provider class name, which can be weblogic.wsee.security.wssc.v200502.sct.ClientSCCredentialProvider or weblogic.wsee.security.wssc.v13.sct.ClientSCCredentialProvider or weblogic.wsee.security.saml.SAMLTrustCredentialProvider – The token type, which is a short name to identify the token. For example, sct or saml. 3. Select Next. 4. Enter the namevalue pairs for the STS URI. 5. Select Finish. 6. On the Security Configuration General tab, set the value of the Default Credential Provider STS URI. The Default Credential Provider STS URL is the default STS endpoint URL for all WS-Trust enabled credential providers of this Web service security configuration.

2.8.2.6 Configuring STS Security Policy: Standalone Client

The following code example demonstrates setting the STS security policy on a client stub, under JAX-RPC, as indicated in bold. import weblogic.wsee.message.WlMessageContext; . . . String wsdl = http:myserversamlsecuredservice?wsdl; SamlSecuredService service = new SamlSecuredService_Implwsdl; SamlSecured port = service.getSamlSecuredSoapPort; Stub stub = Stub port; InputStream policy = loadPolicy; stub._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy; The following code example demonstrates setting the STS security policy on a client stub, under JAX-WS, as indicated in bold. import weblogic.wsee.message.WlMessageContext; . . . String wsdl = http:myserverwsssecuredservice?wsdl; WsSecuredService service = new WsSecuredService_Implwsdl; WsscSecured port = service.getWsSecuredSoapPort; BindingProvider provider = BindingProvider port; Map context = provider.getRequestContext; InputStream policy = loadPolicy; context._setPropertyWlMessageContext.WST_BOOT_STRAP_POLICY, policy;

2.8.2.7 Configuring STS Security Policy Using WLST: Client On Server Side