Configuring Single Sign-On Using Oracle Access Manager 10g 16-63 About oraclewss_oam_token_service_policy This Oracle Web Services Manager policy contains the policy assertion oraclewss_ oam_token_service_template. This template uses the credentials in the WS-Security headers binary security token to authenticate users against the Oracle Access Manager identity store. The Oracle Access Manager Identity Asserter uses the ObSSOCookie token to assert the identity of users who try to access a Web service protected by the oraclewss_ oam_token_service_policy policy. A Web service that is protected by this policy must be presented with an ObSSOCookie token in a SOAP header. That is, the Web service consumes the ObSSOCookie token; it is not involved in how the token is generated. Specifically, the WebLogic Server security service detects the token type and invokes the Oracle Access Manager Identity Asserter. The Oracle Access Manager Identity Asserter then validates the ObSSOCookie token against the Oracle Access Manager Access Server and obtains the username. The username is populated as the principal in the authenticated subject. The Web service client, for example the Web application, must obtain the ObSSOCookie token to send it to the Web service. This is typically done using an AccessGate. AccessGate challenges the Web service client user for credentials depending on the authentication scheme configured in Oracle Access Manager and authenticates the user. The WebGate sends the ObSSOCookie to the users browser upon successful authentication The Web service client then sends the ObSSOCookie token in the SOAP request to the Web service. About oraclewss_oam_token_client_policy This Oracle Web Services Manager policy contains the following policy assertion: oraclewss_oam_token_client_template. This template inserts Oracle Access Manager credentials into the WS-Security header as part of the binary security token. oraclewss_oam_token_client_policy is the analogous client policy to the oraclewss_oam_token_service_policy service endpoint policy. This policy can be enforced on any SOAP-based endpoint. The following task overview outlines the procedures you must perform. Task overview: Setting policies in Oracle Web Services Manager 1. Using Oracle Web Services Manager, set up a Web service with the oraclewss_ oam_token_service_policy policy. 2. Using Oracle Web Services Manager, set up a corresponding client for the Web service with the oraclewss_oam_token_client_policy policy. 3. Configuring Providers in a WebLogic Domain for Oracle Web Services Manager . Note: Settings for the wss_oam_token_service_template are identical to the client version of the assertion: wss_oam_token_ client_template. Identity store configuration for the service template is identical to the client version of the assertion. See Also: Oracle Fusion Middleware Security and Administrators Guide for Web Services ■ Configuring Policies ■ Predefined Assertion Templates