Create a private key and digital certificate pair, and load it into the client keystore.
Parts
» Oracle Fusion Middleware Online Documentation Library
» Click Login. Oracle Fusion Middleware Online Documentation Library
» Description of Functionality Click Log In.
» A deployment plan is an XML file that you use to configure an application for
» Click Next. Oracle Fusion Middleware Online Documentation Library
» When the operation completes, click Close.
» Using Fusion Middleware Control, click Application Deployment, then click Web
» Connect to the running instance of WebLogic Server to which the application is
» Select soa-infra, expand the SOA partition for example, the default partition and
» Select the Dashboard tab if it is not already selected.
» Click Callback Client in the upper right portion of the endpoint page.
» Navigate to the Web Service Endpoint page, or the Service Home page for SOA
» Click the Configuration tab. For SOA composites, click the Properties tab.
» For ADF and WebCenter applications, restart the Web service application. You do
» In the Metadata Exchange Enabled field, select True from the menu to enable the
» In the Schema validation field, select True from the menu to enable schema
» In the Atomic Transaction Flow Option field, select whether the transaction Click Apply.
» Set the Maximum Request Size and the Unit of Maximum Request Size and click
» In the Web Service Details section of the page, click on the plus + for the Web
» Click the name of the endpoint of the asynchronous Web service to navigate to the
» From the Web Service Endpoint page, click the Configuration tab. Click Apply.
» Click Apply. Oracle Fusion Middleware Online Documentation Library
» Click the Configuration tab.
» When you are done viewing the policy, click Return to Web Services Policies.
» From the Category menu, select the category to which this policy will belong and
» Set the Local Optimization control. See
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Click Validate to verify that the policy does not contain errors. For more
» From the Web Services Policies page, click Import From File.
» In the Create Policy From File box, enter the file path of the file in the Select Policy
» Click OK. Oracle Fusion Middleware Online Documentation Library
» Click the Search Assertion Templates icon next to the Name field. Click Create Like.
» Click Edit. Oracle Fusion Middleware Online Documentation Library
» Select the assertion template to be edited as described in Click the Configurations tab.
» Select the property from the list and click Edit.
» Enter the values for your configuration and click OK.
» In the Assertions section, click Add.
» To configure the assertion, click the Settings tab and edit the settings as required.
» To edit the configuration properties, click the Configurations tab.
» Select the property to be edited and click Edit.
» Edit the Configuration properties and click OK.
» When you are done, click Save to save the policy.
» In the Assertion List section, click Add OR Group. Click OK.
» To delete an assertion from the OR group, select the assertion and click Delete. To
» In the Assertions section of the page, select the assertion to be configured in the
» Click the Settings or Configurations tab.
» Edit the Settings and Configuration properties, and click Save.
» Select Save File. Oracle Fusion Middleware Online Documentation Library
» Navigate to the Web Services Assertions Templates page, as described in
» Click Browse to navigate to the directory where the assertion template file is
» Click Delete. Oracle Fusion Middleware Online Documentation Library
» The policies appear in order in the Policy Version History table with the active
» In the Policy History table, select a policy and click Restore or click Activate
» Select a generated policy from the table and click Edit.
» Click Validate to validate your changes.
» Click Save to save the changes to your policy.
» From the Web Service Endpoint page, click the OWSM Policies tab.
» Select the policy you want to enable or disable.
» Select Enable or Disable to enable or disable the policy, respectively, and confirm
» Select a policy from the Policies table and click Edit. Click Save.
» In cases where multiple domains share the same Oracle WSM Repository to store
» Click the OWSM Policies tab.
» Navigate to the home page for the Web service, as described in
» Click the name of a endpoint to navigate to the Web Service Endpoints page for a
» Click AttachDetach. Oracle Fusion Middleware Online Documentation Library
» Select a policy from the Available Policies list, and click Attach. See
» Using Fusion Middleware Control, click WebLogic Server and then Web Services.
» From the Web Services Summary page, click Attach Policies.
» Click Back to make any changes, or click Attach to complete the bulk attachment.
» Click the Policies tab. Click AttachDetach.
» Click Validate. Oracle Fusion Middleware Online Documentation Library
» View the SOA reference, as described in
» In the Directly Attached Policies section of the page, click AttachDetach.
» From the Available Policies section of the page, select one or more policies that
» Click Attach when you are sure that you want to attach the policy or policies.
» From the Application Deployment menu, select ADF, and then Configure ADF
» On the ADF Connections Configuration page, select a row in the Web Service
» On the Web Service Client page, select the OWSM Policies tab.
» On the Available Policies section of the page, select one or more policies that you
» On the Available Policies portion of the page, select one or more policies that you
» Select the configuration property and click Edit to make the change to the action Click Save.
» Select Override Policy Configuration.
» Enter the override value in the Value field for the property and click Apply.
» Attach the policy to the service as described in
» Use the setWebServicePolicyOverride command to override policy
» For ADF DC and WebCenter client applications, restart the Web service client
» From the WebLogic Domain menu, select Web Services then Policy Sets.
» From the Policy Set Summary page, click Create.
» In the Enter Resource Scope page, enter at least one pattern string that defines the
» In the Add Policy References page, select a policy from the Available Policies list,
» Continue selecting and attaching policies. When you are finished, click Validate to
» Click Next to view the Policy Set Summary Page.
» Select or clear the Enabled check box to enable or disable the policy set.
» In the Enter Resource Scope page, modify the scope as desired and click Next.
» In the Add Policy References page, modify the policy attachments as desired.
» Navigate to the Policy Set Summary page as described in
» In the Policy Set Summary page, select the policy set that you want to edit and
» Review the policy set summary information. If you are satisfied with the policy
» Specify the policy set to be modified using the modifyPolicySet command.
» Use the enablePolicySet command to enable or disable a policy set.
» Validate the policy set using the ValidatePolicySet command.
» In the Policy Set Summary page, select a policy set from the table and click Delete.
» A dialog box displays asking you to confirm the deletion. Click OK.
» In the Navigator pane, expand WebLogic Domain to show the domain for which
» From the WebLogic Domain menu, select Security then Security Provider
» Click the plus sign + to expand the Keystore control near the bottom of the page,
» In the Keystore Type drop-down, select Java Key Store JKS, if it is not already
» Click OK to submit the changes.
» Generate the private key and self-signed certificate. The self-signed certificate will
» Generate the certificate request.
» Submit the CSR file to a CA such as VeriSign, for example. The CA will
» Import the CA root certificate which authenticates the CA’s public key.
» Replace the self-signed certificate with the trusted CA certificate issued by the CA
» Click Create Key to create new entries in the oracle.wsm.security credential
» Start WLST using the WLST.shcmd command located in the oracle_
» In the left pane of the Console, expand Environment and select Servers.
» Select Configuration, and then Keystores.
» Select Configuration, and then the SSL page, and choose the location of identity
» At the bottom of the page, click Advanced.
» Set the Two Way Client Cert Behavior control to Client Certs Requested and
» Ensure that the client application obtains a digital certificate that WebLogic Server
» Create a certificate registry that lists all the individual certificates trusted by
» Create a keystore used by the client application. Oracle recommends that you
» Create a private key and digital certificate pair, and load it into the client keystore.
» Make sure that the following properties are set in the clients JVM:
» Using Fusion Middleware Control, click WebLogic Domain, then Security, and
» In the Keystore Type drop-down, select Hardware Security Module HSM.
» After the Keystore Configuration page refreshes, enter Luna in the HSM Provider
» In the Key Alias and Crypt Alias fields, enter an alias for the signature and
» From the navigation pane, expand WebLogic Domain.
» Using Fusion Middleware Control, click WebLogic Domain.
» Select Web Services, and then select Platform Policy Configuration.
» Select the Identity Extension tab.
» To modify a identity extension property, select it and then click Edit. In the Edit
» To delete an existing property, select it and then click Delete.
» Click Apply to apply the property updates.
» Optionally, in the SAML Specific Attributes section, configure an alternate Issuer
» In the Custom Properties section of the page, configure any custom properties for
» Click Add to add a custom property.
» Restart Fusion Middleware Control.
» Configure the SAML login module, as described in
» Configure the identity assertion provider in the WebLogic Server Administration
» If you will be using policies that involve signatures related to SAML assertions
» From the System Policies page, select the arrow icon in the Permission field to
» Select one of the codebase permissions to use as a starting point and click Create
» In the Grant Details section of the page, enter
» In the Permissions section of the page, select the starting point permission class
» Attach the Kerberos policy to your Web service.
» Configure the Web service client to authenticate against the right KDC.
» Export the keytab file you created in
» Verify the keytab file using kinit:
» In the left pane select Security Realms.
» On the Settings for Realm Name page select Users and Groups and then Users.
» Click New. Oracle Fusion Middleware Online Documentation Library
» Click OK to save your changes.
» Create a new key pair and self-signed certificate.
» Generate a certificate request to the certificate authority.
» Replace import the self-signed certificate with the trusted CA certificate.
» If it is not already enabled, click the Configure Keystore Management check box.
» The Web service client invokes a Web service. The WSDL for the Web service
» The Web service client the requestor sends an authentication request, with
» The STS verifies the credentials presented by the client, and then in response
» The requestor verifies the RSTR, extracts the token, and passes it to the Web
» The Web service receives the issued token and verifies that the token was issued
» Navigate to Configuration Global Security Token Service.
» Under the On Behalf of Token section, select ldapService from the Authentication
» Select AES from the Encryption Algorithm drop-down list, and select 128 from
» Configure OpenSSO STS, as described
» Configure the STS service policy following the steps described in
» Configure OpenSSO STS. as described Configure the STS policy following the steps described in
» What are the basic requirements of your security policy? Decide if you need to
» If you require both authentication and message protection, then you need to
» Create a simple Web service that approves a credit card number cardNr. A
» Click Selected Roles. Oracle Fusion Middleware Online Documentation Library
» Click Add. Oracle Fusion Middleware Online Documentation Library
» Click OK. Click Delete. Click Selected Roles. Click Add.
» Click Add. Click OK. Click Delete.
» To add roles, click the check box next to each role you want to add in the Roles
» Select the role that you want to delete in the Selected Roles list.
» Using Fusion Middleware Control, click WebLogic Domain, then Logs and then
» Expand the test option sections by clicking the plus sign + next to the section
» In the Security section, select the security token to verify. The security setting is
» Using Fusion Middleware Control, click WebLogic Server, and then Web
» In the Web Services Details section of the Web Services summary page, select the
» Select the endpoint for which you want to display the statistics.
» Select the Operations tab if it is not already selected.
» Using Fusion Middleware Control, select WebLogic Domain then Web Services
» Click Add to register a new source. The Register New Source page appears, as
» If you selected UDDI v3 registry import, enter the following information:
» If you selected WSIL import from URL, enter the following information:
» If you selected WSIL import from File, click Browse next to the WSIL File field
» Select Register Web Services.
» Using Fusion Middleware Control, select WebLogic Domain then Web Services Do one of the following:
» Click OK in the Publish Service to UDDI window.
» Select Actions, then Publish to UDDI. See
» In the Publish Service to UDDI dialog box
» Click OK to connect to the external UDDI registry and register the Web service.
» On the Configuration tab, set the WSDL Enabled field to True or False to enable of
» In the navigator pane, expand WebLogic Domain to view the domains.
» Select WebLogic Domain Web Services Platform Policy Configuration.
» Select the tab corresponding to the component for which you want to define
» Select the Policy Accessor tab.
» Click Add to define a remote JNDI provider.
» Click Add to define a corresponding csf-key credential property. In the Add
» Select the Policy Cache tab.
» To modify an existing property, select it and then click Edit.
» Click Add to add a policy retrieval property.
» Select the Policy Interceptors tab.
» Select the Trusted SAML clients or Trusted STS servers tab, depending on
» Connect to the Administration Server using the command-line Oracle WebLogic
» After connecting to the Administration Server using WLST, start the script using
» Configure JOC for all the Managed Servers for a given cluster.
» Click Apply and restart WebLogic Server.
» Enter the name of the custom user in the JMS System User field and click Apply.
» Access the WebLogic Server Administration Console. To do so from Fusion
» Click Deployments in the Domain Structure pane and navigate to the
» In the Change Center, select Lock Edit.
» Select the MDB name for the request or response MDB. You will need to update
» In the Enterprise Bean Configuration section of the page, enter the custom user
» In the Change Center, click Activate Changes.
» Select wsm-pm. Oracle Fusion Middleware Online Documentation Library
» Use keytool to reset the passwords in the Oracle WSM keystore file. Because the
» From the WebLogic Sever menu, select Logs Log Configuration.
» Expand Root Logger. Oracle Fusion Middleware Online Documentation Library
» Expand oracle. Oracle Fusion Middleware Online Documentation Library
» Set the logging level for one or more of the following components:
» Click Apply to store the new logging level.
» Set the Logging Level field to one of the following settings: Severe, Warning,
» Click Search once you have set the fields, as desired.
» From the WebLogic Sever menu, select Logs Log Configuration. Select the Log Files tab.
» Click OK to edit the log file configuration.
» In the Navigator pane, expand Metadata Repositories and select mds-owsm, as
Show more