Working with Oracle Security Token Service in an Architecture Involving Oracle WebLogic and Oracle Service Bus by Ronaldo Fernandes
By Juergenkress-Oracle on Jun 30, 2014
Using Oracle Security Token Service to generate Security Assertion Markup Language (SAML) tokens.
Recently, I've worked on a proof of concept for the use of Oracle Security Token Service (OSTS) in an architecture involving Oracle Fusion Middleware, focused on Oracle WebLogic Server (WLS), Oracle Web Service Manager (OWSM) and Oracle Service Bus (OSB). There are many security scenarios in which OSTS can be used, but the initial objective was to provide single sign-on between WLS and OSB using OSTS to generate Security Assertion Markup Language (SAML) tokens. This article describes the steps to implement this solution.
The solution was applied on OWSM with OSB 11g (22.214.171.124), Oracle Access Manager (OAM) 11gR2 (11.1.2) and WLS 11g (10.3.6). A Security Token Service (STS) creates and validates security tokens, using protocols such as WS-Trust, acting as a centralizer point in security infrastructure architecture and simplifying identity propagation between heterogeneous environments.
OSTS is an Oracle Identity Management access management solution. For more information on OSTS, consult the following articles by Oracle Fusion Middleware A-Team solution architect Andre Correa:
The proof of concept required a client on WLS accessing a service provided by OSB using SAML. The SAML Assertion should be generated from OSTS.
WLS can use WS-Trust policies and communicate with OSTS, but OSB 11g still doesn't support WS-Trust policies. To work around this issue, configure OSB to trust messages signed by an OSTS certificate. Here is the complete scenario: Read the complete article here.
For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.