PaaS Partner Community

  • April 29, 2014

Working with Oracle Security Token Service in an Architecture Involving Oracle WebLogic and Oracle Service Bus by Ronaldo Fernandes

Juergen Kress
PaaS Partner Adoption

Using Oracle Security Token Service to generate Security Assertion Markup Language (SAML) tokens.
Downloads: Oracle Security Token Service & Oracle WebLogic Server & Oracle Service Bus.

Recently, I've worked on a proof of concept for the use of Oracle Security Token Service (OSTS) in an architecture involving Oracle Fusion Middleware, focused on Oracle WebLogic Server (WLS), Oracle Web Service Manager (OWSM) and Oracle Se


rvice Bus (OSB). There are many security scenarios in which OSTS can be used, but the initial objective was to provide single sign-on between WLS and OSB using OSTS to generate Security Assertion Markup Language (SAML) tokens. This article describes the steps to implement this solution.


The solution was applied on OWSM with OSB 11g (, Oracle Access Manager (OAM) 11gR2 (11.1.2) and WLS 11g (10.3.6). A Security Token Service (STS) creates and validates security tokens, using protocols such as WS-Trust, acting as a centralizer point in security infrastructure architecture and simplifying identity propagation between heterogeneous environments.

OSTS is an Oracle Identity Management access management solution. For more information on OSTS, consult the following articles by Oracle Fusion Middleware A-Team solution architect Andre Correa:

The proof of concept required a client on WLS accessing a service provided by OSB using SAML. The SAML Assertion should be generated from OSTS.

WLS can use WS-Trust policies and communicate with OSTS, but OSB 11g still doesn't support WS-Trust policies. To work around this issue, configure OSB to trust messages signed by an OSTS certificate. Here is the complete scenario: Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.