I have a scenario where i have 2 weblogic domains configured with the same authenticator (OVD in this case).
Domain A has username attribute as "uid" and domain B has username attribute as "mail".
There is a webservice in Domain A which i have to protect by an OWSM service policy.
This webservice has to be called from Domain B using an equivalent OWSM client policy.
Since the userName of the subject in both domains are different, i am not able to use most of the OWSM policies.
Is there a policy which is agnostic of the userName which i can use here?
I want client to authenticate using mail and somehow the service should assert the user by the uid attribute of the authenticated subject on the client side.
Found the solution:
The 2 domains should be configured for SAML authentication by creating the keystores in EM.
The certs needs to be exchanged and imported into the respective keystores.
After that the client domain needs to be configured for SAML Identity Switching.
More details here: