I am trying to write SAML1.1 Assertion (Sender Vouches) policy that will not be used over HTTPS and will not use the message signing and encryption (I do not want to use the standard policies Wssp1.2-2007-Saml1.1-SenderVouches-Https.xml and Wssp1.2-2007-Saml1.1-SenderVouches-Wss1.0.xml for these reasons). Functionall this policy should be like:
Thanks for the reply. Did you tell about the creation of the service request (SR) with Oracle support? May be I do not understand something, but this is not the Weblogic problem. I am just trying to create the custom SAML policy. Or may be you meant that Weblogic (or OASIS WSS1.0 SAML10 schema) doesn't normally support SAML assertion without the encryption (transport or message)?