Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Web Services Security concepts
SAML concepts
SAML is an XML-based, OASIS standard for exchanging user identity and security attributes information. In a typical SAML usage scenario, you authenticate to a security domain and request an identity provider to issue SAML assertions.
The SAML assertions are presented to a security provider when you request access to business resources. In many cases, the services provider and identity provider are in different security domains, meaning that authenticate to an identity provider user directory, which is not the same as the user directory of the service provider. WAS multiple security domain support allows a service provider to assert user identity and security attributes to a local security domain, based on trust relationship without requiring identity mapping. We can use the SAML function to quickly build a Single Sign-On (SSO) solution across enterprises and across the Internet with industry standard SAML security tokens.
See the following topics to learn about the product SAML function.
- SAML assertions defined in the SAML Token Profile standard
The Web Services Security SAML Token Profile OASIS standard specifies how to use Security Assertion Markup Language (SAML) assertions with the Web Services Security SOAP Message Security specification.
- Default policy sets and sample bindings for SAML
SAML-specific default policy sets and general bindings are provided when the SAML function is installed. These policy sets and sample general bindings are used to request SAML tokens from an external Security Token Service (STS), and to propagate SAML tokens to downstream web services.
- Overview of API for SAML
WAS v8.0 with SAML provides public API that you can use to build SAML token aware applications.
- SAML usage scenarios
SAML function is described through four basic usage scenarios. The first three scenarios demonstrate web services single sign-on, configured using a policy set. The fourth scenario describes custom SAML single sign-on, which you can build using the SAML API and the trust client API. The scenarios demonstrate using SAML building blocks and APIs to authenticate to a Security Token Service (STS), request SAML tokens, and implement the SAML tokens to obtain access to business services.
- Limitations of the SAML implementation
Limitations of the SAML implementation are described. These limitations refer to functions that are currently implemented and supported by WAS v8.0 and later.
Related
SAML token
SAML assertions defined in the SAML Token Profile standard
Default policy sets and sample bindings for SAML
Overview of API for SAML
SAML usage scenarios
Limitations of the SAML implementation