Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services
Secure messages using SAML
Configure policy sets, bindings, and SAML-specific tokens to secure web services and messages.
To secure messages using SAML, you can import the SAML default policy sets and modify them to enable SAML function. Because WAS with SAML does not support attaching a policy set directly to a Web services client, specify the policy sets and bindings used to enable SAML as custom properties in the web services client binding document.
We can also create a SAML bearer token using the SAML library API. A bearer token contains a bearer assertion, which is used to facilitate web browser single sign-on (SSO). Other SAML set up tasks described in this section include configuring policy sets and bindings for a bearer token, or a holder-of-key token, or to communicate with a Security Token Service (STS).
See the following topics for more information about securing messages using SAML.
- Signing SAML tokens at the message level
Secure SAML tokens at the message level by enabling assertion signing.
- Configure policy sets and bindings to communicate with STS
Configure policy sets and binding documents to enable a web services client to request SAML assertions from an external Security Token Service (STS).
- Configure client and provider bindings for the SAML bearer token
A SAML bearer token is a SAML token that uses the Bearer subject confirmation method. In a bearer subject confirmation method, a sender of SOAP messages is not required to establish correspondence that binds a SAML token with contents of the containing SOAP message. Starting with v7.0.0.7, you can configure the client and provider policy set attachments and bindings for the SAML bearer token.
- Configure client and provider bindings for the SAML holder-of-key symmetric key token
Configure the client and provider policy set attachments and bindings for the SAML holder-of-key token. This configuration scenario uses a symmetric key.
- Configure client and provider bindings for the SAML sender-vouches token
Configure the client and provider policy set attachments and bindings for the SAML sender-vouches token, which includes the sender-vouches confirmation method. The sender-vouches confirmation method is used when a server needs to propagate the client identity or behavior of the client.
- Manage self-issue SAML token configuration using wsadmin
The SAMLIssuerConfig.properties file usage is deprecated in WAS v8. We can use the listSAMLIssuerConfig and updateSAMLIssuerConfig wsadmin command tasks to read and modify the SAMLIssuerConfig.properties cell level and server level configuration files. Starting with WAS v8, you should use the admin console or the setSAMLIssuerConfigInBinding command task to specify a self-issued SAML token's configuration as custom properties in the requester's outbound configuration in the general bindings or in the application-specific bindings. Do not use server level and cell level SAMLIssuerConfig.properties file.
Related
Configure policy sets and bindings to communicate with STS
Configure client and provider bindings for the SAML bearer token
Configure client and provider bindings for the SAML holder-of-key symmetric key token