XML token

XML tokens are offered in two formats, Security Assertion Markup Language (SAML) and Extensible rights Markup Language (XrML).

Important: There is an important distinction between Version 5.x and Version 6.0.x and later applications. The information supports Version 5.x applications only used with WAS v6.0.x and later. The information does not apply to Version 6.0.x and later applications.

XML-based security tokens are growing in popularity. Two well-known formats are:

• Security Assertion Markup Language (SAML)

• Extensible rights Markup Language (XrML)

Use extensibility of the <wsse:Security> header in XML-based security tokens, we can directly insert these security tokens into the header.

SAML assertions are attached to Web Services Security messages using web services by placing assertion elements inside the <wsse:Security> header. The following example illustrates a Web Services Security message with a SAML assertion token.

<S:Envelope xmlns:S="...">&
      <wsse:Security xmlns:wsse="...">
          <saml:Assertion
                    MajorVersion="1"                      MinorVersion="0"
                    AssertionID="SecurityToken-ef375268"
                       Issuer="elliotw1"                         IssueInstant="2002-07-23T11:32:05.6228146-07:00"
                     xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
                     ...
           </saml:Assertion>
      </wsse:Security>
 </S:Header>
 <S:Body>
 ...
 </S:Body>
</S:Envelope>

For a complete list of the supported standards and specifications, read about web services specifications and APIs.

Related concepts

Username token

Binary security token

Security token

Web services

Web services specifications and APIs