Deploy applications that use SAML
After SAML policy sets and bindings have been configured, and SAML tokens created, the SAML token information can be sent from the original login server to other servers using the SAML propagation feature. We can also extract SAML attributes from an existing SAML token and then create additional tokens using the extracted attributes.
Use the SAML propagation feature of WAS to send SAML token information based on the original login to other servers using a SAML token. Four propagation methods are provided. We can propagate the original SAML token, the SAML token identity and attributes, the WSCredential and WSPrincipal information, or a pre-existing SAML token inserted in the RequestContext.
When SAML is installed on a WebSphere server, we can create SAML attributes using the SAML runtime API. The SAML attributes are added to a CredentialConfig object, which is used to generate a SAML token. The API also provides a function that extracts SAML attributes from an existing SAML token and processes the attributes.
The following topics provide more information about deploying SAML applications.
Subtopics
- Propagating SAML tokens
We can use various SAML token propagation methods to include SAML tokens in outbound web services messages.
- Create SAML attributes in SAML tokens
Using the SAML runtime API, we can create SAML tokens containing SAML attributes. We can also extract the SAML attributes from an existing SAML token.
- Establishing security context for web services clients using SAML security tokens
WebSphere Application Server supports two policy set caller binding configuration options to establish client security context using SAML security tokens in web services SOAP request messages. The two configuration options are mapping SAML tokens to a user entry in a local user repository and, asserting SAML tokens based on a trust relationship.
- Propagating SAML tokens
We can use various SAML token propagation methods to include SAML tokens in outbound web services messages.
- Create SAML attributes in SAML tokens
Using the SAML runtime API, we can create SAML tokens containing SAML attributes. We can also extract the SAML attributes from an existing SAML token.
- Establishing security context for web services clients using SAML security tokens
WebSphere Application Server supports two policy set caller binding configuration options to establish client security context using SAML security tokens in web services SOAP request messages. The two configuration options are mapping SAML tokens to a user entry in a local user repository and, asserting SAML tokens based on a trust relationship.
Subtopics
- Propagating SAML tokens
We can use various SAML token propagation methods to include SAML tokens in outbound web services messages.
- Create SAML attributes in SAML tokens
Using the SAML runtime API, we can create SAML tokens containing SAML attributes. We can also extract the SAML attributes from an existing SAML token.
- Establishing security context for web services clients using SAML security tokens
WebSphere Application Server supports two policy set caller binding configuration options to establish client security context using SAML security tokens in web services SOAP request messages. The two configuration options are mapping SAML tokens to a user entry in a local user repository and, asserting SAML tokens based on a trust relationship.
- Propagating SAML tokens
We can use various SAML token propagation methods to include SAML tokens in outbound web services messages.
- Create SAML attributes in SAML tokens
Using the SAML runtime API, we can create SAML tokens containing SAML attributes. We can also extract the SAML attributes from an existing SAML token.
- Establishing security context for web services clients using SAML security tokens
WebSphere Application Server supports two policy set caller binding configuration options to establish client security context using SAML security tokens in web services SOAP request messages. The two configuration options are mapping SAML tokens to a user entry in a local user repository and, asserting SAML tokens based on a trust relationship.