Secure messages using SAML

Configure policy sets, bindings, and SAML-specific tokens to secure web services and messages.

To secure messages using SAML, we can import the SAML default policy sets and modify them to enable SAML function. Because WebSphere Application Server with SAML does not support attaching a policy set directly to a Web services client, specify the policy sets and bindings used to enable SAML as custom properties in the web services client binding document.

We can also create a SAML bearer token using the SAML library API. A bearer token contains a bearer assertion, which is used to facilitate web browser SSO. Other SAML set up tasks described in this section include configuring policy sets and bindings for a bearer token, or a holder-of-key token, or to communicate with a Security Token Service (STS).

Subtopics

1. Signing SAML tokens at the message level
2. Configure policy sets and bindings to communicate with STS
3. Configure client and provider bindings for the SAML bearer token
4. Configure client and provider bindings for the SAML holder-of-key symmetric key token
5. Configure client and provider bindings for the SAML sender-vouches token
6. Manage self-issue SAML token configuration using wsadmin commands