WAS v8.5 > Secure applications > Secure web services > Secure web services > Web Services Security concepts > Web Services Security concepts > Web Services Security provides message integrity, confidentiality, and authenticationSAML token
SAML is an XML-based standard for exchanging user identity and security attributes.
We can apply policy sets to JAX-WS applications to use SAML assertions in web services messages. Use SAML assertions to represent user identity and user security attributes, and optionally, to sign and to encrypt SOAP message elements. WebSphere Application Server supports SAML assertions using one of the follloing confirmation methods...
The SAML function also provides a set of APIs that can be used to request SAML tokens from a security token service (STS) using the WS-Trust protocol. APIs are also provided to locally generate and validate SAML tokens. For more information, read about APIs for SAML.
Related concepts:
SAML APIs
Related information:
Web Services Security: SAML Token Profile 1.1, OASIS Standard, 1 February, 2006