WAS v8.5 > Secure applications > Secure web services > Secure web servicesSecure web services using Security Markup Assertion Language (SAML)
SAML is an XML-based standard for exchanging user identity and security attributes. Using SAML, a client can communicate assertions regarding the identity, attributes, and entitlements of a SOAP message. We can apply policy sets to JAX-WS applications to use SAML assertions in web services messages and in web services usage scenarios. Use SAML assertions to represent user identity and user security attributes, and optionally, to sign and to encrypt SOAP message elements.
- Learn about SAML
- Configure SAML application support
SAML is an XML-based, OASIS standard for exchanging user identity and security attributes. We can use the SAML function to apply a default policy to use SAML assertions in web services messages and in web services usage scenarios. In a typical SAML usage scenario, you authenticate to a security domain and request an identity provider to issue SAML assertions.
In WebSphere Application Server v7.0.0.7 and later, to use the SAML default policy sets, sample SAML general bindings, and JAAS login configuration settings for SAML, you were required to set up the SAML configuration, which is stored in a profile. In WAS v8.5, the SAML feature is available in all profiles by default.
- Develop and assemble a SAML application
- Deploy the SAML application