WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web services

Develop SAML applications

Use the SAML library API, the SAMLTokenFactory, to configure token parameters, create a SAML token, and bind the created token to a service request. The SAML trust client API provides helper functions that send WS-Trust SOAP requests to the specified external security token service (STS).

The SAMLTokenFactory API creates SAML tokens through various method signatures. The API also instantiates runtime configuration objects related to the SAML token requester, as well as the recipient.

The WS-Trust Client API for SAML includes the WSSTrustClient class, the WSSTrustClientValidateResult class, and other configuration utility classes.

The following topics provide more information about developing SAML applications using the APIs.

Subtopics

• WS-Trust client API
  The WS-Trust client API includes the WSSTrustClient class, the WSSTrustClientValidateResult class, and other configuration utility classes. The WSSTrustClient class provides helper functions that send WS-Trust SOAP requests to the specified external security token service (STS) so the STS can issue or validate one or more SAML assertions and other types of security tokens.
• SAML token library APIs
  The SAML token library APIs provide methods we can use to create, validate, parse, and extract SAML tokens.
• Create a SAML bearer token using the API
  Use the SAML library API to create a SAML bearer token.
• Create a SAML holder-of-key token using the API
  The SAML holder-of-key token extends the security token public interface in WebSphere Application Server, and can be used as a protection token. WAS provides a SAML library API for SAML holder-of-key token creation.
• Propagation of SAML tokens using the API
  The SAML propagation function is useful for applications that interact across multiple servers. The propagation feature communicates token information from the originating server downstream to other servers.
• Web services client token cache for SAML
  When a SAML token is initially requested, the web services runtime environment automatically caches the SAMLToken. As a result of this automatic client token caching function, subsequent web services requests can use the SAMLToken from the previous request.
• WS-Trust client API
  The WS-Trust client API includes the WSSTrustClient class, the WSSTrustClientValidateResult class, and other configuration utility classes. The WSSTrustClient class provides helper functions that send WS-Trust SOAP requests to the specified external security token service (STS) so the STS can issue or validate one or more SAML assertions and other types of security tokens.
• SAML token library APIs
  The SAML token library APIs provide methods we can use to create, validate, parse, and extract SAML tokens.
• Create a SAML bearer token using the API
  Use the SAML library API to create a SAML bearer token.
• Create a SAML holder-of-key token using the API
  The SAML holder-of-key token extends the security token public interface in WAS, and can be used as a protection token. WAS provides a SAML library API for SAML holder-of-key token creation.
• Create a SAML sender-vouches token using the API
  Use the SAML library API to create a SAML sender-vouches token, which includes the sender-vouches confirmation method. The sender-vouches confirmation method is used when a server needs to propagate the client identity or behavior of the client.
• Propagation of SAML tokens using the API
  The SAML propagation function is useful for applications that interact across multiple servers. The propagation feature communicates token information from the originating server downstream to other servers.
• Web services client token cache for SAML
  When a SAML token is initially requested, the web services runtime environment automatically caches the SAMLToken. As a result of this automatic client token caching function, subsequent web services requests can use the SAMLToken from the previous request.
• Passing SAML tokens between JAAS login modules
  The SAMLGenerateLoginModule can be used to obtain an application generated SAML token from a shared state object that is intialized in the application's JAAS login module.

Subtopics

• WS-Trust client API
  The WS-Trust client API includes the WSSTrustClient class, the WSSTrustClientValidateResult class, and other configuration utility classes. The WSSTrustClient class provides helper functions that send WS-Trust SOAP requests to the specified external security token service (STS) so the STS can issue or validate one or more SAML assertions and other types of security tokens.
• SAML token library APIs
  The SAML token library APIs provide methods we can use to create, validate, parse, and extract SAML tokens.
• Create a SAML bearer token using the API
  Use the SAML library API to create a SAML bearer token.
• Create a SAML holder-of-key token using the API
  The SAML holder-of-key token extends the security token public interface in WebSphere Application Server, and can be used as a protection token. WAS provides a SAML library API for SAML holder-of-key token creation.
• Propagation of SAML tokens using the API
  The SAML propagation function is useful for applications that interact across multiple servers. The propagation feature communicates token information from the originating server downstream to other servers.
• Web services client token cache for SAML
  When a SAML token is initially requested, the web services runtime environment automatically caches the SAMLToken. As a result of this automatic client token caching function, subsequent web services requests can use the SAMLToken from the previous request.
• WS-Trust client API
  The WS-Trust client API includes the WSSTrustClient class, the WSSTrustClientValidateResult class, and other configuration utility classes. The WSSTrustClient class provides helper functions that send WS-Trust SOAP requests to the specified external security token service (STS) so the STS can issue or validate one or more SAML assertions and other types of security tokens.
• SAML token library APIs
  The SAML token library APIs provide methods we can use to create, validate, parse, and extract SAML tokens.
• Create a SAML bearer token using the API
  Use the SAML library API to create a SAML bearer token.
• Create a SAML holder-of-key token using the API
  The SAML holder-of-key token extends the security token public interface in WAS, and can be used as a protection token. WAS provides a SAML library API for SAML holder-of-key token creation.
• Create a SAML sender-vouches token using the API
  Use the SAML library API to create a SAML sender-vouches token, which includes the sender-vouches confirmation method. The sender-vouches confirmation method is used when a server needs to propagate the client identity or behavior of the client.
• Propagation of SAML tokens using the API
  The SAML propagation function is useful for applications that interact across multiple servers. The propagation feature communicates token information from the originating server downstream to other servers.
• Web services client token cache for SAML
  When a SAML token is initially requested, the web services runtime environment automatically caches the SAMLToken. As a result of this automatic client token caching function, subsequent web services requests can use the SAMLToken from the previous request.
• Passing SAML tokens between JAAS login modules
  The SAMLGenerateLoginModule can be used to obtain an application generated SAML token from a shared state object that is intialized in the application's JAAS login module.

+

Search Tips   |   Advanced Search