+

Search Tips   |   Advanced Search

SAML token

The SAML is an XML-based OASIS standard for exchanging user identity and security attributes information.

We can apply policy sets to JAX-WS applications to use SAML assertions in web services messages and in web services usage scenarios. Use SAML assertions to represent user identity and user security attributes, and optionally, to sign and to encrypt SOAP message elements. WebSphere Application Server supports SAML assertions using the bearer subject confirmation method and the holder-of-key subject confirmation method as defined in the OASIS Web Services Security SAML Token Profile Version 1.1 specification. Policy sets and general bindings that support SAML are included with WAS v9 SAML function. To use SAML assertions, we must modify the provided sample general binding.

The SAML function also provides a set of APIs used to request SAML tokens from a Security Token Service (STS) using the WS-Trust protocol. APIs are also provided to locally generate and validate SAML tokens. See APIs for SAML.


Related:

  • Overview of APIs for SAML
  • Configure client and provider bindings for the SAML bearer token
  • Send self-issued SAML bearer tokens using WSS APIs
  • Send self-issued SAML holder-of-key tokens with symmetric key using WSS APIs
  • Tune Web Services Security for v8.5 applications
  • Manage self-issue SAML token configuration using wsadmin commands
  • Web Services Security APIs

    Web Services Security: SAML Token Profile 1.1, OASIS Standard, 1 February, 2006