Configure policy sets, bindings, and SAML-specific tokens to secure Web services and messages.
To secure messages using SAML, you can import the SAML default policy sets and modify them to enable SAML function. Because WebSphere® Application Server Version 7.0.0.7 with SAML does not support attaching a policy set directly to a Web services client, you must specify the policy sets and bindings used to enable SAML as custom properties in the Web services client binding document.
You can also create a SAML bearer token using the SAML library API. A bearer token contains a bearer assertion, which is used to facilitate Web browser single sign-on (SSO). Other SAML set up tasks described in this section include configuring policy sets and bindings for a bearer token, or a holder-of-key token, or to communicate with a Security Token Service (STS).
See the following topics for more information about securing messages using SAML.
Secure SAML tokens at the message level by enabling assertion signing.
Configure policy sets and binding documents to enable a Web services client to request SAML assertions from an external Security Token Service (STS).
A SAML bearer token is a SAML token that uses the Bearer subject confirmation method. In a bearer subject confirmation method, a sender of SOAP messages is not required to establish correspondence that binds a SAML token with contents of the containing SOAP message. Starting with Version 7.0.0.7, you can configure the client and provider policy set attachments and bindings for the SAML bearer token.
Configure the client and provider policy set attachments and bindings for the SAML holder-of-key token. This configuration scenario uses a symmetric key.
Starting with Version 7.0.0.9, you can configure the client and provider policy set attachments and bindings for the SAML sender-vouches token. A SAML sender-vouches token is a SAML token that uses the sender-vouches subject confirmation method. The sender-vouches confirmation method is used when a server needs to propagate the client identity or behavior of the client.
In this information ... | IBM Redbooks, demos, education, and more(Index) |