WebSphere® Application Server supports two policy set caller binding configuration options to establish client security context using SAML security tokens in web services SOAP request messages. The two configuration options are mapping SAML tokens to a user entry in a local user repository and, asserting SAML tokens based on a trust relationship.
<saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier NameQualifier="ldap.example.com:9080">uid=alice,dc=example,dc=com</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="UniqueSecurityName" AttributeNamespace="com.ibm.websphere.security.cred.WSCredential"> <saml:AttributeValue>uid=alice,dc=example,dc=com</saml:AttributeValue> </saml:Attribute> <saml:Attribute AttributeName="GroupIds" AttributeNamespace="com.ibm.websphere.security.cred.WSCredential"> <saml:AttributeValue>cn=development,dc=example,dc=com</saml:AttributeValue> <saml:AttributeValue>cn=deployment,dc=example,dc=com</saml:AttributeValue> <saml:AttributeValue>cn=test,dc=example,dc=com</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement>
<saml2:AttributeStatement> <saml2:Attribute Name="UniqueSecurityName" NameFormat="com.ibm.websphere.security.cred.WSCredential" /> <saml2:AttributeValue>uid=alice,dc=example,dc=com</saml2:AttributeValue> <saml2:Attribute> <saml2:Attribute AttributeName="GroupIds" NameFormat="com.ibm.websphere.security.cred.WSCredential" /> <saml2:AttributeValue>cn=development,dc=example,dc=com</saml2:AttributeValue> <saml2:AttributeValue>cn=deployment,dc=example,dc=com</saml2:AttributeValue> <saml2:AttributeValue>cn=test,dc=example,dc=com</saml2:AttributeValue> </saml2:Attribute> <saml2:AttributeStatement> <saml2:NameID NameQualifier="ldap.example.com:9060">alice</saml2:NameID>
In this information ...Related tasks
Related information
| IBM Redbooks, demos, education, and more(Index) |