Securing messages using SAML

Configure policy sets, bindings, and SAML-specific tokens to secure web services and messages.

About this task

To secure messages using SAML, you can import the SAML default policy sets and modify them to enable SAML function. Because WebSphere® Application Server with SAML does not support attaching a policy set directly to a Web services client, you must specify the policy sets and bindings used to enable SAML as custom properties in the web services client binding document.

You can also create a SAML bearer token using the SAML library API. A bearer token contains a bearer assertion, which is used to facilitate web browser single sign-on (SSO). Other SAML set up tasks described in this section include configuring policy sets and bindings for a bearer token, or a holder-of-key token, or to communicate with a Security Token Service (STS).

See the following topics for more information about securing messages using SAML.

  • Signing SAML tokens at the message level

    Secure SAML tokens at the message level by enabling assertion signing.

  • Configuring policy sets and bindings to communicate with STS

    Configure policy sets and binding documents to enable a web services client to request SAML assertions from an external Security Token Service (STS).

  • Configuring client and provider bindings for the SAML bearer token

    A SAML bearer token is a SAML token that uses the Bearer subject confirmation method. In a bearer subject confirmation method, a sender of SOAP messages is not required to establish correspondence that binds a SAML token with contents of the containing SOAP message. Starting with Version 7.0.0.7, you can configure the client and provider policy set attachments and bindings for the SAML bearer token.

  • Configuring client and provider bindings for the SAML holder-of-key symmetric key token

    Configure the client and provider policy set attachments and bindings for the SAML holder-of-key token. This configuration scenario uses a symmetric key.

  • Configuring client and provider bindings for the SAML sender-vouches token

    Configure the client and provider policy set attachments and bindings for the SAML sender-vouches token, which includes the sender-vouches confirmation method. The sender-vouches confirmation method is used when a server needs to propagate the client identity or behavior of the client.

  • Managing self-issue SAML token configuration using wsadmin commands

    The SAMLIssuerConfig.properties file usage is deprecated in WebSphere Application Server Version 8. You can use the listSAMLIssuerConfig and updateSAMLIssuerConfig wsadmin command tasks to read and modify the SAMLIssuerConfig.properties cell level and server level configuration files. Starting with WebSphere Application Server Version 8, you should use the administrative console or the setSAMLIssuerConfigInBinding command task to specify a self-issued SAML token's configuration as custom properties in the requester's outbound configuration in the general bindings or in the application-specific bindings. Do not use server level and cell level SAMLIssuerConfig.properties file.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 7:16:32 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-express-iseries&topic=twbs_securemsgsaml
File name: twbs_securemsgsaml.html