You can configure the client and provider policy set attachments and bindings for the SAML sender-vouches token. A SAML sender-vouches token is a SAML token that uses the sender-vouches subject confirmation method. The sender-vouches confirmation method is used when a server needs to propagate the client identity or behavior of the client.
Refer to the topic Creating application server profiles for more information about creating a server profile.
Refer to the various topics that describe how to configure SAML for more information about how to add SAML configuration settings to an existing profile.
As stated in section 3.5.2.1 of the SAML Token Profile specification:
"To satisfy the associated confirmation method processing of the receiver, the attesting entity MUST protect the vouched for SOAP message content such that the receiver can determine when it has been altered by another party. The attesting entity MUST also cause the vouched for statements (as necessary) and their binding to the message contents be protected such that unauthorized modification be detected."
You can use either transport-level or message-level security to meet this SAML sender-vouches requirement:
This procedure describes the steps you must complete to digitally sign a SAML token. It does not describe any of the SAML Token Profile OASIS standard requirements for SAML sender-vouches or SAML bearer tokens regarding message parts that must be signed.
The example provided in this procedure uses the sample web services application JaxWSServicesSamples.
The procedure for creating the sender-vouches policy set begins with creating a new SAML sender-vouches policy.
In this information ...Related concepts
Related tasks
| IBM Redbooks, demos, education, and more(Index) |