Field | Description |
Name | Name of a SAML token issuer used by API Gateway. This value must match the value of the Issuer field in the SAML assertion. |
Normal client | Selecting this sets the client that requests the SAML token. |
Act as delegation | Selecting this delegates the SAML request to another user (delegator). The delegator uses a signature element to authenticate the SAML request. |
Issuer policy | Specifies the name of an issuer policy to be used to communicate with SAML issuer. ![]() ![]() |
Communicate using. Specifies the mode of communication. | |
WSS Username | Specifies that WSS Username mode is used to obtain the SAML assertion to access the API. The WSS username token supplied in the header of the SOAP request that the consumer application submits to the API. |
Kerberos | Specifies that Kerberos mode is used to obtain the SAML token and assertion to access the API. Transports the Kerberos token over the Transport Layer Security (TLS) protocol to provide additional security features. |
Authenticate using. Specify the type of authentication you want to use while communicating with the SAML issuer. | |
For the Authentication type WSS Username, authenticate using the following: | |
Custom credentials | Specifies the values provided in the policy required to communicate the SAML issuer. Provide the following information: ![]() ![]() |
For the Authentication type Kerberos, authenticate using any of the following: | |
Custom credentials | Specifies the values provided in the policy required to communicate the SAML issuer. Provide the following information: ![]() ![]() ![]() ![]() ![]() ![]() |
Delegate incoming credentials | Specifies the values provided in the policy required by the API providers to select whether to delegate the incoming Kerberos token or act as a normal client. Provide the following information: ![]() ![]() ![]() ![]() ![]() ![]() |
Incoming HTTP basic auth credentials | Specifies the incoming HTTP basic authentication credentials in the transport header of the incoming request for client principal and client password. Provide the following information: ![]() ![]() ![]() ![]() |
Endpoint URI | Provide the endpoint URI of the STS. |
SAML version | Specify the SAML version to be used for authentication. Available values are: SAML 1.1, SAML 2.0 |
WS-Trust version | Specify the WS-Trust version that API Gateway must use to send the RST to the SAML issuer. Available values are: WS-Trust 1.0, WS-Trust 1.3 |
Applies to | Specify the scope for which this security token is required. For example, the APIs to which this token is applied. |
Signing configurations | |
Keystore alias | Specify the keystore to be used by API Gateway while sending the request to the STS. A keystore is a repository of private keys and corresponding public certificates. |
Key alias (signing) | Specify the key alias, a private key used to sign the request sent to STS. |
Encryption configurations | |
Truststore alias | Select the truststore that should be used by API Gateway while sending the STS request. Truststore is a repository that holds all the trusted public certificates. |
Certificate alias (Encryption) | Select the certificate from the truststore used to encrypt the request that is sent to the STS. |
Request security token template parameters. Defines extensions to the <wst:RequestSecurityToken> element for requesting specific types of keys, algorithms, or key and algorithms, as specified by a given policy in the return token(s). | |
Key | Specifies the key type of the security token template. |
Value | Specifies a value for the request token. You can add multiple key and values by clicking ![]() |