Property | Description |
Binding Assertion | Specifies the type of binding assertion required for the message transfer between the recipient and the initiator. |
Require Encryption. Specifies that a request's XML element, which is represented by an XPath expression or by parts of a SOAP request such as the SOAP body or the SOAP headers, be encrypted. | |
Encrypted Parts | Click + Add encrypted part to add the required properties. This allows you to encrypt parts of a SOAP request such as the SOAP body or the SOAP headers. Provide the following information: ![]() ![]() In the SOAP Header section, provide the following information: ![]() ![]() You can add more SOAP headers by clicking ![]() |
Encrypted Elements | Click + Add encrypted element to add the required properties. Select this option to encrypt the entire element, which is represented by an XPath expression. Provide the following information: XPath. Specifies the XPath expression in the API request. In the Namespace section, provide the following information: ![]() ![]() You can add more namespace prefixes and URIs by clicking ![]() |
Require Signature. Specifies that a request's XML element, which is represented by an XPath expression or by parts of a SOAP request such as the SOAP body or the SOAP headers, be signed. | |
Signed Elements | Click + Add require signature to add the required properties. Select this option to sign the entire element represented by an XPath expression. Provide the following information: XPath. Specifies the XPath expression in the API request. For the Namespace section, provide the following information: ![]() ![]() You can add more namespace prefixes and URIs by clicking ![]() |
Signed Parts | Click + Add signed part to add the required properties. Select this option to sign parts of a SOAP request such as the SOAP body or the SOAP headers. Provide the following information: ![]() ![]() For the SOAP Header section, provide the following information: ![]() ![]() You can add more namespace prefixes and URIs by clicking ![]() |
Validate SAML Audience URIs. Validates the audience restriction in the conditions section of the SAML assertion. It verifies whether any of the valid audience URI within a valid condition element in SAML assertion matches with any of the configured URI. If two conditions are available, then one of the audience URIs in the first condition, and one of the audience URIs in the second condition must match with any of the configured URIs in this policy for the SOAP API. This property is used in the following scenarios: ![]() ![]() | |
URI | Specifies the SAML audience URI. |
Match Criteria | Select one of the following options: ![]() ![]() For more information on audience URI, see conditions and audience restriction sections in the SAML specification available in the
https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf location. |
Token Assertions | Select the type of token assertion required to authenticate the client. Select any of the following: ![]() ![]() ![]() ![]() Note: API Gateway supports the username format for Service Principal Names (SPNs). This format represents the principal name as a named user defined in LDAP used for authentication to the KDC. ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() You can add more values for the key-value pair by clicking ![]() ![]() ![]() Click the Custom Token Assertion arrow to see a list of all custom token assertions available in API Gateway. Click ![]() |
Require Timestamp | Specifies that the time stamps be included in the request header. API Gateway checks the time stamp value against the current time to ensure that the request is not an old message. This serves to protect your system against attempts at message tampering, such as replay attacks. |