CentraSite 10.3 | CentraSite User’s Guide | Runtime Governance | Run-Time Policy Management | Built-In Run-Time Actions Reference (CentraSite Business UI) | Built-in Actions for Run-Time Policies (CentraSite Business UI) | SAML Authentication
 
SAML Authentication
Used when native API enforces SAML authentication. Based on the modes selected, Mediator either uses the WSS Username mode to obtain the SAML assertion token from STS to invoke the native service or it uses the Kerberos Over Transport mode to obtain the SAML token and assertion to access the native API.
Input Parameters
Signing Alias
Specifies the alias (key) used when signing the message.
Encryption Alias
Specifies the alias (key) used when encrypting the message.
Issuer Communication
(String). Specifies information about the issuer of a SAML assertion and the ways to communicate with the native API.
Action
Actions performed by the issuers.
Value
Description
Act as Delegation
The user delegates the request to another user. The user delegates the SAML request to the delegator. The delegator uses a signature element to authenticate the SAML request.
Normal Client
Client requesting the SAML token.
Communicate Using
Modes through which the communication can occur.
Value
Description
WSS Username (Message)
The WSS username token supplied in the header of the SOAP request that the consumer application submits to the virtual service.
Kerberos Over Transport (Message)
Trasports the Kerberos token over the Transport Layer Security (TLS) protocol to provide additional security features.
WSS Username Configuration
Credentials for the WSS Username Configuration.
Username
(String). The username of the wss configuration.
Password
(String). The password to be used together with the Username parameter as authentication credentials.
Endpoint
Endpoint of the service.
SAML Version
(String). Specifies the WSS SAML Token version to use: 1.1 or 2.0.
WS- Trust Version
(String). Specifies the WSS SAML Token version to use: 1.1 or 2.0.
Applies To
(Optional). Specifies the scope for which this security token is required. For example, the services to which this token is applied.
Extended Parameters
Other additional parameters.
Value
Description
Key Size
The number of bits in a key used by a cryptographic algorithm. For example, 256 bits.
Key Type
The type of key used in the security token.
SignatureAlgorithm
The signature algorithm used to sign the issued token.
EncryptionAlgorithm
The encryption algorithm used to encrypt the issued token.
CanonicalizationAlgorithm
The canonicalization algorithm used when signing the issued token.
ComputedKeyAlgorithm
The key derivation algorithm to use if using a symmetric key for the proof key, where proof key is computed using client, server, or combined entropy.
Encryption
The key to use when encrypting the issued token.
ProofEncryption
The key to use when encrypting the proof key.
KeyWrapAlgorithm
The algorithm used to encrypt the symmetric key.
SignWith
The signature algorithm the client intends to employ when using the proof key to sign.
EncryptWith
Indicates the symmetric algorithm that client uses to protect messages sent to the server when using the proof key.