Trading Networks 10.3 | Administering and Monitoring B2B Transactions | Integration Server Administrator's Guide | Configuring Integration Server for Secure Communication | Using SAML for Web Service Client Authentication | Identifying Trusted STSs to Integration Server
 
Identifying Trusted STSs to Integration Server
If you want to use policies based on WS-SecurityPolicy that include SAML tokens for client authentication, you must set up Integration Server so that it can process the SAML tokens. One of the requirements is to identify STSs you want Integration Server to trust. For a full list of requirements, see Requirements for Using SAML for Authentication.
*To identify a trusted STS to Integration Server
1. In Integration Server Administrator, go to Security > SAML.
2. Click Add SAML Token Issuer.
3. Provide information in the following fields:
Parameter
Specify
Issuer Name
Name of a SAML token issuer from which Integration Server should accept and process SAML assertions. This value must match the value of the Issuer field in the SAML assertion.
Integration Server will reject SAML assertions from issuers not configured on this screen and will log a message similar to the following to the Server log:
2010-06-09 23:35:38 EDT [ISS.0012.0025E] Rejecting SAML
assertion from issuer "SAMPLE_STS" because issuer is not
configured on the Security > SAML screen.
Truststore Alias
A text identifier for the truststore, which contains the public keys of the SAML token issuer. Integration Server populates the Truststore Alias list with the existing truststore aliases.
Certificate Alias
A text identifier for the certificate associated with the truststore alias. Integration Server populates the Certificate Alias list with the certificate aliases from the selected truststore alias.
Clock Skew
Clock difference between your Integration Server and the SAML token issuer.
4. Click Save Changes.