Software AG Products 10.5 | Administering Integration Server | Configuring Integration Server for Secure Communication | Identifying Trusted STSs to Integration Server
 
Identifying Trusted STSs to Integration Server
If you want to use policies based on WS-SecurityPolicy that include SAML tokens for client authentication or accept SAML2 assertions through the HTTP header, you must set up Integration Server so that it can process the SAML tokens. One of the requirements is to identify STSs you want Integration Server to trust.
*To identify a trusted STS to Integration Server
1. In Integration Server Administrator, go to Security > SAML.
2. Click Add SAML Token Issuer.
3. Provide information in the following fields:
Parameter
Specify
Issuer Name
Name of a SAML token issuer from which Integration Server should accept and process SAML assertions. This value must match the value of the Issuer field in the SAML assertion.
Integration Server will reject SAML assertions from issuers not configured on this screen and will log a message similar to the following to the Server log:
2010-06-09 23:35:38 EDT [ISS.0012.0025E] Rejecting SAML
assertion from issuer "SAMPLE_STS" because issuer is not
configured on the Security > SAML screen.
Truststore Alias
A text identifier for the truststore, which contains the public keys of the SAML token issuer. Integration Server populates the Truststore Alias list with the existing truststore aliases.
Certificate Alias
A text identifier for the certificate associated with the truststore alias. Integration Server populates the Certificate Alias list with the certificate aliases from the selected truststore alias.
Clock Skew
Clock difference between your Integration Server and the SAML token issuer.
4. Click Save Changes.