Integration Server supports including SAML2 tokens in the HTTP header, making it possible to use SAML2 tokens with all types of services. This enables integration with other security providers.

To use this functionality, you must do the following on Integration Server:

The client sending the request must include the custom HTTP header named "wmIS-SAML2-Assertion" and send the Base64 encoded SAML2 assertions as the header value.

When Integration Server receives an HTTP request with the custom header "wmIS-SAML2-Assertion" and finds a Base64 encoded SAML2 assertion in the header, Integration Server decodes from Base64 and validates the assertion. If validation of the assertion succeeds, Integration Server searches for an Integration Server user that matches the NameID from the SAML2 Assertion. Integration Server first checks for a local user defined on Integration Server and then searches Central Users or LDAP. If Integration Server finds a username that matches the NameID, Integration Server uses that username for the session. Otherwise, Integration Server uses the user defined in the "defaultUserName" option of the SamlAssertLoginModule module shown above. If the "defaultUserName" option is set to "Default", Integration Server uses the Default user account, which allows access to resources that have the Anonymous ACL.