Integration Server 10.11 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | Policies Based on WS-SecurityPolicy that Integration Server Provides | SAMLAuthentication
 
SAMLAuthentication
The SAMLAuthentication policy uses a SAML token to provide client authentication and includes a Timestamp token to guard against replay attacks. This policy does not enforce signatures or encryption.
Important:
Before you can use this policy, you must edit the policy file in the Software AG_directory \IntegrationServer\instances\instance_name\config\wss\policies directory and fill in the address of Secure Token Service (STS).
Note:
The SAMLAuthentication policy is intended for only provider web service descriptors.
When the policy is attached to:
Message type
To enforce the policy, Integration Server...
Provider web service descriptor
inbound request
Requires a SAML token in the security header. Integration Server authenticates the sender of the inbound request messages using the client certificate from the SAML token.
outbound response
Adds a signed Timestamp token to the security header. Integration Server determines the timestamp expiration date to specify using the WS Security Properties of the endpoint alias or by using watt.server.ws.security server configuration parameters. For more information, see webMethods Integration Server Administrator’s Guide. Integration Server signs the Timestamp token using the its private key.