Integration Server 10.3 | Web Services Developer’s Guide | Securing Web Services Using WS-SecurityPolicy | Securing Web Services Using Policies Based on WS-SecurityPolicy | Requirements for Using SAML for Authentication | Identifying Trusted STSs to Integration Server
 
Identifying Trusted STSs to Integration Server
If you want to use policies based on WS-SecurityPolicy that include SAML tokens for authentication, you must set up Integration Server so that it can process the SAML tokens. One of the requirements is to identify STSs you want Integration Server to trust. For other requirements, see Requirements for Using SAML for Authentication.
*To identify a trusted STS to Integration Server
1. In Integration Server Administrator, go to Security > SAML.
2. Click Add SAML Token Issuer.
3. Provide information in the following fields:
For this parameter...
Specify...
Issuer Name
Name of a SAML token issuer from which Integration Server should accept and process SAML assertions. Integration Server will reject SAML assertions from issuers not configured on this screen and will log a message similar to the following to the Server log:
2010-06-09 23:35:38 EDT [ISS.0012.0025E] Rejecting
SAML assertion from issuer "SAMPLE_STS" because
issuer is not configured on the Security > SAML
screen.
This value must match the value of the Issuer field in the SAML assertion.
Truststore Alias
Specifies a text identifier for the truststore, which contains the public keys of the SAML token issuer.
Certificate Alias
Specifies a text identifier for the certificate associated with the truststore alias.
Clock Skew
Clock difference between your Integration Server and the SAML token issuer.
4. Click Save Changes.