Administering Mediator : Mediator Configurations : Configuring SAML Support in Mediator : Configuring SAML Sender-Vouches Processing
Configuring SAML Sender-Vouches Processing
 
Configuring a Security Token Service (STS) for Sender-Vouches Processing
Configuring Virtual Services for Sender-Vouches Processing
This section describes configurations for SAML Sender-Voucher processing:
*Run-Time Processing of Holder-of-Key Tokens.
*Configuring Virtual Services for Sender-Vouches Processing.
Run-Time Processing of Sender-Vouches Tokens
Mediator can act as a Security Token Service (STS) client. You can use Integration Server’s default STS or you can use a third-party STS that has been defined in the Integration Server. The default STS supports only SAML v2.0 Sender-Vouches tokens.
The following illustration shows what happens at run time.
Mediator as an STS client
Step
Description
1
The user's client sends a SOAP request with SAML authentication information to Mediator. Integration Server authenticates the incoming request.
2
*Mediator sends a WS-Trust RST to the STS to request a SAML v2.0 token.
*Mediator sends the <OnBehalfOf> element that contains the authenticated user name to the STS.
3
The SAML Issuer sends the SAML v1.0 or v2.0 assertion to Mediator.
4
Mediator forwards the SOAP request along with the SAML assertion to the native service.
Mediator also uses the Integration Server keystore and signing alias you specified to sign the SAML token and the request body before sending the request to the native service.
Also, if you have configured the predefined Java service pub.mediator.security.ws.AddSamlSenderVouchesToken to add a timestamp in the outbound request, Mediator signs the timestamp.
5
The native service sends a SOAP response to Mediator.
6
Mediator sends the response to the user's client.
Copyright © 2015- 2017 Software AG, Darmstadt, Germany. (Innovation Release)
Product LogoContact Support   |   Community   |   Feedback