Note: | For information about configuring your system for SAML token processing, see Administering webMethods Mediator. |
To configure a SAML attribute that can be used to identify the user, open the is_jaas.cnf file available in the <IntegrationServerInstall_Directory>\instances\default\config folder and modify the configuration under WSS_Message_IS. For example, { /* * Please do not rearrange the following SoftwareAG * login modules; add your login modules before or after * these three modules */ com.wm.app.b2b.server.auth.jaas.SamlAssertLoginModule requisite samlAttributeName="http://integration.fiserv.com/ identity/claims/v1/FirstName"; com.wm.app.b2b.server.auth.jaas.X509LoginModule requisite; com.wm.app.b2b.server.auth.jaas.BasicLoginModule requisite; }; Any value can be configured for the samlAttributeName parameter. |
SAML Version | (String). Specifies the WSS SAML Token version to use: 1.1 or 2.0. | ||
SAML Subject Confirmation | (String). Specifies the SAML subject confirmation methods: | ||
Value | Description | ||
Bearer | Select this option if the clients want a security token to be issued that does not require a proof of possession.
| ||
Holder of Key (Asymmetric) | Select this option if the clients and server use the SAML V1.1 or V2.0 Holder-of-Key method that allows for transport of holder-of-key assertions. In this scenario, the client uses its private key to sign and the recipient’s (Mediator) public key to encrypt. | ||
Holder of Key (Symmetric) | (Default). Select this option if clients use the SAML V1.1 or V2.0 Holder-of-Key method that allows for transport of holder-of-key assertions. In this scenario, the client presents a holder-of-key SAML assertion acquired from its preferred identity provider to access a web-based resource at an API provider. | ||
WS- Trust Version | (String). Specifies the WSS SAML Token version to use: 1.1 or 2.0. | ||
Algorithm Suite | Select any algorithm suite that is defined by the WS-SecurityPolicy specification. For example, Basic128, BAsic256, TripleDes, and so on. | ||
Encrypt Signature | To encrypt the signature. Select either of the following: Yes: To encrypt the signature. No: Not to encrypt the signature. | ||
Layout | Specifies a requirement for a particular security header layout. | ||
Holder of Key Asymmetric Parameter | The public key is shared with Mediator and the private key is secure. | ||
Value | Description | ||
Initiator Token Inclusion | Identifies the inclusion value for the client's security token assertion. | ||
Recipient Token Inclusion | Identifies the inclusion value for the recipient's security token assertion. | ||
Holder of Key Symmetric Parameter | Encrypts the signature, soap header, and body. | ||
Value | Description | ||
Initiator Token Inclusion | Identifies the inclusion value for the client's security token assertion. | ||
Recipient Token Inclusion | Identifies the inclusion value for the recipient's security token assertion. | ||
Issuer Address | Specifies the SAML issuer address. For example, <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer> | ||
Metadata Reference Address | The address from where the metadata reference document can be obtained. | ||
Key Size | The number of bits in a key used by a cryptographic algorithm. For example, 256 bits. | ||
Request Security Token Template Parameters | Defines extensions to the <wst:RequestSecurityToken> element for requesting specific types of keys, algorithms, or key and algorithms, as specified by a given policy in the return token(s). In some cases, the service may support a variety of key types, sizes, and algorithms. These parameters allow a requestor to indicate its desired values. The issuer's policy indicates if input values must be adhered to and faults generated for invalid inputs, or if the issuer must provide alterative values in the response. | ||
Value | Description | ||
Key | Key type of the security token template. | ||
Value | String. A value for the request token. |