Application Integration (On-Premises) : Administering the Software AG Infrastructure : Setting Up Security : Predefined Login Modules : SAMLAssertIssuerLoginModule
SAMLAssertIssuerLoginModule
Use SAMLAssertIssuerLoginModule to issue a SAML1.1 or SAML 2 assertion as a delegation ticket among Software AG products.
You can only use the SAMLAssertIssuerLoginModule in a chain of login modules. Using this login module on its own, in a separate login context, is not possible, because it is the other modules in a given login context that perform the actual authentication of the user. When the authentication is successful, SAMLAssertIssuerLoginModule issues a SAML assertion where the fully qualified name of the authenticated user is part of the Subject of the AuthenticationStatement attribute of the SAML 1.1 assertion and the SubjectConfirmation attribute of the SAML 2 assertion. Optionally, the assertion contains a list of groups (where such are available) as part of the AttributeStatement attribute of the SAML assertion.
The SAMLAssertIssuerLoginModule has a single parameter that you set in the JAAS configuration.
Parameter
Description
forceSaml Version
Optional. Defines which SAML assertion version to use to issue the delegation token. Valid values are 1.1 or 2.0 (default).
The following sample excerpt outlines SAMLAssertIssuerLoginModule and the corresponding configuration included in a login context of a JAAS configuration file. First, InternalLoginModule authenticates the user. If the authentication is successful, SAMLAssertIssuerLoginModule issues a SAML 1.1 assertion to use as a delegation ticket.
/** Login Configuration for the SAMLAssertIssuerLoginModule. **/
SAMLIssuerRealm {
// Internal repository login module (java based)
com.softwareag.security.jaas.login.internal.InternalLoginModule required
template_section=INTERNAL
logCallback=true
internalRepository="C:/softwareag/common/conf/users.txt"
create_group_principal=true
groupRepositoryPath="C:/softwareag/common/conf/groups.txt";
// SSOS login module for SAML 1.1 signed assertion issuance
com.softwareag.security.idp.saml.lm.SAMLAssertIssuerLoginModule sufficient
forceSamlVersion="1.1";
};
Copyright © 2015- 2017 Software AG, Darmstadt, Germany. (Innovation Release)

Product LogoContact Support   |   Community   |   Feedback