Configuring for SAML Bearer Token Processing
This section describes configurations for SAML Bearer Token processing:
Run-Time Processing of SAML Bearer Tokens
At run time, Mediator processes a request containing a SAML Bearer token as follows:
1. The client sends a request for a SAML Token from a Security Token Service (STS).
2. The STS verifies and authenticates the client.
3. STS creates a SAML assertion that the client can send along with the message to the service provider.
4. The STS signs the assertion with its private key to provide message integrity and non-repudiation.
5. The client receives the SAML assertion from the STS and creates a new SOAP request.
6. The client adds the token in the SOAP WS-Security header.
7. The service receives the SOAP request with the SAML assertion and verifies that the SAML assertion was issued by a trusted STS.
After the service has completed performing the required verifications on the SOAP request, the service allows the request to proceed.