SOA Governance and API Management : Administering Mediator : Mediator Configurations : Configuring SAML Support in Mediator : Configuring for SAML Sender-Vouches Processing
Configuring for SAML Sender-Vouches Processing
 
Configuring a Security Token Service (STS) for Sender-Vouches Processing
Configuring Virtual Services for Sender-Vouches Processing
This section describes:
*The Run-Time Processing of Holder-of-Key Tokens.
*Configuring Axis2 STS for Holder-of-Key Processing.
*Configuring Virtual Services for Sender-Vouches Processing.
The Run-Time Processing of Sender-Vouches Tokens
Mediator can act as a Security Token Service (STS) client. You can use Integration Server’s default STS or you can use a third-party STS that has been defined in the Integration Server. The default STS supports only V2.0 SAML Sender-Vouches tokens.
The following illustration shows what happens at run time.
Mediator as an STS client
Step
Description
1
The user's client sends a SOAP request with SAML authentication information to Mediator. Integration Server authenticates the incoming request.
2
*Mediator sends a WS-Trust RST to the STS to request a SAML v2 token.
*Mediator sends the <OnBehalfOf> element that contains the authenticated user name to the STS.
3
The SAML Issuer sends the SAML v1/v2 assertion to Mediator.
4
Mediator forwards the SOAP request (along with the SAML assertion) to the native service.
Mediator also uses the IS keystore and signing alias you specified to sign the SAML token and the request body before sending the request to the native service.
Also, if you have configured the predefined Java service pub.mediator.security.ws.AddSamlSenderVouchesToken to add a timestamp in the outbound request, Mediator will sign the timestamp.
5
The native service sends a SOAP response to Mediator.
6
Mediator sends the response to the user's client.
Copyright © 2015- 2016 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback