Enforcing SOAP Security to Enable SAML Authentication and SAML Credential Mapping

In this sample, SOAP message exchanges are secured with SAML Credential Mapping, user name token-based authentication, and SAML authentication.

The following processes communicate with each other in this sample:
  • ClientProcess.bwp: Simulates a client call to Process1 to request a response from Process1
  • Process1.bwp: Calls Process2
  • Process2.bwp: Returns a response to Process1

Procedure

  1. In the samples directory, select policy > samlcredentialmapping > SoapHttp and double-click tibco.bw.sample.policy.samlcredentialmapping.SoapHttpBinding.zip. For more information, see Accessing Samples.
  2. In Project Explorer expand the tibco.bw.sample.policy.samlcredentialmapping.SoapHttpBinding project.
  3. Set the default ApplicationProfile to match the OS you are running on. For more information, see Setting the Default Application Profile.
  4. Click Run > Debug Configurations.
  5. At the left hand tree of Debug Configuration wizard, expand BusinessWorks Application and select BWApplication.
  6. Click the Applications tab and then click the Deselect All button if you have multiple applications. Select the check box next to ttibco.bw.sample.policy.samlcredentialmapping.SoapHttpBinding.application.
  7. Click Debug.
    This runs the sample in Debug mode.

Result

Process1 call Process2 successfully

The file SamlCredentialMapping.txt is generated in the C:\tmp\policy directory on Windows platform, or /tmp/policy directory on Unix platform.

Open the SamlCredentialMapping.txt file in a text editor. The default contents of the file are outlined below.
Congratulations! This is response from Process2. SAML request is successful!

Understanding the Configuration

The following processes interact with each other in this project:

  • Process2.bwp: The service side of Process2 is associated with a WSS provider policy configured for SAML authentication.
  • Process1.bwp: To ensure the outbound request to Process2 contains the credentials authenticated in Process1, the following policies are enforced on Process1:
    • A WSS Consumer policy configured for SAML credential mapping is associated on the reference side.
    • A WSS Provider policy configured for user name token authentication is associated with the service side.
  • ClientProcess.bwp: To simulate a client call to Process1, a WSS Consumer policy, configured for user name token credential mapping, is associated with the reference side of ClientProcess.