Applying the SAML SSO Web Profile Authentication Policy
SAML SSO Web Profile Authentication Policy can be applied as an external policy set using TIBCO Business Studio - BPM Edition.
For more information about configuring an external policy set using TIBCO Business Studio - BPM Edition, see the ''Configuring External Policy Sets with XML'' section of the TIBCO ActiveMatrix® Service Grid Composite Development.
Sample policy set
SamlSSOWebProfileAuthenticationWithWebApp.policysets
is available in the
TIBCO_HOME\amx\3.4\samples\policy directory. You can use the sample policy set to apply SAML SSO Web Profile Authentication Policy. The resource instance name configured in the policy set must exactly match the resource instance name created using Administrator UI or CLI. For example, see
SamlSSOWebProfileAspProp
highlighted in the following sample policy set.
Sample Policy Set:
<ep:policySetContainer xmlns:ep="http://xsd.tns.tibco.com/amf/models/externalpolicy" xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" xmlns:scaext="http://xsd.tns.tibco.com/amf/models/sca/extensions" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009" xmlns:tpc="http://xsd.tns.tibco.com/governance/policy/common/2009" xmlns:jmsbt="http://xsd.tns.tibco.com/amf/models/sca/bindingtype/jms" xmlns:soapbt="http://xsd.tns.tibco.com/amf/models/sca/binding/soap" xmlns:webapp="http://xsd.tns.tibco.com/amf/models/sca/implementationtype/
webapp" xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:samlwebprofile="http://xsd.tns.tibco.com/trinity/models/auth/
samlwebprofile" xmlns:rtp="http://xsd.tns.tibco.com/governance/rule/template/2010" targetNamespace="http://www.trinity.na.tibco.com"> <!-- add the policy sets here --> <sca:policySet name="SamlWebProfileAuthenticationPolicySet" provides="scaext:clientAuthentication.basic" policyTemplateName="rtp:AuthenticationBySamlSSOWebProfile" appliesTo="soapbt:binding.soap.service|webapp:implementation.web"> <scaext:property mustSupply="true" name="SamlSSOWebProfileAspProp" type="samlwebprofile:SamlWebProfileConfiguration" scaext:simpleValue="SamlSSOWebProfileAsp"/> <wsp:Policy> <wsp:All> <wsp:Policy> <tpa:AuthenticationByJaas> <tpa:SecurityToken> <tpa:ExactlyOne> <tpa:SamlSSOWebProfileToken /> </tpa:ExactlyOne> </tpa:SecurityToken> <tpa:SharedResourceLoginModule ResourceInstanceProperty="SamlSSOWebProfileAspProp"/> </tpa:AuthenticationByJaas> </wsp:Policy> </wsp:All> </wsp:Policy> </sca:policySet> </ep:policySetContainer>