Using a SAML Token to Authenticate a .NET Client Application - An Example
SAMLAuthDemo is a simple Windows client application that demonstrates how to use a SAML token in a third party .NET application to authenticate a call to an ActiveMatrix BPM service.
The SAMLAuthDemo application calls the ActiveMatrix BPM executeGenericQuery operation (from the EventCollectorQueryService) to retrieve a list of audit messages with a severity level of ERROR.
To authenticate the call, the application generates its own signed SAML 2.0 token (using the "sender-vouches" subject confirmation method), which it includes in the SOAP envelope of the call.
When using "sender-vouches", both the SAML assertion itself and the body of the outgoing message request must be signed by a party that is trusted by ActiveMatrix BPM. This ensures that ActiveMatrix BPM trusts both the contents of the SAML assertion, and that the assertion was intended for use with the body of the incoming message.
This appendix assumes a basic understanding of SAML and how to use it.