Using a SAML Token to Authenticate a .NET Client Application - An Example

SAMLAuthDemo is a simple Windows client application that demonstrates how to use a SAML token in a third party .NET application to authenticate a call to an ActiveMatrix BPM service.

The SAMLAuthDemo application calls the ActiveMatrix BPM executeGenericQuery operation (from the EventCollectorQueryService) to retrieve a list of audit messages with a severity level of ERROR.

To authenticate the call, the application generates its own signed SAML 2.0 token (using the "sender-vouches" subject confirmation method), which it includes in the SOAP envelope of the call.

Note: In a production environment, the SAML assertion would probably be generated and provided by an intermediary Security Token Service (STS). See SSO Authentication Using a SAML Token.

When using "sender-vouches", both the SAML assertion itself and the body of the outgoing message request must be signed by a party that is trusted by ActiveMatrix BPM. This ensures that ActiveMatrix BPM trusts both the contents of the SAML assertion, and that the assertion was intended for use with the body of the incoming message.

This appendix assumes a basic understanding of SAML and how to use it.

Warning: The SAMLAuthDemo example is supplied "as is" with no warranties. The code in SAMLAuthDemo is intended as a simple illustration of the concepts and techniques needed to use SAML authentication to authenticate access to ActiveMatrix BPM from a custom client .NET application. It is not intended as a basis for production-ready code and should not be used as such.