SAML Credential Mapping
When applying SAML Credential Mapping, remember the following points:
- The client sends request as a UsernameToken in WS-Security header of the SOAP message.
- UsernameToken authentication policy authenticates the request against LDAP and retrieves LDAP attributes or roles for the user.
- When the service invoked by the client request calls any external service and forwards the outgoing request, SAML credential mapping policy is applied. The SAML assertion generated from the previous UsernameToken authentication is added to the outgoing request.
Note: To use credential mapping by SAML policy on a target operation, make sure that SingleSignonSAMLSigner.properties file is present in the resource directory of the gateway configuration project. The SingleSignonSAMLSigner.properties file is found in the ASG_CONFIG_HOME\default\security\resource directory.
CredentialMappingBySAML Policy
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:All>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<ns:CredentialMapping ResourceInstance="SubjectIsp"
xmlns:ns="http://xsd.tns.tibco.com/governance/policy/action/2009">
<ns:Saml>
<ns:WSS>
<ns:IssuerName>urn:kimyou.tibco.com</ns:IssuerName>
<ns:ValidPeriod>300</ns:ValidPeriod>
</ns:WSS>
</ns:Saml>
<wssp:SignedSupportingTokens
xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wssp:SamlToken> <wssp:IssuerName>urn:www.example.com</wssp:IssuerName>
<wssp:WssSamlV20Token11 />
</wssp:SamlToken>
</wssp:SignedSupportingTokens>
</ns:CredentialMapping>
</wsp:Policy>
</wsp:All>
</wsp:Policy>
Copyright © Cloud Software Group, Inc. All rights reserved.