Friday, November 13, 2009

SAML for Web Services is now available with WebSphere

You probably have read the announcement letter on the XML Feature Pack, SCA Refresh, and SAML (Security Assertion Markup Language) for Web Services support coming to WebSphere 7.0.

I would like to give some additional details of what is in the SAML support.
  1. Supports scenarios targeting OASIS Web Services Security SAML Token Profile 1.1
    1. Supports SAML Token Assertion specifications v1.1 and v2.0
    2. Supports Bearer confirmation and Holder-of-key confirmation
  2. Configurable via policy sets
    1. Targets JAX-WS services
    2. Leverages Custom Token Support
  3. API to create and consume SAML assertions
    1. Allows customers to create SSO solutions independent from web services
  4. Issuing Token
    1. Supports an external STS (Security Token Service)
      1. Tested with Tivoli Federated Identity Manager
      2. API supports request and validation of SAML Assertions via standard WS-Trust v1.2 and v1.3 Protocols
    2. Supports sender (client) side SAML token caching for better performance
    3. Supports self-issuance
It is now available, so try it out and feel free to give us some feedback on your experiences.

P.S. Here is the SAML support Info Center link.

1 comment:

  1. Siebel SmartScript accelerates abettor capability with a workflow-based, dynamically generated user interface that helps adviser every alternation with a customer. Siebel SmartScript can be invoked automatically several ways, such as based aloft business rules, through awning pops, by Siebel CTI, or programmatically.

    call center outsourcing