The Security Assertion Markup Language (SAML) is an XML-based
OASIS standard for exchanging user identity and security attributes
information. Using SAML, a client can communicate assertions regarding
the identity, attributes, and entitlements of a SOAP message. You
can apply policy sets to JAX-WS applications to use SAML assertions
in web services messages and in web services usage scenarios. Use
SAML assertions to represent user identity and user security attributes,
and optionally, to sign and to encrypt SOAP message elements.
Procedure
- Learn about SAML.
- Configure SAML application support.
- Security Assertion Markup Language (SAML) is an XML-based, OASIS standard for
exchanging user identity and security attributes information. You can use the SAML function to apply a default policy to use SAML assertions in web services
messages and in web services usage scenarios. In a typical SAML usage scenario, you authenticate to
a security domain and request an identity provider to issue SAML assertions.
In WebSphere® Application Server Version 7.0.0.7 and later, to use the SAML default
policy sets, sample SAML general bindings, and JAAS login configuration settings for SAML, you were
required to set up the SAML configuration, which is stored in a profile. In WebSphere Application Server
Version 8.5, the SAML feature is available in all profiles by
default.
- Develop and assemble a SAML
application.
- Deploy the SAML application.