Table of Contents

Search

  1. Preface
  2. Part 1: Using Process Developer
  3. Part 2: Creating and Modifying Processes
  4. Part 3: Functions, Events, Errors, and Correlation
  5. Part 4: Testing and Deployment
  6. Part 5: Process Central and Process Server (On-Premises)

Process Developer

Process Developer

SAML

SAML

Select this policy assertion as described in Adding Policy Assertions.
The Security Assertions Markup Language (SAML) is an OASIS standard that enables loosely coupled and federated identity integration. SAML standardizes how identity-related security information can be communicated between policy domains.
SAML assertions are usually transferred from identity providers (the my role partner link) to service providers (the partner role partner link). Assertions contain statements that service providers use to make access control decisions.
SAML 1.1 and 2.0 are the currently supported versions. For details about SAML, refer to OASIS Security Services (SAML) TC at www.oasis-open.org.
Direction
  • Out
    . Typically selected for Partner Role partner links. Messages sent to partner service will be trusted messages
  • In
    . Typically selected for My Role partner links. Messages sent back to the process from partner service are accepted as trusted messages
  • Both
    can be needed when the transport mechanism is other than SOAP over HTTP, such as SOAP over JMS. Send and receive trusted messages.
Version
SAML Version to use
Subject Name
(Optional) For outgoing messages, add a subject to indicate the the user associated with the identity information. For example, you can enter the distinguished name from your LDAP service.
Confirmation Method
For outgoing messages, select a method:
  • sender-vouches
    : If trust is already established with a SSL certificate, then a digital signature is not required, and you can use sender-vouches.
  • holder of key
    : If trust has not been established, you can select holder of key to indicate that the proof of trust is sent through digital signatures within the assertion itself.
Authentication Method
For outgoing messages, select a method used to authenticate the subject (to determine if the information in the assertion refers to the party making the current request).
The default is
urn:oasis:names:tc:SAML:1.0:am:unspecified
.
For details about using the other options, refer to the SAML Specification at the address given in the introduction of this topic.

0 COMMENTS

We’d like to hear from you!