AnsweredAssumed Answered

WSS SAML Token Profile for Web Services Security

Question asked by Dariusz.Piotrak on Apr 5, 2016
Latest reply on Apr 6, 2016 by Kelly Wong

We want to use CA SPS as the SAML Authority (IdP) to issue SAML Tokens (Assertions) that would be subsequently used by service consumer as part of the WSS token for SOAP Web Services invocation. The SAML token would be then validated by the external API Gateway (Oracle) integrated with SiteMinder. (link to the pattern: Using SAML-based Authentication for Web Services with Integrated SOA Gateway (Oracle E-Business Suite Technology)

 

The standard pattern would be to use STS service to issue security tokens to the service consumer. SPS includes STS service, however there is literally zero documentation regarding how STS should be used...

 

Another option was to configure IdP SAML Federation and try to use Federation Web Services to issue tokens (for example AuthnRequest Service).

 

However this doesn't seem to be correct as SAML Federation Web Services seem to be created for Web SSO Use Cases only.

 

Any thoughts would be helpful.

Outcomes