We want to use CA SPS as the SAML Authority (IdP) to issue SAML Tokens (Assertions) that would be subsequently used by service consumer as part of the WSS token for SOAP Web Services invocation. The SAML token would be then validated by the external API Gateway (Oracle) integrated with SiteMinder. (link to the pattern: Using SAML-based Authentication for Web Services with Integrated SOA Gateway (Oracle E-Business Suite Technology)
The standard pattern would be to use STS service to issue security tokens to the service consumer. SPS includes STS service, however there is literally zero documentation regarding how STS should be used...
Another option was to configure IdP SAML Federation and try to use Federation Web Services to issue tokens (for example AuthnRequest Service).
However this doesn't seem to be correct as SAML Federation Web Services seem to be created for Web SSO Use Cases only.
Any thoughts would be helpful.