Previous Topic: ASSP ConfigurationsNext Topic: Invoking the Web Service

CA Strong Authentication Web Services GuideManaging AuthMinder ConfigurationsCreating ConfigurationsPreparing the Request MessageSAML Token Configurations

SAML Token Configurations

AuthMinder supports different types of authentication tokens, and Secure Assertion Markup Language (SAML) tokens are one among them (in addition to Native, OTT, and Custom token types.)

If you want to issue SAML as authentication tokens, then you must configure the SAML token properties. Using the samlTokenConfigs element of the createRequest message, you can configure SAML.

The following table lists the samlTokenConfigs element of the createRequest message:

Element

Mandatory

Description

name

No

Name for the configuration.

status

No

Indicates the status of the configuration.

tokenSigningCertKeyPair

No

Indicates the path that contains AuthMinder Server certificate, and the private key that will be used by AuthMinder Server to issue the SAML token. Following are the choices:

  • KeyPairInHSM
    Set the certChainPEM element to AuthMinder Server certificate chain in PEM format.
  • KeyPairInP12
    Set cerKeyP12 to the base64-encoded format of AuthMinder Server certificate in PKCS#12 format.
    Set certKeyP12Password to the password of the PKCS#12 file.

digestMethod

No

The algorithm that will be used for hashing the SAML tokens.

signatureMethod

No

The algorithm that will be used for signing the SAML tokens.

samlTokenAttributes

No

The attributes of the SAML token. The attributes required are:

  • issuerName
    The URL of AuthMinder Server.
  • oneTimeUse
    Indicates whether the SAML token is to be used only once for authentication.
  • assertionTimeOut
    The duration after which the SAML token cannot be used.
  • audiences
    The details of the audience who can use the SAML token.

subjectFormatSAML11

No

The format of the SAML subject for SAML 1.1.

subjectFormatSAML20

No

The format of the SAML subject for SAML 2.0.

additionalAttributes

No

You can set additional attributes, if required for the SAML token generation. Following are the required elements:

  • attributeNameSpace
    The attribute namespace.
  • nameFormat
    The attribute name format.
  • attributeName
    The name of the attribute.
  • FriendlyName
    The friendly name for the attribute.