Configuration GuidesPolicy Server Configuration GuideVariablesCreate a Variable › Create a SAML Assertion Variable

Previous Topic: Create a Variable

Next Topic: Create a Transport Variable
Create a SAML Assertion Variable

SAML Assertion variables let you obtain information from any SAML assertion and use this information in policy expressions to authorize a client. The assertion may be included in a SOAP envelope or HTTP header of an incoming XML message. For example, you can create a variable that enables the Policy Server to check who issued the assertion before permitting access to a web service.

SAML assertion variables are resolved to the value of an XPath string. The string identifies an element (and optionally, an operation to perform on that element) of a SAML assertion.

Note: For more information about XPATH, see the XPATH specification available at http://www.w3.org/TR/xpath.

To create a variable

  1. Open the domain to which to you want to add a variable.
  2. Click the Variables tab.

    A table lists the variables associated with the domain.

  3. Click Create Variable.

    The Create Variable screen appears.

  4. Verify that Create a new object is selected, and click OK.

    Variable settings open.

Type the variable name in the Name field.

  1. Select SAML Assertion from the Variable Type list.

    SAML Assertion variable settings open.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  2. Specify the data type in which the value of the specified XPATH query should be returned by choosing one of the following options from the Return Type list:
  3. Type in an XPath query that you want to resolve to the variable value in the Query box.
  4. Optionally, set the SAML Authentication Scheme Required box if the web service is protected by the SAML Session Ticket authentication scheme.
  5. If the web service is not protected by the SAML Session Ticket authentication scheme, specify whether the SOA Agent should look for the SAML assertion in the Envelope Header or HTTP Header by selecting the appropriate SAML Assertion Location option.
  6. Click Finish.

    The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.