Previous Topic: How to Configure Responses to Produce SAML Session TicketsNext Topic: Configure Security Policies from WSDL Files Using Applications

Web Services Security GuidesCA SiteMinder WSS Policy Configuration Guide(Optional) Configure Responses to Generate SAML Session Tickets or WS-Security Headers for Outgoing MessagesHow to Configure Responses to Produce SAML Session TicketsSAML Session Ticket Response Examples

SAML Session Ticket Response Examples

You can use assertion variables to help the SiteMinder WSS Agent build the assertion.

Example 1

If the web service is protected by the XML-DSIG authentication scheme, create an attribute that extracts the client’s public key from the certificate and adds it to the SAML assertion. To instruct the SiteMinder WSS Agent to get the public key from the digital certificate, enter the variable TXM_Public_Key with the value XMLDSIG.

The following table shows the properties of the primary response attribute:

Field

Value

Attribute

WebAgent-SAML-Session-Ticket-Variable

Attribute Kind

Static

Variable Name

TXM_Public_Key

Variable Value

XMLDSIG

If the public key is coming from the user directory, two response attributes are required. The properties of the first required response attribute would be as follows:

Field

Value

Attribute

WebAgent-SAML-Session-Ticket-Variable

Attribute Kind

User Attribute

Variable Name

TXM_User_Cert

Variable Value

usercertificate

The properties of the second required response attribute would be as follows:

Field

Value

Attribute

WebAgent-SAML-Session-Ticket-Variable

Attribute Kind

Static

Variable Name

TXM_Public_Key

Variable Value

User_Store

Example 2

To ensure that the assertion is placed in the SOAP envelope message header, the properties of the required response attribute would be as follows:

Field

Value

Attribute

WebAgent-SAML-Session-Ticket-Variable

Attribute Kind

Static

Variable Name

TXM_SAML_Location

Variable Value

Envelope_Header