Web Services Security Guides › CA SiteMinder® Web Services Security Policy Configuration Guide › (Optional) Configure Variables To Use in Message-based Authorization Policies › Variables Overview › Create a SAML Assertion Variable
Create a SAML Assertion Variable
SAML Assertion variables let you obtain information from any SAML assertion and use this information in policy expressions to authorize a client. The assertion may be included in a SOAP envelope or HTTP header of an incoming XML message. For example, you can create a variable that enables the Policy Server to check who issued the assertion before permitting access to a web service.
SAML assertion variables are resolved to the value of an XPath string. The string identifies an element (and optionally, an operation to perform on that element) of a SAML assertion.
Note: For more information about XPATH, see the XPATH specification available at http://www.w3.org/TR/xpath.
Follow these steps:
- Click Policies, Domain.
- Click Variables.
- Click Create Variable.
Verify that the Create a new object of type Variable option is selected.
- Click OK.
- Select a domain from the list and click Next.
- Type the variable name in the Name field.
- Select SAML Assertion from the Variable Type list.
SAML Assertion variable settings open.
- Specify the data type in which the value of the specified XPATH query should be returned by choosing one of the following options from the Return Type list:
- Boolean
- Number
- String (the default)
- Type in an XPath query that you want to resolve to the variable value in the Query box.
- Optionally, set the SAML Authentication Scheme Required box if the web service is protected by the SAML Session Ticket authentication scheme.
- If the web service is not protected by the SAML Session Ticket authentication scheme, specify whether the SiteMinder WSS Agent should look for the SAML assertion in the Envelope Header or HTTP Header by selecting the appropriate SAML Assertion Location option.
- Click Finish.
The variable appears in the Variables tab of the domain. The variable can now be used in policy expressions or responses.
Copyright © 2014 CA.
All rights reserved.
|
|