Implementing a SAML sender-vouches subject confirmation scenario in WebSphere Application Server

From the developerWorks archives

Chunlong Liang and Ching-Yun Chao Ph.D.

Date archived: January 3, 2017 | First published: November 02, 2011

This article describes how to configure and use SAML sender-vouches tokens in IBM® WebSphere® Application Server (V7.0 Fix Pack 9 and later). The SAML sender-vouches subject confirmation method is particularly useful when a message sender acts on behalf of a web services client to access downstream web services and must assert client identity and security attributes. This method requires the message sender and receiver to ensure integrity of SOAP messages and SAML assertions. This article explains how to setup policy set and application-specific bindings to use message level integrity protection and transport level confidential protection. A sample application is provided for reference, with fast path instructions. This content is part of the IBM WebSphere Developer Technical Journal.

This content is no longer being updated or maintained. The full article is provided "as is" in a PDF file. Given the rapid evolution of technology, some steps and illustrations may have changed.



static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=WebSphere
ArticleID=768980
ArticleTitle=Implementing a SAML sender-vouches subject confirmation scenario in WebSphere Application Server
publish-date=11022011