Do anyone know how to change the Issuer value in the following SAML Artifact Resolve request that is sent by DataPower AAA policy to retrieve SAML assertion identified with the SAML Artifact received as an identity in the request url. By default DataPower is using 'XS' as issuer. I would like to override this value with the service provider identity url that is created in the OpenSSO circle of trust as remote service provider. I am using SAML 2.0 Web Browser SSO Profile with HTTP-REDIRECT. I can achieve this using custom xslt files. But I would like to use the built in feature of the AAA policy. This for an IDP initiated single sign on request.
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:dp="http://www.datapower.com/schemas/management">
<samlp2:ArtifactResolve xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="IDdfac88d3-bed9-431a-b8aa-2993c167c95c" IssueInstant="2012-11-28T13:54:39Z">
Any help would be greatly appreciated.
Thanks in advance
Notice: We have upgraded developerWorks Community to the latest version of IBM Connections. For more information, read our upgrade FAQ.
Pinned topic DataPower AAA Policy Resolve SAML Artifact Request
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-09T04:49:13Z at 2013-01-09T04:49:13Z by SystemAdmin
swlinn 100000E7QE1346 Posts
Re: DataPower AAA Policy Resolve SAML Artifact Request2012-11-28T19:03:20ZThis is the accepted answer. This is the accepted answer.I've seen some DataPower actions where you can specify a context variable in the configuration and the variable is evaluated, but in this case the field is not evaluated. To have that capability in the AAA PP step would be an enhancement. In the meantime, you're going to need a separate transformation action where your stylesheet changes the value of this element to what you want.
swlinn 100000E7QE1346 Posts
Re: DataPower AAA Policy Resolve SAML Artifact Request2012-12-05T11:14:42ZThis is the accepted answer. This is the accepted answer.
- swlinn 100000E7QE
Re: DataPower AAA Policy Resolve SAML Artifact Request2013-01-09T04:49:13ZThis is the accepted answer. This is the accepted answer.Hi Venky,
I am working with Web Broser SSO using DataPower and OpenAM. I am facing similar issue in the AAA policy attached to the Web App Firewall. I am using a custom template create a ArtifactResolve (to replace the issuer) and to retrieve the SAML Assertions Corresponding to a SAML Browser Artifact received from the IDP originated SSO request. However the OpenAM is returning a soap fault. The ArtifactResolve from DataPower is in same lines of yours but the following is the response from OpenAM. The DP side looks ok to me I am currently investigating at OpenAM side, meanwhile any leads/suggestions would be much appreciated.
<faultstring>The SAML Request is invalid.</faultstring>