Developing a SAML-aware initial program

As an alternative to using the web services support (see Configuring a provider pipeline to use SAML tokens ), you can write your own SAML-aware initial program as a security front end to validate SAML tokens. Such a program can be useful when you are using messages that use HTTP, IBM® MQ , or any other protocol, rather than a SOAP message.

The SAML-aware initial program extracts the SAML token from the message. It then puts the token into a character container, DFHSAML-TOKEN, in a channel. The program then links to the program DFHSAML with the channel to validate the token and extract the containers. For details of the containers, see SAML support containers.

You can use either a user-defined channel or the transaction channel (DFHTRANSACTION). If you are using a user-defined channel, the containers are passed on LINK requests that explicitly pass that channel. If you are using the transaction channel, the containers are available throughout the transaction.

The application can use information in the containers, such as SAML attributes, by using GET CONTAINER commands.

For a specific example of how you might use this information, see Pattern for developing a SAML-aware initial program.