Patterns for developing SAML-aware programs
SAML aware programs might conform to common patterns. One such pattern is an initial program that controls access to parts of the application. Another is logging information about the user.
Pattern: reusing a validated token
You might want to validate a SAML token and later in the same transaction call a web service from a requester program and use the same token. A validated SAML token is held in the DFHSAML-OUTTOKEN container. As this container is read-only, it cannot be moved between channels. To avoid having to reissue the validation request, and thus to improve performance, you can use the transaction channel, DFHTRANSACTION.
When
you validate a SAML token from an incoming web service, code the tran_channel="yes" attribute
in the <sts_authentication> element in the configuration
file for your provider pipeline. This attribute specifies that the
SAML assertions are copied from the output containers into containers
in the DFHTRANSACTION channel.
To reuse the validated SAML
token in a web service, code the tran_channel="yes" attribute
in the <sts_authentication> element in the configuration
file for the requester pipeline that is used by the web service.