Configuring CICS for SAML
CICS supports the use of Security Assertion Markup Language (SAML) for describing and exchanging security information.
Before you begin
CICS® supports the SAML Core1.1 and SAML Core2.0 standards. It does not support the protocols that are described in those standards.
You can configure provider and requester pipelines to use SAML tokens, but you must first deploy the CICS Security Token Service (STS).You must identify the regions where you want to deploy the CICS Security Token Service (STS). Install the STS in regions without any application code. If you have application code in the region where you will be validating your SAML token, define the STS remotely. You might also choose to define the region remotely if you prefer to separate regions that run Java™ code from other regions. Another reason for having a separate region for the STS is that you could define that region with its own keyring, which contains only those certificates that are required for signature validation and signing SAML tokens.
About this task
CICS provides a linkable interface called DFHSAML. The interface allows CICS web services pipelines and applications to validate and extract information from SAML assertions. CICS support for SAML requires a JVM server that is installed and configured on your system.
Java 11Java 17 Running a SAML JVM server with Java 11 or Java 17 is not supported.