Support for SAML
CICS® provides installable resources and an interface to validate SAML assertions and extract information from them.
Security Assertion Markup Language (SAML) is an XML-based framework for describing and exchanging security information between online business partners. This security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. The OASIS SAML standard defines precise syntax and rules for requesting, creating, communicating, and using these SAML assertions.
- It provides an open standard for exchanging security information between Service Providers, also known as Federated Identity.
- It provides a means for end-to-end auditing.
- It provides a common source for user role or authority-based information.
CICS supports SAML by providing an application programming interface (API), which consists of a linkable interface DFHSAML, a channel, and a set of containers. The API provides the means to enable CICS applications to validate SAML tokens, to extract SAML parts, and to augment SAML assertions by adding attributes.
- Automatic token validation and extraction of SAML parts for inbound SOAP messages
- Addition of a SAML token into a web service request
- Augmentation of a SAML token before it is added into an outbound SOAP message
CICS supports the SAMLCore1.1 and SAMLCore2.0 standards. It does not support the protocols that are described in those standards.
These capabilities allow CICS to participate in SAML SSO scenarios and to extend SAML attribute-based access control by dynamically adding new attributes.