Support for SAML

CICS® provides installable resources and an interface to validate SAML assertions and extract information from them.

Security Assertion Markup Language (SAML) is an XML-based framework for describing and exchanging security information between online business partners. This security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. The OASIS SAML standard defines precise syntax and rules for requesting, creating, communicating, and using these SAML assertions.

SAML provides a solution for a number of problems:

It provides an open standard for exchanging security information between Service Providers, also known as Federated Identity.
It provides a means for end-to-end auditing.
It provides a common source for user role or authority-based information.

Start of change CICS supports SAML by providing an application programming interface (API), which consists of a linkable interface DFHSAML, a channel, and a set of containers. The API provides the means to enable CICS applications to validate SAML tokens, to extract SAML parts, and to augment SAML assertions by adding attributes. End of change

SAML support for web services provides the following facilities:

Automatic token validation and extraction of SAML parts for inbound SOAP messages
Addition of a SAML token into a web service request
Augmentation of a SAML token before it is added into an outbound SOAP message

The use of the transaction channel in pipelines and CICS applications allows the propagation of SAML information through a CICS transaction without the need to revalidate it. End of change

CICS supports the SAMLCore1.1 and SAMLCore2.0 standards. It does not support the protocols that are described in those standards.

Start of change These capabilities allow CICS to participate in SAML SSO scenarios and to extend SAML attribute-based access control by dynamically adding new attributes. End of change