SAML

ActiveVOS Server User’s Guide

SAML

The Security Assertions Markup Language (SAML) is an OASIS standard that enables loosely coupled and federated identity integration. SAML standardizes how identity-related security information can be communicated between policy domains.

SAML assertions are usually transferred from identity providers (the my role partner link) to service providers (the partner role partner link). Assertions contain statements that service providers use to make access control decisions.

SAML 1.1 is the currently supported version. For details about SAML, refer to OASIS Security Services (SAML) TC at www.oasis-open.org.

Direction	Out. Typically selected for Partner Role partner links. Messages sent to partner service will be trusted messages In. Typically selected for My Role partner links. Messages sent back to the process from partner service will be accepted as trusted messages Both May be needed when the transport mechanism is other than SOAP over HTTP, such as SOAP over JMS. Send and receive trusted messages.
Subject Name	(Optional) For outgoing messages, add a subject to indicate the the user associated with the identity information. For example, you can enter the distinguished name from your LDAP service.
Confirmation Method	For outgoing messages, select a method: sender-vouches: If trust is already established with a SSL certificate, then a digital signature is not required, and you can use sender-vouches. holder of key: If trust has not been established, you can select holder of key to indicate that the proof of trust is sent through digital signatures within the assertion itself.
Authentication Method	For outgoing messages, select a method used to authenticate the subject (to determine if the information in the assertion refers to the party making the current request). The default is urn:oasis:names:tc:SAML:1.0:am:unspecified. For details about using the other options, refer to the SAML Specification at the address given in the introduction of this topic.