Configuring Authentication for SAML-Secured Services
Process Server supports the Security Assertions Markup Language (SAML) standard for exchanging authentication and authorization data between an identity provider (a producer of assertions) and a service provider.
To configure Process Server to use SAML policy assertions, you must do the following:
- •In the Process Deployment Descriptor (PDD) of your BPEL processes, add a SAML policy assertion for my roles and/or partner roles that send/receive SAML-authenticated messages. This policy describes parameters that a service uses to make access control decisions. For details, see SAML in the Process Developer Help.
- •Add a SAML properties section to the Process Server crypto.properties file.
Here is an example of the SAML properties to add:
org.apache.ws.security.saml.issuer.key.name=aeadmin
org.apache.ws.security.saml.issuer.key.password=password
org.apache.ws.security.saml.issuer=http://www.abe-saml-demo.com/saml
org.apache.ws.security.saml.subjectNameId.qualifier=http://www.abe-saml-demo.com/saml
Note that the key name and password must match what you have in the Process Server keystore.