The XDInsertSAMLAssertionAgent is used to generate a WSSE SecurityTokenReference containing an embedded SAML assertion.
The following table lists and describes XDInsertSAMLAssertionAgent parameters.
|
Parameter Name |
Description |
|---|---|
|
XML Namespace Provider |
Provider for the mapping between XML namespace prefix and namespace URI. If left blank, elements in the security token will use the default namespace. |
|
Create Parent Element |
Determines whether the parent element is created if it is missing. Select true or false (default) from the drop-down list. |
|
Security Token Parent Element |
Path to the element where the security token will be inserted. The default value is: /soapenv:Envelope/soapenv:Header/wsse:Security If the Create Parent Element parameter is set to true, the XPATH expression must be of the form /comp1/comp2/... where each path component has the following form: ns:elem[@ns1:attrib="attribValue"] The ns: and ns1: namespace prefixes are optional, but if they are present they must be declared in the XML Namespace Provider parameter. The selector in square brackets is optional. If no element with a matching attribute is found, then both the element and the attribute will be created. |
|
WSSE Security Token Reference Id |
The value of the SecurityTokenReference ID Attribute. Subsequent agents can retrieve this value in the saml_token_id special register. |
|
SAML Assertion Id |
The value of the SAML Assertion ID Attribute. Subsequent agents can retrieve this value in the saml_assertion_id special register. |
|
SAML Issue Instant |
The value of the SAML IssueInstant attribute. Subsequent agents can retrieve this value in the saml_issue_instant special register. |
|
SAML Issuer |
The value of the SAML Issuer attribute. |
|
SAML Major Version |
The value of the SAML MajorVersion attribute. The default value is 1. |
|
SAML Minor Version |
The value of the SAML MinorVersion attribute. The default value is 1. |
|
SAML Authentication Instant |
The value of the SAML AuthenticationInstant attribute. |
|
SAML Authentication Method |
The value of the SAML AuthenticationMethod attribute. |
|
SAML Name Identifier Format |
The value of the SAML NameIdentifier Format attribute. |
|
SAML Name Identifier |
The value of the SAML NameIdentifier element. |
|
SAML Subject Confirmation Method |
The value of the SAML ConfirmationMethod element. |
The location where to insert the Security Token Reference is given by a (restricted) XPATH expression pointing to the parent element. The XPATH expression can contain namespace prefixes if the optional XML Namespace Map Provider is specified. If the parent does not exist, it is created. The optional WSSE Security Token Reference Id is used to generate a wsu:Id attribute on the wsse:SecurityTokenReference element. The Id is saved in the saml_token_id special register. This can be used to refer to the security token in an XML Digital Signature Reference using the URL expression #SREG(saml_token_id).
The required SAML Assertion Id is used to generate a saml:AssertionId attribute on the saml:Assertion element. The Assertion Id is saved in the saml_assertion_id special register for later reference. The required SAML Issue Instant is used to generate a saml:IssueInstant attribute on the saml:Assertion element. The issue instance is saved in the saml_issue_instant special register. As per the SAML schema, the following parameters are all required: SAML Issuer, SAML Major Version, SAML Minor Version, SAML Authentication Instant, SAML Authentication Method, SAML Name Identifier Format, SAML Name Identifier, and SAML Subject Confirmation Method. The Major and Minor Versions both default to 1, as shown in the following image.
The following sample shows an SAML Assertion created by the agent:
| iWay Software |