Wednesday, June 18, 2008

SAML

Well it's been awhile since my last post but work and life have been quite hectic. Currently I have a client that is attempting to integrate a Identity Management/Policy Decision application with their ESB. As part of this effort examination of the many options has presented itself and we have agreed to examine the Security Assertion Markup Language as a potential solution. The overall use case is to have internal/external clients use an SSO approach towards invoking available services.

To demonstrate this capability a SAML Assertion will be inserted into the SOAP Header of a request. The deployed Web Service in the ESB will include Message Processing Logic in the form of an interceptor. The interceptor will examine the SOAP Header and SAML Assertion. At this time, it will be absent of a Digital Signature which adds an additional layer of integrity for the Assertion. The other challenge is the use of SAML 1.0 versus the current supported version of 2.0. Fortunately, the PDP has support for SAML 1.0 eliminating the immediate need to custom code 2.0 support.

For a sample SAML Assertion, check out the Sun Web Site at:

Sun Sample

and OASIS which manages the specification.

OASIS Site