Monday, 19 April 2010
SAML assertions across WebSphere Application Server security domains
Security Assertion Markup Language (SAML) is fast becoming the technology of choice to create Single Sign-On (SSO) solutions across enterprise boundaries. This article describes how to use the SAML support in IBM® WebSphere® Application Server V7.0 Fix Pack 7 to assert SAML tokens across enterprise boundaries in different security domains, and also to make access control decisions directly using the foreign security domain user identity and custom SAML group attribute, all based on the trust relationship. Trust relationship validation is enforced via policy set binding configuration at three points to ensure authenticity and to guard against security threats. This article shows how this technology can be easier to manage and more scalable compared to the alternative identity mapping approach.