CA API Gateway 9.1

9.4 9.1

Enforce WS-I SAML Compliance Assertion

The Enforce WS-I SAML Compliance assertion checks incoming and/or outgoing requests for compliance with the SAML Token specifications.
gateway90
The
Enforce WS-I SAML Compliance
assertion checks incoming and/or outgoing requests for compliance with the SAML Token specifications.
Use this assertion to:
  • Ensure strict adherence to namespaces
  • Enforce adherence for required/restricted elements, attributes, and attribute values
  • Enforce referencing constraints (for example, reference by ID for local security tokens).
This assertion implements the rules contained in the SAML Token section of the
Basic Security Profile Version 1.0
 specifications located at http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.
To view the audit records generated by this assertion, see Gateway Audit Events.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. Right-click
    Enforce WS-I SAML Compliance
    in the policy window and select
    WS-I SAML Compliance Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
  3. Configure the properties as follows:
    Setting
    Description
    Check Request Message
    Select this check box to check request messages for conformance to the SAML Token section of the WS-I BSP specifications. Clear this check box to not check requests for conformance.
    This setting is selected by default if the assertion is placed
    before
     the routing assertion in the policy.
    Check Response Message
    Select this check box to check response messages for conformance to the SAML Token section of the WS-I BSP specifications. Clear this check box to not check responses for conformance.
    This setting is selected by default if the assertion is placed
    after
     the routing assertion in the policy.
    Audit only
    Select
    Audit only
     to generate an audit record when non-conformance in the request or response is detected. No SOAP fault occurs and the assertion does not fail.
    Audit and Fail
    Select
    Audit and Fail
     to generate both an audit record and a SOAP fault when non-conformance in the request or response is detected; the assertion also fails.
    Fail assertion
    Select
    Fail assertion
     to generate a SOAP fault and fail the assertion when non-conformance in the request or response is detected. No audit record is generated.
    The audit record indicates the rule that was broken (R
    xxxx
    ). You can look up the rule on www.ws-i.org/Profiles/SAMLTokenProfile-1.0.htm lto see more information. No audit record is created when a request or response conforms to the specifications.
  4. Click [
    OK
    ]
     
    when done.

Content feedback and comments