Process RSTR Response Assertion
The Process RSTR Response assertion takes an RSTR response message as an input and processes this message to get the security context.
gateway90
The
Process RSTR Response
assertion takes an RSTR response message as an input and processes this message to get the security context.To learn about selecting the target message for this assertion, see Select a Target Message.
Context Variables Created by This Assertion
The Process RSTR Response assertion sets the following context variables with details about the security context.
The default
<prefix>
is "rstrResponseProcessor" and can be changed in the assertion properties.Variable | Description |
<prefix>. token | Stores the token from the security context (either SAML or Security Context Token). |
<prefix>. createTime | Stores the create time of the secure conversation session, in absolute UTC time. |
<prefix>. expiryTime | Stores the expiry time of the secure conversation session, in absolute UTC time. |
<prefix>. serverEntropy | Stores the server entropy, if the RSTR response message contains an entropy. This variable does not apply to SAML Tokens. |
<prefix>. fullKey | Stores the full key, if the RSTR response message contains an encrypted key or a binary secret. |
<prefix>. keySize | Stores the size of the key, in bits, from the RSTR response. Contains zero if the key size is not present. |
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickProcess RSTR Reponsein the policy window and selectRSTR Response Processor Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Choose the token type to be requested: SAML or Security Context Token. If SAML, select the SAML version (1.1 or 2.0).
- Optionally, enter a prefix that will be added to the context variables created by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.The default prefix isrstrResponseProcessor.For an explanation of the validation messages displayed, see Context Variable Validation.
- Click [OK].