Was this helpful?


Security Assertion Markup Language (SAML)

The Security Assertion Markup Language (SAML) specification defines formats and protocols that enable applications to exchange XML-formatted information for authentication and authorization.

Edge API Services enables you to authenticate and authorize apps that are capable of presenting SAML tokens. A SAML token is a digitally signed fragment of XML that presents a set of "assertions". These assertions can be used to enforce authentication and authorization.

To use SAML terminology, API Services can function as a service provider (SP) or an Identity Provider (IP). When API Services validates SAML tokens on inbound requests from apps, it acts in the role of SP. (API Services can also act in the IP role, when generating SAML tokens to be used when communicating with backend services. See Last-mile security).

The SAML policy type enables API proxies to validate SAML assertions that are attached to inbound SOAP requests. The SAML policy validates incoming messages that contain a digitally-signed SAML assertion, rejects them if they are invalid, and sets variables that allow additional policies, or the backend services itself, to further validate the information in the assertion.

To validate SAML tokens, you need to make digital certificates available to the SAML policy by creating at least one TrustStore. TrustStores are scoped to environments in your organizations. Thus, you can configure different trust chains in test and prod, ensuring that test SAML tokens cannot be used in prod, and vice-versa.

For details on SAML validation, see Authenticate and authorize using SAML 2.0.

Get help

For help, see Apigee Customer Support.

コメント

Is there a tutorial on how to consume SAML and send SAML assertions. I am interested in sending a SAML assertion to SAP.

Surya - No tutorial yet, but we'll add it to our list for consideration. Thanks.

コメントを追加

Provide your email address if you wish to be contacted offline about your comment.
We will not display your email address as part of your comment.

We'd love your feedback and perspective! Please be as specific as possible.
Type the characters you see in this picture. (verify using audio)

Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.