Try OpenEdge Now
skip to main content
Administration
REST Administration : REST Management Agent and REST Web Application Security Configurations : Using SAML in security configurations
 

Using SAML in security configurations

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between business entities. It is a product of the OASIS Security Services Technical Committee. SAML specification defines three roles in its security configurations:
*Principal: Requests a Web service. Typically, a user.
*Identity provider (IdP): Identifies a user and makes the access control decision, that is, only if the user is authenticated with proper permissions to access the Web service.
*Service provider (SP): A program or a Web application that can service a Principal's requests. Typically, a Web application.
The following is the representation of a SAML security implementation:
SAML representation
A general scenario implementing SAML for security configuration is as follows:
1. A user (Principal) requests a service from a REST Web application (Service Provider).
2. The REST Web application requests and obtains an identity assertion from the Progress Identity provider (IdP).
3. On the basis of the assertion, if the user has the required permissions for accessing the REST Web application service, the service is performed, otherwise, the service is not performed. Also, in SAML security implementation, one Identity Provider can provide SAML assertions to many Service Providers, and a Service Provider can trust assertions from many independent Identity Providers.
For more information on SAML, see the online resources.
* Choosing a SAML security configuration model
* Creating and configuring the Service Provider metadata
* Registering the Service Provider with the Identity Provider
* Configuring the SAML security configuration model