You probably have read the announcement letter on the XML Feature Pack, SCA Refresh, and SAML (Security Assertion Markup Language) for Web Services support coming to WebSphere 7.0.
I would like to give some additional details of what is in the SAML support.
- Supports scenarios targeting OASIS Web Services Security SAML Token Profile 1.1
- Supports SAML Token Assertion specifications v1.1 and v2.0
- Supports Bearer confirmation and Holder-of-key confirmation
- Configurable via policy sets
- Targets JAX-WS services
- Leverages Custom Token Support
- API to create and consume SAML assertions
- Allows customers to create SSO solutions independent from web services
- Issuing Token
- Supports an external STS (Security Token Service)
- Tested with Tivoli Federated Identity Manager
- API supports request and validation of SAML Assertions via standard WS-Trust v1.2 and v1.3 Protocols
- Supports sender (client) side SAML token caching for better performance
- Supports self-issuance
It is now available, so try it out and feel free to give us some feedback on your experiences.
P.S. Here is the SAML support Info Center link.