- Syvizo API Management Platform
- Overview
- Getting Started
- Manage Users and Accesses
- Design APIs
- Publish API
- Collaborate
- Validate APIs
- Manage API Flows
- Flow Management
- API Flow Manager
- Policies
- Traffic Management
- Security
- Transformation
- Extension
- Insights
Generate SAML
When to use
Use this policy when you want to generate a SAML assertion and send it in the response.
Details
The SAML (Security Assertion Markup Language) policy type allows API proxies to attach SAML assertions to outbound XML requests. These SAML assertions contain security-related information such as authentication and authorization details. The purpose of attaching SAML assertions is to provide backend services with the necessary information for further security processing.
Once the SAML assertions are attached to the outbound XML requests by the SAML policy, the backend services can extract and utilize this information to apply additional security measures, such as authentication and authorization checks. These backend services can leverage the SAML assertions to make informed decisions about granting access, verifying user identities, and enforcing appropriate security policies.
In summary, the SAML policy enables API proxies to include SAML assertions in outbound XML requests, allowing backend services to apply further security processing, including authentication and authorization, based on the information provided by the SAML assertions.
Configuration
The configuration fields for the policy are:
[* Indicates a mandatory field]
Name *: Display name of the policy
Description: Description of policy
Enabled: Flag to indicate if the policy is enabled. If this field is not checked, the policy will be ignored at runtime and any fields from its output will contain a default initial value
Continue on Error: Flag to indicate that the flow should continue even if this policy throws an error
Ignore Content Type: By default, the assertion will not be generated if the content type of the message is not an XML Content-Type. If this is set to true, then assertion will be generated regardless of the Content-type
KeyStore: The name of the KeyStore that contains the private key or the alias of the private key that will be used to digitally sign SAML assertions.
Subject: The unique identifier of the subject of the SAML assertion
Issuer: The unique identifier of the identity provider
Algorithm: The algorithm used for signature. Value can be SHA1 or SHA256
Template: If this is specified, the assertion will be generated based on the template, replacing everything denoted {} with the corresponding variable, and then digitally signing the result.
Input fields
samlAssertion: generated SAML assertion
Output fields
result: returns a boolean value true if the assertion is valid