- Syvizo API Management Platform
- Overview
- Getting Started
- Manage Users and Accesses
- Design APIs
- Publish API
- Collaborate
- Validate APIs
- Manage API Flows
- Flow Management
- API Flow Manager
- Policies
- Traffic Management
- Security
- Transformation
- Extension
- Insights
Validate SAML
When to use
Use this policy when you want to verify the SAML assertion sent in the request
Details
The SAML (Security Assertion Markup Language) policy type allows API proxies to validate SAML assertions attached to inbound SOAP requests. The primary purpose of the SAML policy is to validate incoming messages that include a digitally-signed SAML assertion.
When an inbound SOAP request contains a SAML assertion, the SAML policy performs validation checks to ensure the integrity and authenticity of the assertion. It verifies the digital signature and performs other necessary validations to determine the validity of the SAML assertion.
If the SAML assertion is deemed invalid during the validation process, the SAML policy rejects the inbound message, preventing further processing and potential security risks.
Additionally, the SAML policy sets variables that can be accessed by subsequent policies or backend services. These variables contain information extracted from the SAML assertion, enabling additional validation or allowing backend services to make decisions based on the contents of the assertion. This allows for further security processing, such as authentication and authorization, by utilizing the information provided in the SAML assertion.
To summarize, the SAML policy type validates SAML assertions attached to inbound SOAP requests, rejects invalid assertions, and sets variables for additional policies or backend services to perform further validation and security processing based on the information contained in the SAML assertion.
Configuration
The configuration fields for the policy are:
[* Indicates a mandatory field]
Name *: Display name of the policy
Description: Description of policy
Enabled: Flag to indicate if the policy is enabled. If this field is not checked, the policy will be ignored at runtime and any fields from its output will contain a default initial value
Continue on Error: Flag to indicate that the flow should continue even if this policy throws an error
Ignore Content Type: By default, the assertion will not be generated if the content type of the message is not an XML Content-Type. If this is set to true, then assertion will be generated regardless of the Content-type
TrustStore: The name of the TrustStore that contains trusted X.509 certificates used to validate digital signatures on SAML assertions.
Remove Assertion: A boolean that can be set true or false. The SAML assertion will be removed if the value is true from the request message before the message is forwarded to the backend service.
Input fields
None
Output fields
isValid: Returns a boolean true if the api key is valid and access is allowed to the request
blockedAddress: IP address that is blocked for any request