1.1.7.3.2.8 Mapping SAML Elements with Oracle Tuxedo Security
The following table lists what optional SAML assertion elements must present.
Table 1-12 Optional SAML Assertion Elements
| Oracle Tuxedo Security and SAML Assertion Correspondence | ||
|---|---|---|
| Oracle Tuxedo SECURITY Level | Additional SAML Assertion Elements Required | Access Principal |
NONE |
None | Anonymous, Subject/NameID |
APP_PW |
None | Anonymous, Subject/NameID |
USER_PW |
Subject | Subject/NameID |
ACL |
Subject | Subject/NameID |
MANDATORY_ACL |
Subject | Subject/NameID |
In NONE and APP_PW cases, if the
optional element "Subject"exists, then
"NameID"is used to access Oracle Tuxedo. If the
optional element "Subject"does not exist, then the
client assumes anonymous user identity to access Oracle Tuxedo. If
the anonymous access is not allowed (i.e. no credential mapping for
anonymous), then the request fails.
If the SAML assertion does not contain a
"Subject" element and Tuxedo SECURITY
level is configured at USER_PW, ACL, or
MANDATORY_ACL, then the request is rejected.
Parent topic: SAML Key File