WS-Policy Files

1.1.7.3.2.7 WS-Policy Files

SALT includes a number of WS-Policy files that you can use for configuring services for SAML SSO as listed in Table below:

Table 1-11 SAML SSO Policy Files

File Name	Purpose
Wssp1.2-2007-Saml1.1-SenderVouches-Https.xml	SAML 1.1 support (with TLS)
Wssp1.2-2007-Saml2.0-SenderVouches-Https.xml	SAML 2.0 support (with TLS)
Wssp1.2-2007-Saml1.1-SenderVouches.xml	SAML 1.1 support (without TLS)
Wssp1.2-2007-Saml2.0-SenderVouches.xml	SAML 2.0 support (without TLS)

The above files can be referenced at the <ServiceGroup> or <Service> level in the native WSDF file.

This policy may be combined with other WS-Security policies (such as inbound body signature). For more information, see Configuring Message-Level Web Service Security

Following is an example of the SAML 1.1 policy file with supported capabilities outlined.

Example 1-23 SAML 1.1 Policy File

<?xml version="1.0"?>

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

     <sp:AsymmetricBinding>
        <wsp:Policy>
          <sp:InitiatorToken>
            <wsp:Policy>
              <sp:X509Tokensp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Always">
            <wsp:Policy>
              <sp:WssX509V3Token10/>
               </wsp:Policy>
          </sp:X509Token>
        </wsp:Policy>
      </sp:InitiatorToken>
      <sp:RecipientToken>
        <wsp:Policy>
          <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never">
           <wsp:Policy>
             <sp:WssX509V3Token10/>
           </wsp:Policy>
         </sp:X509Token>
       </wsp:Policy>
      </sp:RecipientToken>
      <sp:AlgorithmSuite>
        <wsp:Policy>
          <sp:Basic256/>
        </wsp:Policy>
      </sp:AlgorithmSuite>
      <sp:Layout>
        <wsp:Policy>
          <sp:Lax/>
        </wsp:Policy>
      </sp:Layout>
      <sp:IncludeTimestamp/>
      <sp:ProtectTokens/>
    </wsp:Policy>
  </sp:AsymmetricBinding>
  <sp:SignedSupportingTokens>
    <wsp:Policy>
      <sp:SamlToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
        <wsp:Policy>
          <sp:WssSamlV11Token10/>
        </wsp:Policy>
      </sp:SamlToken>
    </wsp:Policy>
  </sp:SignedSupportingTokens>
</wsp:Policy>

Parent topic: SAML Key File