Enforce WS-I SAML Compliance Assertion
The Enforce WS-I SAML Compliance assertion checks incoming and/or outgoing requests for compliance with the SAML Token specifications.
Enforce WS-I SAML Complianceassertion checks incoming and/or outgoing requests for compliance with the SAML Token specifications.
Use this assertion to:
- Ensure strict adherence to namespaces
- Enforce adherence for required/restricted elements, attributes, and attribute values
- Enforce referencing constraints (for example, reference by ID for local security tokens).
This assertion implements the rules contained in the SAML Token section of the
Basic Security Profile Version 1.0specifications located at http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.
To view the audit records generated by this assertion, see Gateway Audit Events.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Add an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickEnforce WS-I SAML Compliancein the policy window and selectWS-I SAML Compliance Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Configure the properties as follows:SettingDescriptionCheck Request MessageSelect this check box to check request messages for conformance to the SAML Token section of the WS-I BSP specifications. Clear this check box to not check requests for conformance.This setting is selected by default if the assertion is placedbeforethe routing assertion in the policy.Check Response MessageSelect this check box to check response messages for conformance to the SAML Token section of the WS-I BSP specifications. Clear this check box to not check responses for conformance.This setting is selected by default if the assertion is placedafterthe routing assertion in the policy.Audit onlySelectAudit onlyto generate an audit record when non-conformance in the request or response is detected. No SOAP fault occurs and the assertion does not fail.Audit and FailSelectAudit and Failto generate both an audit record and a SOAP fault when non-conformance in the request or response is detected; the assertion also fails.Fail assertionSelectFail assertionto generate a SOAP fault and fail the assertion when non-conformance in the request or response is detected. No audit record is generated.The audit record indicates the rule that was broken (Rxxxx). You can look up the rule on www.ws-i.org/Profiles/SAMLTokenProfile-1.0.htm lto see more information. No audit record is created when a request or response conforms to the specifications.
- Click [OK]