App Connect

STR-Transform signed SAML tokens and IBM Integration Bus. 

Fri July 03, 2020 06:17 AM


This article describes the necessary configuration steps to allow IBM Integration Bus to accept an SAML token signed by an STR-Transform algorithm.

If you want to create a provider flow (SOAPInput flow) in IBM Integration Bus that can accept SAML tokens signed using an STR-Transform algorithm, you need manual intervention on the policy binding xml files. This is because IBM Integration Bus uses only one transform algorithm to sign message parts, which is an exclusive XML canonicalization algorithm http://www.w3.org/2001/10/xml-exc-c14n.

Here are the steps that you need to follow in order to receive an SAML token signed by an STR-Transform algorithm.

1. Configure the policy set using the policy editor.

First, you need to create a policy set using the policy editor. Then, add a reference to the SAML authentication token and SecurityTokenReference message part in the policy set, as shown below.

a. In the authentication token panel, add an SAMLv2.0 Passthrough authentication token.

saml authtoken Figure 1. Policy editor authentication token panel.


b. In the Message part protection panel, add a new field named signature_part_request_strd.

STR-Transform messagepart
Figure 2. Message Part Protection panel

c. Specify the xpath to the SecurityTokenReference message part under the xpath panel of the policy     editor. Add two XPath expressions with values

i) /*[namespace-uri()=’http://www.w3.org/2003/05/soap-envelope’ and local-name()=’Envelope’]/*[namespace-uri()=’http://www.w3.org/2003/05/soap-envelope’ and local-name()=’Header’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’Security’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’SecurityTokenReference’]

ii) /*[namespace-uri()=’http://schemas.xmlsoap.org/soap/envelope/’ and local-name()=’Envelope’]/*[namespace-uri()=’http://schemas.xmlsoap.org/soap/envelope/’ and local-name()=’Header’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’Security’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’SecurityTokenReference’]

STR-Transform xpath
Figure 3. Xpath panel of policy editor

#IntegrationBus(IIB)
#SAML-token
#STR-transform