Join this online user group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
Ajay PonnappanPublished on July 16, 2018 This article describes the necessary configuration steps to allow IBM Integration Bus to accept an SAML token signed by an STR-Transform algorithm.If you want to create a provider flow (SOAPInput flow) in IBM Integration Bus that can accept SAML tokens signed using an STR-Transform algorithm, you need manual intervention on the policy binding xml files. This is because IBM Integration Bus uses only one transform algorithm to sign message parts, which is an exclusive XML canonicalization algorithm http://www.w3.org/2001/10/xml-exc-c14n.
Here are the steps that you need to follow in order to receive an SAML token signed by an STR-Transform algorithm.
i) /*[namespace-uri()=’http://www.w3.org/2003/05/soap-envelope’ and local-name()=’Envelope’]/*[namespace-uri()=’http://www.w3.org/2003/05/soap-envelope’ and local-name()=’Header’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’Security’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’SecurityTokenReference’]
ii) /*[namespace-uri()=’http://schemas.xmlsoap.org/soap/envelope/’ and local-name()=’Envelope’]/*[namespace-uri()=’http://schemas.xmlsoap.org/soap/envelope/’ and local-name()=’Header’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’Security’]/*[namespace-uri()=’http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd’ and local-name()=’SecurityTokenReference’]