Authentication with SAML

You can use the SAML (Security Assertion Markup Language) 2.0 web SSO redirection services support to implement user authentication and single sign-on (SSO). To establish your SAML environment, you must consider the following information to ensure that your system is a good candidate.

Requirements

  • You must configure WebSphere Application Server to work with SAML using the default application (Snoop).
  • Your SAML Identify Provider (IdP) must conform to the requirements of your WebSphere Application Server, such as ADFS or Tivoli Federated Identity Manager.
  • The following components do not authenticate with SAML. They use other services.
    • Mobile Web
    • Mobile Native Apps
    • Connections Mail
    • WebSphere Portal
    • IBM Forms
  • Since some components use other built-in authentication in WebSphere Application Server, such as basic authentication or LTPA, and this method for SAML support is only provided for web SSO, authentication must be possible directly through WebSphere Application Server as well. WebSphere Application Server must be configured to a directory for authentication and that directory must contain the user names and password of the user for authentication directly from WebSphere Application Server to your directory.