search cancel

How to pass SAML Assertion values to the backend application ?


Article ID: 224139


Updated On:


CA Single Sign On Federation (SiteMinder) SITEMINDER



When running Siteminder Policy Server as Service Provider (SP), one
might like to know how to pass the SAMLResponse by header and cookies
to the backend application server. The requirement is to fetch
assertion attributes sent in SAML 2.0 assertion token and place this
as either HTTP Header variable or cookie variable to use this value at
the application side for validation.




Policy Server all versions;




There are 2 ways to pass the Assertion Values to HTTP Headers back
server. 1 without the Session Store, and the other with a Session
Store (1).

About the "HTTP Header Redirect Mode", when using RelayState having
a target URL as value, this problably won't work (2).

The Session Store allows the Policy Server to retrieve the Assertion
Attribute value each time it's needed, usually at isAutorized


Additional Information



    Know Why : HTTP Header Redirect Mode OR Persist Variables???

      | HTTP Header Redirect Mode             | Persist Session Variables       |
      | Does not need a Session Store         | Needs a Session Store           |
      | Header from Assertion are Only        | Header from Assertion are       |
      | available on the first redirect       | Persisted in the Session Store. |
      | from WAOP to TARGET. Lost thereafter. |                                 |


    Attributes Send to SP in SAML Assertion also need to be sent as HTTP Header Variables

      A Header using HTTP Redirect Mode is available on the first
      redirect i.e. TARGET URL defined within the Partnership. Once the
      redirect is complete and the application starts to load the HTTP
      Header is lost.