Skip to main content

Accessing a SAML Assertion in the WS-Security Header

Accessing a SAML Assertion in the WS-Security Header

If the WS-Security header element includes an <Assertion> element, an InterSystems IRIS web service or web client automatically validates the signature of that SAML assertion, if it is signed.

Note:

Validation requires a trusted certificate. InterSystems IRIS can validate a signature if it can verify the signer’s certificate chain from the signer’s own certificate to a self-signed certificate from a certificate authority (CA) that is trusted by InterSystems IRIS, including intermediate certificates (if any).

InterSystems IRIS does not, however, automatically validate the assertion. Your code should retrieve the assertion and validate it.

To access the SAML assertion, find the <Assertion> element of the security header element. To do so, use the FindElement() method of the SecurityIn property of the service or client, as follows:

 Set assertion=..SecurityIn.FindElement("Assertion")

This returns an instance of %SAML.AssertionOpens in a new tab. Examine properties of this object as needed.

Next sectionInstance Authentication and WS-Security
Previous sectionValidating WS-Security Headers
FeedbackOpens in a new tab