Overview
InterSystems IRIS web services and web clients can validate the WS-Security header element for inbound SOAP messages, as well as automatically decrypt the inbound messages.
InterSystems IRIS web services and web clients can also process a signed SAML assertion token and validate its signature. However, it is the responsibility of your application to validate the details of the SAML assertion.
All the preceding activities are automatic if you use a security policy.
In all scenarios, InterSystems IRIS uses its collection of root authority certificates; see Setup and Other Common Activities.
