VuGen supports SAML (Security Assertion Markup Language) for Web Services. SAML is an XML standard for exchanging security-related information, called assertions, between business partners over the Internet. The assertions can include attribute statements, authentication, decision statements, and authorization decision statements.
SAML uses brokered authentication with a security token issued by STS (Security Token Service). The STS is trusted by the client and the Web Service to provide interoperable security tokens. SAML tokens are important for Web Service security because they provide cross-platform interoperability and a means of exchanging information between clients and services that do not reside within a single security domain.
You can set the SAML settings for an entire script or part of the script. For details, see How to Add SAML Security.
Note: You cannot apply SAML security and the standard Web Service (a Web Service Set Security step) security to the same step. To cancel Web Service security, insert a Web Service Cancel Security step.
VuGen provides a method for signing an unsigned SAML assertion. As input, you provide the unsigned assertion, a certificate file, and the optional password. As output, VuGen provides the signed SAML assertion. For task details, see How to Add SAML Security.
SAML policy files follow the WSE 3.0 standard and define the attribute values for the SAML security. By default, VuGen uses the samlPolicy.config file located in the installation's dat folder.
When entering SAML security information, you can enter it manually in the properties dialog box, or you can refer to a policy file containing all of the security information. You can create your own policy file based on samlPolicy.config.
You can modify the policy file to include values for the security parameters, such as username and certificate information. When adding a SAML security step to your script, if you explicitly specify values for the security arguments, they override the values in the policy file.
If you make changes to the default policy file, we recommend that you copy the new policy file to your script's folder. Make sure to save custom policy files with a .config extension to insure that they remain with the script, even when running it on other machines or calling it from the LoadRunner Controller.
To learn more about the SAML policy files, see the SAML STS example on the MSDN Web site. If you want to emulate SAML Federation behavior, copy the samlFederationPolicy.config file from the data folder to your script's folder, and specify it as the policy file.