Home » Oracle » 1z0-478 » How is a SAML token used by OWSM for identity propagation?
How is a SAML token used by OWSM for identity propagation?
A. As each web service in a chain is invoked, OWSM generates a SAML token and inserts it in the WS-Security header of the request message.
B. A SAML token is generated on invocation of the first web service in a chain and is stored in the Java Authentication and Authorization (JAAS) Subject so it can be used throughout the transaction by subsequent web services.
C. A SAML token is used to determine the destination address of the next web service in the chain.
D. The SAML token, embedded in the X.509 certificate or Kerberos ticket, is extracted by OWSM and delivered to the next web service in the chain.
Correct Answer: A
Explanation/Reference:
Propagating Identities through a Chain of Web Services A web service may invoke another web service which in turn may invoke yet another web service to complete a single transaction (this pattern is known as "chained web services"). Each of the services in the chain may be protected. Instead of checking which service is calling which other service, Oracle WSM allows you to check who the original user invoking the chain of web services is. Oracle WSM policies can be used to propagate the original user’s identity across the chained web services. Following successful authentication to the first web service in the chain, Oracle WSM sets the user as a Java Subject used throughout the transaction. When invoking another service, the Oracle WSM client policy picks up the user identity from the Java Subject, generates a SAML token based on the Subject’s information, and inserts the SAML token in the WS-Security header of the request message to be sent to the service provider. This allows all the web services in a chain to track the identity of the actual user calling a web service endpoint instead of having the identity of the prior service in the chain calling the first web service to get that information.
Note:
* Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is an identity provider, and a SAML consumer, that is a service provider. SAML 2.0 enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO).
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
