- Products
- SOA Governance
- API Management
- Cloud Integration
- Other Platforms
- Features & Benefits
- Solutions
- SOA
- API
- Cloud
- Government Solutions
- Other
- Case Studies
- Latest SOA Case Studies
- Latest API Case Studies
- Latest Cloud Case Studies
- More Case Studies
- US Intelligence Community – Secure Data Sharing
- Ogilvy & Mather – Web Services Security
- Quebec Finance Ministry – CGI Solution
- Belgium French Community (ETNIC) – Secure eGovernment Services
- British Columbia Attorney General - XML & Web Services Security
- US Army Accessions Command - Managing the Service Lifecycle
- Tutorials
- API Management
- Development
- Identity Access
- OAuth
- SecureSpan Basics
- Video Tutorials
- Library
- Free Trial
- cloudsecurityalliance
Follow Us:
Security Token Service
Security Token Service for SAML, OAuth & SaaS
All Layer 7 SecureSpan, API and CloudSpan Gateways ship with a Security Token Service (STS) engine inside. The Layer 7 STS is capable of performing general token mappings, generating a custom attribute-based SAML token and performing a variety of OAuth token operations. The Layer 7 STS supports both the WS-Trust and WS-Federation specifications, including SAML 1.1 and 2.0. It includes deep certificate integration to support holder-of-key, bearer token, and sender-vouches style subject confirmation methods for identity propagation. The Web Browser SSO Profile (including Browser-Artifact and Browser POST) is supported in either an Identity Provider or a Service Provider role; Web service style token profiles are supported as well. The STS can be implemented inline or as an endpoint security service, and can be deployed as an adjunct to commercial IAM products from leading vendors such as Oracle, Sun, Novell, Tivoli, CA and RSA.
Beyond the specific interactions provided by the WS-Trust specification, the Layer 7 STS provides comprehensive identity federation across a wide array of security tokens and message formats. These tokens can be authenticated; used for fine-grained authorization based on resource, request content, or transaction context; or mapped to a new identity token and applied to a request message that is then propagated to a service endpoint. Supported authorization styles include OAuth 1.0a, WRAP and 2.0; integration with external or internal XACML decision engines; and policy-based decisions using user groups, roles, or attributes. It also supports custom token types for popular SaaS applications like Salesforce.com and Google Apps.
White Paper: Federated Identity & Single Sign-On Using Layer 7
Layer 7 STS Advantages
- Scale & Performance: token mapping and translation at wire speed via dedicated software and hardware acceleration
- Deployment Flexibility: implement inline for downstream token translation and mapping, or as an end-point service
- Low Latency: combines caching with token translation to minimize delays in token processing
- SaaS Readiness: out-of-the-box SSO capabilities for popular SaaS applications such as Salesforce.com and Google Apps
- IAM Integration: supports leading SSO products from Sun, Oracle, CA, Tivoli, RSA and Novell
- SOAP, REST, JSON Security: comprehensive, policy-based message- and API-level security in addition to identity security
- Standards Support: as a coauthor of popular specifications like WS-Trust and WS-Federation, Layer 7 is committed to standards-based implementation
Layer 7 STS Supported Standards
- WS-Trust
- WS-Federation
Supports integration with leading identity, access, SSO and federation systems, including:
- Microsoft Active Directory/Federated Services
- Novell Access Manager
- IBM Tivoli TFIM
- Oracle Access Manager
- RSA Access Manager
- IBM Tivoli TAM
- CA SiteMinder
- Sun Java System Access Manager
Supported authentication protocols include:
- SAML tokens
- OAuth
- Security Context Tokens
- Kerberos
- Digital signatures
- X.509 certificates
- LDAP
- XACML
- HTTP Basic
- SSL Client Authentication
Also supports custom token types for popular SaaS applications like Salesforce.com and Google Apps