1 to 10 of 22
Sort by

Library Entry
Add or Remove XML Element(s) Assertion sample policy

A sample policy using the 'Add or Remove XML Element(s)' Assertion. Instructions: To test this policy: 1. Create a testing endpoint on your Gateway, i.e: /addXml , /removeXml 2. Import the attached policy into the respective endpoint 3. Send one of the sample messages below to the Gateway...

Library Entry
Client Creds

A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Client Credentials and Resource Owner Password Credentials grant types. This policy makes use of the OAuth 2.0 test clients (id/secret).    For the Resource Owner Password Credentials the Resource Owner ID/PW...

Library Entry
CA API Developer Portal - SaaS

The CA API Developer Portal – SaaS makes it possible to transform a “closed” business into an open enterprise by securely exposing application and data APIs to app developers while giving these developers all the tools and resources they need in order to quickly build apps...


Library Entry
Performance Testing

Performance testing is something we often get asked about by our API management and SOA governance customers. We have encountered situations where understanding of what constituted good performance was not clear at the beginning of a test effort. Benchmarking Web services usually involved...

Library Entry
SAML Token Caching for Improved Identity Performance

Issuing SAML tokens in a SOA or Cloud policy operation is a common use case, but there are two core concerns that need to be addressed in production-class deployments: Public Key cryptography required to sign the token is expensive in terms of CPU usage If there is a single path through...

Library Entry
OpenSSO IAM Integration

As the entry point to an organization's services, XML, SOA and API gateways are responsible for controlling access. This typically involves authentication and authorization against a user directory (LDAP). However, it is often the case that identity and access management (IAM) is handled by some...

Library Entry
Federating Web Services

What is an STS and why do we have so many of them? In the broad category of message-oriented security in web services, each message contains a security token; in SOAP messages these are provided in the Security section in the SOAP header. In some of the more common usage patterns, that token is...