Requirements of the WFM SAML Adapter

These requirements describe the current state of SAML support in WFM for IdP initiated SSO:

  • The SAML assertion is signed.
  • The SAML token is not encrypted and the response is not signed.
  • The WFM adapter that is used to support SAML authentication uses the NotOnOrAfter condition to confirm that the token has not expired. The value of the condition is assumed to be in one of these formats:
    • yyyy-MM-dd'T'HH:mm:ss'Z'
    • yyyy-MM-dd'T'HH:mm:ss.sss'Z'
  • The response will always be a static value. In the current implementation, the user will always send their response to menu.jsp.