Actually in the Validate saml policy I am not getting how to read the token in request header.

Should i use below line for reading the token from authorization header.

<source> request.Authorization</source>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ValidateSAMLAssertion ignoreContentType="false" name="Validate-SAML-Assertion-1"> <DisplayName>Validate SAML Assertion-1</DisplayName> <source> request.Authorization</source><Description/> <TrustStore/> <RemoveAssertion>false</RemoveAssertion> </ValidateSAMLAssertion>

No.

request.header.Authorization

See the documentation on context variables for more information.

https://docs.apigee.com/api-platform/reference/variables-reference

Hi @Dino-at-Google

I have given the source filed with the value as request.header.Authorization but when saving the configuration or deploying the proxy it is throwing an error saying Source is not configured correctly.

I have tried below all ways but it is throwing an error:

<source>request.header.Authorization</source>

<source>request</source>

<source name="request.header.Authorization></source>

Please find below the policy configuration:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<ValidateSAMLAssertion ignoreContentType="false" name="Validate-SAML-Assertion-1">

<DisplayName>Validate SAML Assertion-1</DisplayName>

<source>request.header.Authorization</source><Description/> <TrustStore>samlValidation</TrustStore> <RemoveAssertion>false</RemoveAssertion>

</ValidateSAMLAssertion>

Please correct me if anything wrong in the configurations.

Also pls provide the ValidateSAMLAssertion policy configuration for validating the incoming saml token in authorization header.