The SAMLToken policy specifies a WS-SecurityPolicy Asymmetric Binding. This means that the client must secure the request using asymmetric keys (a private key for signature, and a public key for encryption). In addition, the "token" required for signature is an IssuedToken policy, which means that the client must contact the STS to get a token (a SAML token according to the policy) and include it in the service request. If the client is signing the request, the client uses the private key associated with the SAML token.
Talend ESB provides a template policy called wspolicy_authn_saml.policy and available in the /add-ons/registry/policies folder of the Talend ESB product.
It is also applied by default to your Talend ESB Container via the following policy file: etc/org.talend.esb.job.saml.policy. However, the STS must be started before the client, otherwise the client will not be able to get a SAML token to access the service.