sso saml with weblogic and openam

1
votes

I'm trying to setup saml sso with openam and weblogic. The reason why I want to use saml is that I have multiple application where I can't change the web.xml to use the j2ee agent.

My question is if there is a good document explaining the setup with weblogic and openam. I have read several guides, but I'm still confused... Just looking for a good howto!

My current setup is openam on tomcat installed on host1 weblogic installed on host2. Webapp deployed on host2

So openam will be the IdP and weblogic will be the SP? right? I have configured the openam hosted IdP. I have added the saml identity asserter on weblogic and configured a web sso identity provider partner.

2
weblogicsingle-sign-onsaml-2.0openam

2 Answers

1
votes

You can configure WebLogic to enable SAML SSO implementation.
This requires the following steps to be completed.

  • WebLogic and IDP(OpeanAM) should be coupled - you can register OpeanAM as an authentication service provider inside WebLogic container using the administration console.
  • This requires a SSL communication, hence ideally, it's better to install a SSL certificate inside the container.
  • WebLogic can be configured to implement SAML SP (Identity asserter and Assertion consumer) by configuring the required through the administration console.
  • In fact it can be configured to work as a Credential mapper and Assertion receiver on the same way.

All these steps can be done inside a single WebLogic instance or between instances using a WebLogic federation.

Please refer the below link for more details.

0
votes

I don't think WebLogic itself can act as SAML SP. Every application has to implement an SAML SP. Doing this via Spring Security SAML extension is quite neat. If you want more efforts look at the OpenAM Fedlet (it's also a lightweight SP). However the sample app generated when creating the Fedlet is not too helpful. The 'Fedlet' is not the sample all ,but more or less the jars and metadata included in the sample app.