In my previous blog I got Single Sign On working with J2EE container security. In this blog entry I got it also working with ADF Security. Just create a SAML source and destination site and follow these steps
Create a new relying party for the ADF Security Application on the SAML source site.
Go the WLS console of the Saml source server and go to the myrealm Security Realm
Go to providers -> Credential Mapping -> SAMLCredentialMapper
SAMLCredentialMapper -> Managment -> new Relying Party
Partner ID: rp_00004
Profile: Browser/POST
Target URL: http://localhost:7101/appC/adfAuthentication the url of ADF security servlet on the destination site
Assertion Consumer URL: https://localhost:7102/samlacs/acs
Assertion Consumer Parameters: APID=ap_00002
Saml Destination server , this is the WebLogic Server of the ADF Security Application
Go the myrealm Security Realm -> Providers -> Authentication and select the SAML Identity Assertion provider -> Management -> Asserting Party
Partner ID: ap_00002
Profile: Browser/POST
Target URL: http://localhost:7001/appA This is the main application on the SAML source site
Source Site Redirect URIs: /appC/adfAuthentication The url of ADF Security Servlet
Source Site ITS URL: https://localhost:7002/samlits_ba/its
Source Site ITS Parameters: RPID=rp_00004
On the main site you can add a link to the ADF Security application like this <a href="http://localhost:7101/appC/adfAuthentication">appC</a>
And change login-conf in the web.xml of the ADF Security Application so it uses certificate auhtentication.
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
The only thing that isn't working yet is the redirecting to the success url after the succesfull authentication by the ADF Security servlet.
Friday, May 15, 2009
SSO with SAML & ADF Security
Subscribe to:
Post Comments (Atom)
Posts
4 comments:
Edwin --Very helpful blogs. I had a confusion/I am not clear on how one can pass the security token from a java web application to the webserice stub that it calls -if the domains are not trusted. ie if i have cookie in my web hhtp layer, i do not want to pass it directly to the service clinet stub, but use some kind of underlying security layer so that the webservice client picks the cookie/token and send it in soap.
This must be a very easy question for you to answer:)
Thanks in advance
Dave
Hi,
If you saml source and destinations sites and it does not matter if the domains are trusted.
In one case I you use jsf with security and ejb's on a different domain then you can setup a global trust between these domain.
thanks
Hi Edwin,
Did you try using Oracle SSO with ADF. We managed to protect the ADF application using Oracle SSO to authenticate the user. But we are unable to map the ADF application roles with the OID groups.
We would like to use ADF security features to provide field level autherization based on the roles in the OID database.
can you please suggest w.r.t autherization using sso in ADF application.
Thanks and Regards,
S R Prasad
Hi,
did you add a weblogic.xml to the web-inf folder. and this file you can do your mappings
thanks
Post a Comment