tag:blogger.com,1999:blog-1839316484051079047.post6813005710544697332..comments2024-03-28T06:38:40.958+01:00Comments on Java / Oracle SOA blog: SSO with WebLogic 10.3 and SAMLEdwin Biemondhttp://www.blogger.com/profile/02338716126881111629noreply@blogger.comBlogger42125tag:blogger.com,1999:blog-1839316484051079047.post-51543503867600647332016-06-14T03:37:55.583+02:002016-06-14T03:37:55.583+02:00I have a task to setup generation of signed SAML t...I have a task to setup generation of signed SAML token from OSB service using OWSM policy [oracle/wss_saml_token_over_ssl_client_policy], on Weblogic 10.3.6.0. SAML token is getting generated, however is not signed. I have jks keystore configured in "Security Provider Configuration" with self signed certificate. Request advice. Thanks.SKhttp://www.sk.comnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-76264991537327492792016-06-13T01:06:21.255+02:002016-06-13T01:06:21.255+02:00Hi Edwin,
I have a task to setup generation...Hi Edwin,<br /><br /> I have a task to setup generation of signed SAML token from OSB service using OWSM policy [oracle/wss_saml_token_over_ssl_client_policy], on Weblogic 10.3.6.0. SAML token is getting generated, however is not signed. I have jks keystore configured in "Security Provider Configuration" with self signed certificate. Request advice. Thanks.<br /><br />thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-63619513559811797392016-01-13T09:14:26.937+01:002016-01-13T09:14:26.937+01:00Hi Kavin,
Did you manage to get this working? Stuc...Hi Kavin,<br />Did you manage to get this working? Stuck with the same issue. Any help is highly appreciated.<br />ThanksAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-65622474228434708072012-05-07T12:33:56.970+02:002012-05-07T12:33:56.970+02:00Hi Edwin,
I have followed your blog and tried to ...Hi Edwin,<br /><br />I have followed your blog and tried to create two domains on a single weblogic server.<br />When I click the link to navigate to the destination app after logging into the source app, I get the below error:<br />Firefox can't establish a connection to the server at localhost:7003.<br /><br />It seems to be a common issue.Can you help me out on this issue.<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-2035872356766300412012-01-03T10:26:05.744+01:002012-01-03T10:26:05.744+01:00Hi Edwin,
In my previous post I wrote about the pr...Hi Edwin,<br />In my previous post I wrote about the problem I am facing during SAML creation. Let me replicate the requirement.<br />I am using weblogic as an Identity Provider and Oracle Identity federation (OIF) as a service Provider. The federation will be IDP(weblogic) initiated.<br />I have configured both sides. I have configured both the sides as per your blog (weblogic and OIF) , samlhttps://www.blogger.com/profile/17299740098033901059noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-80114719845636659412011-10-14T14:33:41.148+02:002011-10-14T14:33:41.148+02:00Hi Kavin,
can you try shared sessions between web...Hi Kavin,<br /><br />can you try shared sessions between web applications<br /><br />i think this works with two war in 1 ear. <br /><br />Enabling Web applications to share the same session<br />By default, Web applications do not share the same session. If you would like Web applications to share the same session, you can configure the session descriptor at the application level in the Edwin Biemondhttps://www.blogger.com/profile/02338716126881111629noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-31211653000685761562011-10-12T19:50:33.691+02:002011-10-12T19:50:33.691+02:00Edwin, I am very sorry. That was a typo in my comm...Edwin, I am very sorry. That was a typo in my comment and sorry again for that. Let me rephrase and correct the comment.<br /><br />"we tried setting same cookie name, cookie path for two simple web apps and tried to deploy them on two different Managed Servers on a single domain. But cookies are getting over-written and it isn't allowing SSO between those Apps."Kavin Kumarnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-53839326285739811852011-10-12T16:31:11.825+02:002011-10-12T16:31:11.825+02:00Hi,
Last time you had two managed servers in one ...Hi,<br /><br />Last time you had two managed servers in one domain and now you have two domains. This won't work.<br /><br />But you can try to enable cross domain on both domains and set the same domain passwords .<br /><br />ThanksEdwin Biemondhttps://www.blogger.com/profile/02338716126881111629noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-41658781362726030292011-10-12T11:49:50.609+02:002011-10-12T11:49:50.609+02:00Edwin, we tried setting same cookie name, cookie p...Edwin, we tried setting same cookie name, cookie path for two simple web apps and tried to deploy them on two different domains. But cookies are getting over-written and it isn't allowing SSO between those Apps.Kavin Kumarnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-32191150432091288362011-10-10T13:42:24.698+02:002011-10-10T13:42:24.698+02:00Thanks Edwin. How can I check the cookie context? ...Thanks Edwin. How can I check the cookie context? Some pointers please..Kavin Kumarnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-84503181870449014742011-10-10T13:37:08.263+02:002011-10-10T13:37:08.263+02:00Hi,
I think you don't need to do anything if ...Hi,<br /><br />I think you don't need to do anything if both apps are working in the same cookie context. the login of the first app is also valid for app2 ( will use a cookie )<br /><br />thanksEdwin Biemondhttps://www.blogger.com/profile/02338716126881111629noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-75531499229882475642011-10-10T10:39:39.408+02:002011-10-10T10:39:39.408+02:00Edwin, I have two apps App1 and App2 enabled with ...Edwin, I have two apps App1 and App2 enabled with security but deployed on two managed servers in a single WLS Domain. Now I want to enable SSO between these two apps. In production, we are using OAM. But we are trying on our dev instance. What is the easiest option to enable SSO between our two Apps that are deployed on two different managed servers?Kavin Kumarnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-78767291421977304362011-08-10T09:55:10.714+02:002011-08-10T09:55:10.714+02:00Hi Edwin,
I have configured appA and appB onto di...Hi Edwin,<br /><br />I have configured appA and appB onto different servers as mentioned in your existing blog as well as blog from Vikram.<br /><br />I am able to login to appA and when I click on the link to process to appB, browser is unable to do so with exception <br />"Firefox can't establish a connection to the server at localhost:7002."<br /><br /><br />The URL which it is Pratikhttps://www.blogger.com/profile/09777327019707305965noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-62361389713086545742011-02-11T23:44:41.529+01:002011-02-11T23:44:41.529+01:00Hi Edwin
I am also facing Error 403---Forbidden ...Hi Edwin <br /><br />I am also facing Error 403---Forbidden with SAML authentication. <br /><br />Can you let me know exactly what I need to check here . <br /><br />Thanks<br />SamirSamirhttps://www.blogger.com/profile/03381125146019470072noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-35724373308528385602010-10-21T19:23:11.917+02:002010-10-21T19:23:11.917+02:00The answer to my own question is: config the "...The answer to my own question is: config the "Asserting Party" to allow "virtual user" on the Service Provider side, I have done it and it's working as I expected.<br /><br />This link contains information I need for configuring the virtual user:<br /><br />http://www.theserverside.com/news/1369596/SAML-Its-Not-just-for-Web-servicesWill Hannoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-84440272411203990562010-10-19T22:09:40.756+02:002010-10-19T22:09:40.756+02:00Hi Edwin,
Thanks for the instruction. Although I&...Hi Edwin,<br /><br />Thanks for the instruction. Although I'm able to complete the test, but I am confused.<br /><br />My impression is that SAML should enables limiting knowledges of user's identities only on the source site(Domain A), A.K.A ID Provider; the Destination site(Domain B) A.K.A Service Provider should not have all user's identities knowledge, or at least not one to one Will Hannoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-6988636196914553512010-09-14T22:46:34.424+02:002010-09-14T22:46:34.424+02:00Adding to the earlier post.
By making both domain...Adding to the earlier post.<br /><br />By making both domains as asserter and relying parties to each other, would I be able to solve the logout issue when sending request back from destination to the source.aghttps://www.blogger.com/profile/11141578575731667313noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-51860671926393869512010-09-14T20:16:57.881+02:002010-09-14T20:16:57.881+02:00Thanks for this post. I implemented this between t...Thanks for this post. I implemented this between two weblogic domains and it works. I am facing one problem though: I am able to go from source to destination fine, however, when I go back to source from destination, user gets logged out. It seems jsessionid created by souce gets overwritten by destination. Any ideas would be appreciated.<br /><br />Thanks!aghttps://www.blogger.com/profile/11141578575731667313noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-60341622829717404732010-01-06T20:16:01.107+01:002010-01-06T20:16:01.107+01:00Thanks for ur post,it was v.helpful.
Our Set up f...Thanks for ur post,it was v.helpful.<br /><br />Our Set up for weblogic works as suggested by vikrant,but my application call ceratin module (Oracle ADF)from OAS10g,I know we can implement SAML on apache.I'm not finding any documentaion for that ,do u have any info.<br />Thanks in advance for ur help on this.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-71739396796686944752009-11-30T18:14:32.687+01:002009-11-30T18:14:32.687+01:00Hi,
using apache should also work , just use the ...Hi,<br /><br />using apache should also work , just use the apache address instead of the wls server address.<br /><br />thanksEdwin Biemondhttps://www.blogger.com/profile/02338716126881111629noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-44651176016810754712009-11-30T03:24:19.651+01:002009-11-30T03:24:19.651+01:00How would you accomplish this with a load balancer...How would you accomplish this with a load balancer (ex. F5) or web server (Apache) in front of the Weblogic Servers? Since you have to provide the target and source URLs in the Security Realm section this doesn't seem to be intuitive if you have multiple servers in the pool. Please let me know your thoughts.Jasonhttps://www.blogger.com/profile/02560188001946380136noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-90630224834253881642009-11-12T14:42:07.099+01:002009-11-12T14:42:07.099+01:00Hi
1) In the previous post sukhveer,
sukhveer sai...Hi<br /><br />1) In the previous post sukhveer,<br />sukhveer said...<br /><br />Hi...<br />I am facing Error 403---Forbidden with SAML authentication. Please help...<br /><br />Did you get to the bottom of his problem ?<br /><br />yep it was a keystore problem and very important are the hostnames, don't mix localhost and the server name<br /><br />2) I am using wl10.3 as well and followed Edwin Biemondhttps://www.blogger.com/profile/02338716126881111629noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-68022774195030518992009-11-12T01:36:30.605+01:002009-11-12T01:36:30.605+01:00Hi Edwin,
1) In the previous post sukhveer,
suk...Hi Edwin, <br /><br />1) In the previous post sukhveer, <br />sukhveer said...<br /><br /> Hi...<br /> I am facing Error 403---Forbidden with SAML authentication. Please help...<br /><br />Did you get to the bottom of his problem ? <br /><br />2) I am using wl10.3 as well and followed Vikrant's tutorial. I can login for appA but I can't go to appB, I get an issue with my certificateUnknownhttps://www.blogger.com/profile/02594172335447672596noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-21254098404458058112009-09-14T01:30:39.349+02:002009-09-14T01:30:39.349+02:00Hi,
Made a new blog how to do this with SAML2
h...Hi,<br /><br />Made a new blog how to do this with SAML2 <br /><br />http://biemond.blogspot.com/2009/09/sso-with-weblogic-1031-and-saml2.html<br /><br />thanks EdwinEdwin Biemondhttps://www.blogger.com/profile/02338716126881111629noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-14030454261913074922009-09-03T17:53:06.370+02:002009-09-03T17:53:06.370+02:00This works fine for SAML 1.1; however, there is a ...This works fine for SAML 1.1; however, there is a huge difference between SAML 1.1 and SAML 2.0. Have you attempted to configure SAML 2.0?Unknownhttps://www.blogger.com/profile/01748960115370369092noreply@blogger.com