tag:blogger.com,1999:blog-1839316484051079047.post1488972572260677282..comments2024-03-28T06:38:40.958+01:00Comments on Java / Oracle SOA blog: SSO with WebLogic 10.3.1 and SAML2Edwin Biemondhttp://www.blogger.com/profile/02338716126881111629noreply@blogger.comBlogger196125tag:blogger.com,1999:blog-1839316484051079047.post-10980938477636675362015-12-31T11:57:04.614+01:002015-12-31T11:57:04.614+01:00Hi,
I have configured SSO for Webcenter Portal in...Hi,<br /><br />I have configured SSO for Webcenter Portal in weblogic. When I try login with the SP initiated URL (Webcenter Portal app URL), it will redirect to the Identity provider login page. I have set the Bad password count to 5. On entering the bad password for the 5th time, the browser is redirected to 403 not authorized page in the Weblogic ACS page - http://hostname:port/saml2/sp/acs/Vigneshhttps://www.blogger.com/profile/15117889868181632045noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-42732542486220305412015-12-07T11:00:46.247+01:002015-12-07T11:00:46.247+01:00Hello Carlo,
I am not sure to follow you... The ...Hello Carlo, <br /><br />I am not sure to follow you... The answer to your question is yes, nothing stops you to declare different authentication providers in two (or more different domains).<br /><br />What I would do to implement your scenario:<br /><br />1. Domain one with SAMLAuthenticator<br /><br />2. Domain two http://projects.spring.io/spring-security-saml/<br /><br />For both domains theLuishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-54542972788546349442015-12-07T10:52:52.966+01:002015-12-07T10:52:52.966+01:00Hi Rohan,
Actually I think that I should remove t...Hi Rohan,<br /><br />Actually I think that I should remove that reference. We use that script to get the password of the JVM keystore. <br /><br />E.g. If you want to do a "dummy test" just creates an script that echoes your keystore password.<br /><br />Hope it helps,<br /><br />Luis <br /><br /><br /><br />Luishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-81352162456833014822015-11-17T16:39:31.072+01:002015-11-17T16:39:31.072+01:00Hello Edwin and others,
I have successfully conf...Hello Edwin and others, <br /><br />I have successfully configured SP using Web logic, <br />I used this class by Luis, to extract the assertions,<br /><br />https://github.com/cerndb/wls-cern-sso <br /><br />But when my idp decrypt the assertions ( he have to decrypt assertions in order to go from testing to production ) I am not able to get that assertions, I red that Web logic doesn't joe blackhttps://www.blogger.com/profile/02979590125365272709noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-27434481117725405232015-10-30T13:19:33.604+01:002015-10-30T13:19:33.604+01:00Hi Luis,
I am trying to run you single logout solu...Hi Luis,<br />I am trying to run you single logout solution in my environment. In you web.xml, you have mentioned "/ORA/dbs01/syscontrol/projects/systools/bin/get_passwd" for geting the password, but I am not able to find the file anywhere. Can you share a sample file so that I can create a similar one?Rohan Lopeshttps://www.blogger.com/profile/08368649890442262923noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-42829625347862631262015-09-29T16:25:53.363+02:002015-09-29T16:25:53.363+02:00HI All,
We have implemented the SSO using the SAM...HI All,<br /><br />We have implemented the SSO using the SAML2 and OBIEE 11.7 successfully .<br /><br />We have integrated the OBIEE reports using iframe component in j2ee applications .On click of logout button we are able to logout the application successfully ,but subsequently if any user try to login with different user and try access the OBIEE reports , the reports are displaying related to Mavericks-Timehttps://www.blogger.com/profile/17538689019060512552noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-27705464508405992182015-08-21T17:25:42.206+02:002015-08-21T17:25:42.206+02:00Hi Everybody,
Is possible to use SAML in two diffe...Hi Everybody,<br />Is possible to use SAML in two different domains that using different Authentication Providers?<br /> 1)First domain Active Directory<br /> 2)Second domain Spring security?<br /><br />Can I log inside the first domain as userX and access into the second domain that doesn't have the userX?<br />I need to login into an application userX password and have a link intocarlitos081https://www.blogger.com/profile/17336236067835155656noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-46482028855426837832015-08-21T17:25:14.691+02:002015-08-21T17:25:14.691+02:00Hi Everybody,
Is possible to use SAML in two diffe...Hi Everybody,<br />Is possible to use SAML in two different domains that using different Authentication Providers?<br /> 1)First domain Active Directory<br /> 2)Second domain Spring security?<br /><br />Can I log inside the first domain as userX and access into the second domain that doesn't have the userX?<br />I need to login into an application userX password and have a link intocarlitos081https://www.blogger.com/profile/17336236067835155656noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-6589925518981083772015-03-16T22:18:27.767+01:002015-03-16T22:18:27.767+01:00Hi Edwin, Luis and others,
I am beginner with SAM...Hi Edwin, Luis and others,<br /><br />I am beginner with SAML and Weblogic server. I have read and understood the oracle article for SAML with weblogic some what and I dong one sample project for single sign on.<br />I have created two application on two different domain, deployed on two Weblogic servers on same machine. <br /><br />1) Demo_Web_Project - on server1 - Identity provider<br />2) Anonymoushttps://www.blogger.com/profile/04870323158707200677noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-61509398894216486082015-03-14T00:22:44.016+01:002015-03-14T00:22:44.016+01:00Hi Edwin, Luis and others,
I am beginner with SAM...Hi Edwin, Luis and others,<br /><br />I am beginner with SAML and Weblogic server. I am doing one POC for single sign on.<br />I have created two application on two different domain, deployed on two Weblogic servers on same machine. <br /><br />1) Demo_Web_Project - on server1 - Identity provider<br />2) Demo_Project_2 - on server2 - Service Provider<br /><br />I just have created a static linkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-69141915961375862442015-03-13T05:55:18.425+01:002015-03-13T05:55:18.425+01:00Hi Edwin, Luis and others,
I am beginner with SAM...Hi Edwin, Luis and others,<br /><br />I am beginner with SAML and Weblogic server. I am doing one POC for single sign on.<br />I have created two application on two different domain, deployed on two Weblogic servers on same machine. <br /><br />1) Demo_Web_Project - on server1 - Identity provider<br />2) Demo_Project_2 - on server2 - Service Provider<br /><br />I just have created a static linkSuchitnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-51371982092975421732015-03-04T14:40:52.186+01:002015-03-04T14:40:52.186+01:00Hello Nitish,
Late answer, sorry...
###########...Hello Nitish, <br /><br />Late answer, sorry...<br /><br />###################################################<br /># imports<br />import java.lang.Exception as Exception<br /><br />####################################################<br /># Get required ENV variables<br /># os.environ A mapping object representing the string environment. For example, environ['HOME'] is the pathname of Luishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-47513153691703363942015-03-03T12:42:07.386+01:002015-03-03T12:42:07.386+01:00Hello Edwin and others,
At https://github.com/ce...Hello Edwin and others, <br /><br />At https://github.com/cerndb/wls-cern-sso you can find two projects:<br /><br />- WlsAttributeNameMapper: it extracts the information from the IdP response and transforms it into principals. See http://db-blog.web.cern.ch/blog/luis-rodriguez-fernandez/2015-02-oracle-weblogic-saml2-authorization<br />- saml2slo: implementation of the single logout<br /><br />I Luishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-85512068266802376252015-03-03T12:39:06.527+01:002015-03-03T12:39:06.527+01:00Hello Sonika,
Sorry for my late answer, I comple...Hello Sonika, <br /><br />Sorry for my late answer, I completely missed your comment. <br /><br />You can clone it from here: https://github.com/cerndb/wls-cern-sso/tree/master/saml2slo<br /><br />Hope it helps, <br /><br />LuisLuishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-49728526859787766942015-03-01T20:39:29.108+01:002015-03-01T20:39:29.108+01:00Hello Biemond, I have successfully implemented SAM...Hello Biemond, I have successfully implemented SAML2 with ADFS as the IDP and Weblogic as the SP. The problem is, I cannot retrieve any SAML2 attributes to populate into a HEADER variable so I can log the user into the application, does that make sense? I clearly see my SAML 2 information in the logs but no HEADER variables are being populated. How do I take SAML2 attributes and pass into HEADER Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-14792857787450223172015-02-19T13:27:45.572+01:002015-02-19T13:27:45.572+01:00Hi Luis,
I also have JSESSIONID overriding issue....Hi Luis,<br /><br />I also have JSESSIONID overriding issue. I tried to rename cookie in mod_wl config file as you described above. But it did not work. Can you please write in more detail about configurations on web server and application side?<br />Thanks,<br />AliAlihttps://www.blogger.com/profile/02492664638362498560noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-73939739870026836692015-01-16T17:05:05.767+01:002015-01-16T17:05:05.767+01:00Using WLST how to Publish SAML 2.0 Meta Data?Using WLST how to Publish SAML 2.0 Meta Data?Nitish Boradehttps://www.blogger.com/profile/06987136425951297157noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-46614283302537260932015-01-09T19:02:49.536+01:002015-01-09T19:02:49.536+01:00Hi Biemond,
first of all, i would like to thank y...Hi Biemond,<br /><br />first of all, i would like to thank you for writing great post. <br />i have a question, is there an option to disable response signing on identity provider settings ?Anonymoushttps://www.blogger.com/profile/01294939868370213337noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-38082770494389648352014-11-03T11:45:19.434+01:002014-11-03T11:45:19.434+01:00Hello Helder,
You are welcome! Very glad to know...Hello Helder, <br /><br />You are welcome! Very glad to know that it helped you, great!<br /><br />Sure, it should not be a problem.<br /><br />Yes, Shibboleth is a good choice. Me, for my tests, I have setup OpenAM as IdP. It is very simple.<br /><br />Hope it helps, <br /><br />Luis<br /><br /> Luishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-35722672475686112422014-10-31T16:17:42.781+01:002014-10-31T16:17:42.781+01:00Hello Luis, thank you for your reply, it's hel...Hello Luis, thank you for your reply, it's help me a lot :)<br />One more question, in my scenario I have IdP and Sp on Weblogic, do you know if it's possible to execute the SLO ? In your example you use ADFS2 as IdP correct ?<br />If it's not possible probably I should implement a external IdP ( ex :Shibboleth )Anonymoushttps://www.blogger.com/profile/15412594543373375783noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-14375423450193537982014-10-30T10:36:14.063+01:002014-10-30T10:36:14.063+01:00Hello Helder,
In our case we "inform" ...Hello Helder, <br /><br />In our case we "inform" the IdP (ADFS2) that our preferred binding for logout is HTTP-Redirect. So in the SP (Weblogic) metadata we include something like this:<br /><br />.../...<br />md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://your.weblogic.domain/your/saml2/slo/endpoint"<br />.../.Luishttps://www.blogger.com/profile/10423029085521344774noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-9359988750017474232014-10-29T20:16:53.773+01:002014-10-29T20:16:53.773+01:00Hello Luis,
I'm trying to implement a simple S...Hello Luis,<br />I'm trying to implement a simple Servlet to provide SLO capabilities on Weblogic.<br />Can you explain how to get the SAMLRequest and SAMLResponse attributes ? I've tried using request.getParameter("SAMLResponse" but didn't work. My domain has Artifact binding and I also test with HTTP Post.<br />I already saw you post on stackoverflow but it's not clearAnonymoushttps://www.blogger.com/profile/15412594543373375783noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-63271744674409607972014-10-28T11:02:21.569+01:002014-10-28T11:02:21.569+01:00Dear Biemond,
I have deployed one IDP and two SP ...Dear Biemond,<br /><br />I have deployed one IDP and two SP applications in a three independent weblogic domains on its own clusters and then i added the necessary SAML2 configurations in the idp and 2 sp servers. Now, Iam able to login to the SP applications through IDP login screen and able to visit the protected pages (role based) in the individual SP application without any issues.<br /><br /Anonymoushttps://www.blogger.com/profile/18402012289872261557noreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-20521525474394984412014-10-14T16:32:42.652+02:002014-10-14T16:32:42.652+02:00Hi Luis,
I read your detailed explanation on how ...Hi Luis,<br /><br />I read your detailed explanation on how to implement SLO for Weblogic by using saml2slo/sp servlet (Re: SAML2.0 Single logout weblogic 10.3 ). I am quite new to Weblogic and would really appreciate if you forward the implementation of servlet for reference to my email address sonikajain0101@gmail.com.<br /><br />Thank you and look forward to hearing back from you.<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1839316484051079047.post-11086449230558471302014-08-04T21:13:46.156+02:002014-08-04T21:13:46.156+02:00I have a scenario where I need to configure 2 saml...I have a scenario where I need to configure 2 saml wars in a single weblogic domain. How can I configure 2 saml2 wars for 2 different application in a single weblogic domains.Anonymoushttps://www.blogger.com/profile/16814578789299376891noreply@blogger.com