WAS v8.5 > Secure applications > Authenticate users > SAML web single sign-on

Add SAML web SSO TAI using wsadmin

The addSAMLTAISSO command adds the SAML TAI in the security configuration of the WAS.

1. Start the WAS.
2. Start wsadmin utility from the app_server_root/bin directory by entering the command: wsadmin -lang jython.
3. At the wsadmin prompt, enter the following command:
   AdminTask.addSAMLTAISSO('-enable true -acsUrl https://host:sslport/samlsps/<any URI pattern String>')
   where hostname is the host name of the system on which WAS is installed, and sslport is the Web server SSL port number (WC_defaulthost_secure).

   We can use the following parameters with this command:

   addSAMLTAISSO parameters.

   Parameter	Description
   -acsUrl	This parameter is required. It specifies the assertion consumer service (ACS) URL.
   -enable	This parameter specifies whether to enable or disable trust association. We can specify either true or false.
   -ssoId	This parameter is optional and is specified as an integer. It is the identifier for the group of custom properties that are defined for the SSO service provider partner. If this parameter is not specified, the next available identifier is used.
   -securityDomainName	This parameter specifies the name of the security domain of interest and is specified as a String. If a value for this parameter is not specified, the command uses the global security configuration.
   -trustStoreName	This parameter specifies the truststore name if not using the system default truststore.
   -keyStoreName	This parameter specifies the keystore name if not using the system default keystore.
   -keyName	This parameter specifies the key name used to decrypt the encrypted SAML assertion.
   -keyAlias	This parameter specifies the key alias used to decrypt the encrypted SAML assertion.
   -keyPassword	This parameter specifies the key password used to decrypt the encrypted SAML assertion.
   -idMap	This parameter specifies how the SAML token is mapped to the subject. We can specify one of the following values: idAssertion - the user specifies in the SAML assertion is not checked in the local registry localRealm - the SAML token user is verified in the local user registry localRealmThenAssertion - if the user is not found in the local registry, IDAssertion is used

   There are additional SAML web SSO TAI custom properties that are not supported by the addSAMLTAISSO command, but we can add these custom properties using wsadmin configureInterceptor. For a complete list of the supported SAML TAI properties, see the SAML web SSO TAI custom properties topic.

Results

The SAML web SSO TAI is now added for this WAS.

Example

The following example adds the SAML TAI to the global security configuration:

AdminTask.addSAMLTAISSO('-enable true -acsUrl https://test1.abc.com:9443/samlsps/acs')

The following example adds the SAML TAI SSO service provider partner to the security domain myDomain1:

AdminTask.addSAMLTAISSO('-securityDomainName myDomain1 -enable true -acsUrl https://test2.xyz.com:9444/samlsps/acs2')

Reference:

SAML web SSO TAI custom properties

+

Search Tips   |   Advanced Search