Add SAML SSO TAI using wsadmin.sh

The addSAMLTAISSO command adds the SAML trust association interceptor (TAI) in the security configuration of the WAS.

Tasks

1. Run...
   app_server_root/bin/wsadmin -lang jython

2. At the wsadmin prompt, enter:
   AdminTask.addSAMLTAISSO('-enable true -acsUrl https://hostname:sslport/samlsps/URL_pattern')

   ...where hostname is the host name of the system on which WAS is installed, and sslport is the Web server SSL port number (WC_defaulthost_secure).

   Parameters...

   Parameter	Description
   -acsUrl	Required. Specifies the assertion consumer service (ACS) URL.
   -enable	Enable or disable trust association. We can specify either true or false.
   -ssoId	Optional. Integer. Identifier for the group of custom properties defined for the SSO service provider partner. If not specified, the next available identifier is used.
   -securityDomainName	Security domain of interest. Specified as a String. If not specified, the command uses the global security configuration.
   -trustStoreName	Truststore name if not using the system default truststore.
   -keyStoreName	Keystore name if not using the system default keystore.
   -keyName	Key name used to decrypt the encrypted SAML assertion.
   -keyAlias	Key alias used to decrypt the encrypted SAML assertion.
   -keyPassword	Key password used to decrypt the encrypted SAML assertion.
   -idMap	idAssertion User specified in the SAML assertion is not checked in the local registry localRealm SAML token user is verified in the local user registry localRealmThenAssertion If the user is not found in the local registry, IDAssertion is used
   -errorPage custom	URL of the error page, IdP login page or custom mapping class to which an unauthenticated client request is redirected. Optional. The value for this parameter is used as the value for the sso_<id>.sp.loginErrorPage SAML Web SSO TAI custom property.

   There are additional SAML web SSO TAI custom properties that are not supported by the addSAMLTAISSO command, but we can add these custom properties using the wsadmin command configureInterceptor.

The SAML web SSO TAI is now added for this WAS.

Example

The following example adds the SAML TAI to the global security configuration:

AdminTask.addSAMLTAISSO('-enable true -acsUrl https://test1.abc.com:9443/samlsps/acs')

The following example adds the SAML TAI SSO service provider partner to the security domain myDomain1:

AdminTask.addSAMLTAISSO('-securityDomainName myDomain1 -enable true -acsUrl https://test2.xyz.com:9444/samlsps/acs2')

See also

1. SAML web SSO TAI custom properties