edocs Home > Oracle WebLogic Server Documentation > Administration Console Online Help > Configure SAML 2.0 Identity

Configure SAML 2.0 Identity Provider services

Before you begin

• Create and configure a SAML 2.0 credential mapping provider instance in the security realm. For more information, see Configure Credential Mapping Providers.

• Configure the SAML 2.0 general properties for this server. For more information, see Configure SAML 2.0 general services.

You can use the Federation Services > SAML 2.0 identity provider page to configure this server in the role of SAML 2.0 identity provider. A SAML 2.0 identity provider creates, maintains, and manages identity information for principals, and provides principal authentication to other service provider partners within a federation by generating SAML 2.0 assertions for those partners.

To configure a server as a SAML 2.0 identity provider:

1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).

2. In the left pane, select Environment > Servers and click the name of the server you are configuring (for example, myserver).

3. Select Configuration > Federation Services > SAML 2.0 identity provider.

4. Select Enabled to activate this server's SAML 2.0 services in the role of identity provider.

5. Select Only Accept Signed Authentication Requests if you want to ensure that any incoming authentication requests must be signed. For information about the implications of enabling this option, see Exchanging Information with Your Federated Partners.

6. If you are using a custom login web application to which unauthenticated requests are directed:

   1. Select Login Customized.

   2. Enter the URL of the custom login web application.

   3. Enter the login return query parameter.

      The query parameter is a unique string that the SAML 2.0 services uses to hold the login return URL for the local single sign-on service servlet. (Note that, as an alternative, the login return URL can also be specified in the login web application.)

   For more information about using a custom login web application, see Configuring Single Sign-On with Web Browsers and HTTP Clients.

7. Set the SAML bindings for which this server is enabled, and select the preferred binding type.

8. Click Save.

9. If you are configuring SAML 2.0 identity provider services for web single sign-on, select SAML 2.0 General, and click Publish Meta Data.

   For more information about publishing SAML 2.0 metadata, see Partner Metadata File.

10. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

Coordinate with your federated partners to ensure that the SAML bindings you have enabled for this SAML authority, as well as your requirements for signed documents, are compatible with your partners. For more information, see Exchanging Information with Your Federated Partners.

Related Tasks

• Create a SAML 2.0 Web Single Sign-on service provider partner

• Create a SAML 2.0 Web Service service provider partner

Related Topics

• Configuring Single Sign-On with Web Browsers and HTTP Clients

• Using Security Assertion Markup Language (SAML) Tokens For Identity

• Configuring a SAML 2.0 identity provider

• Exchanging Information with Your Federated Partners

• Configuring Identity and Trust

} } (document.images){ dcs_imgarray[dcs_ptr] = new Image; dcs_imgarray[dcs_ptr].src = dcs_src; WT[myMeta.name.substring(3)]=myMeta.content; } if DCSext[myMeta.name.substring(7)]=myMeta.content; } } } } for (N in DCS){P+=A( N, DCS[N]);} for (N in WT){P+=A( "WT."+N, WT[N]);} for (N in DCSext){P+=A( N, DCSext[N]);} //} aCrumb=aCookie[i].split("="); if (crumb==aCrumb[0]){ return aCrumb[1]; } } return null; } i=0;i