The Security Assertion Markup Language, SAML, is an XML-based protocol for exchanging security information between disparate entities. The SAML standard defines a framework for exchanging security information between software entities on the Web. SAML security is based on the interaction of asserting and relying parties.
SAML provides single sign-on capabilities; users can authenticate at one location and then access service providers at other locations without having to log in multiple times.
WebLogic Server supports SAML version 1.1. The WebLogic Server implementation:
Supports both the Browser/POST and Browser/Artifact Profiles
Supports SAML authentication and attribute statements (does not support SAML authorization statements)
Interface which defines methods for storing and retrieving assertions for the Artifact profile. This interface is deprecated in favor of SAMLAssertionStoreV2.
The SAMLAssertionStoreV2 interface extends the SAMLAssertionStore interface, adding methods to support identification and authentication of the destination site requesting an assertion from the SAML ARS.
Note that V2 refers to the second version of the WebLogic SAML provider, not to version 2 of the SAML specification.
The AssertionInfo class is returned by SAMLAssertionStoreV2.retrieveAssertionInfo(). It contains the retrieved assertion and related information. An implementation of the SAMLAssertionStoreV2 interface would have to return this class.
Instances of this class are used to pass user and group information to and from the name mappers. The class also defines several useful constants.
Note:
The SAML name mapper classes are required to be in the system classpath. If you create a custom SAMLIdentityAssertionNameMapper, SAMLCredentialNameMapper, SAMLAssertionStore, or SAMLUsedAssertionCache, you must place the respective class in the system classpath.
Custom POST Form Parameter Names
The parameters names passed to the POST form when a custom POST form is specified for SAML POST profile handling depend on which SAML provider is configured.
The tables provide the parameter names and their data types (required for casting the returned Java Object).
For both implementations, the SAML response itself is passed using the parameter name specified by SAML:
SAMLResponse (String): The base64-encoded SAML Response element.
Table 9-2 SAML V2 Provider Custom POST Form Parameters
Parameter
Description
TARGET (String)
The TARGET URL specified as a query parameter on the incoming Intersite Transfer Service (ITS) request.
SAML_AssertionConsumerURL (String)
The URL of the Assertion Consumer Service (ACS) at the destination site (where the form should be POSTed).
SAML_AssertionConsumerParams (Map)
A Map containing name/value mappings for the assertion consumer parameters configured for the relying party. Names and values are Strings.
SAML_ITSRequestParams (Map)
A Map containing name/value mappings for the query parameters received with the ITS request. Names and values are Strings. The Map may be empty. TARGET and Rich Presence Information Data Format (RPID) parameters are removed from the map before passing it to the form.
Table 9-3 SAML V1 Provider Custom POST Form Parameters
Parameter
Description
targetURL (String)
The TARGET URL specified as a query parameter on the incoming ITS request.
consumerURL (String)
The URL of the ACS at the destination site (where the form should be POSTed).