Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure SAML Federation Services


The Federation Services page helps you configure a WebLogic Server instance to function as a producer or as a consumer of SAML assertions that can be used for the following:
  • Web single sign-on between online business partners
  • Exchange of identity information in web services security
The general process of configuring Federation Services depends upon the version of SAML you are using. WebLogic Server supports both SAML 1.1 and SAML 2.0.

If you are configuring SAML 1.1:

The general process of configuring WebLogic Server to serve as a SAML 1.1 federated partner is to:

  1. Configure the appropriate SAML security provider.

    If the WebLogic server instance is in the role of producing SAML assertions, configure the SAML source site. For information, see Configure SAML 1.1 source services.

    If the server instance is in the role of consuming SAML assertions -- that is, the server is a SAML destination site -- configure the SAML Identity Asserter provider. For information, see Configure SAML 1.1 destination services.

  2. Create the SAML partner.

    If the server is a SAML source site, create a SAML Relying Party. A SAML Relying Party is the federated partner from which an authentication request has arrived and for which a SAML assertion must be generated. For information, see Create a SAML 1.1 Relying Party.

    If the server is a SAML destination site, create a SAML Asserting Party. A SAML Asserting Party is the federated partner that generates SAML assertions containing the identity that must be authenticated as a local Subject. For information, see Create a SAML 1.1 Asserting Party.

  3. Configure the SAML partner.

    To configure a SAML Relying Party, see Configure a SAML 1.1 Relying Party.

    To configure a SAML Asserting Party, see Configure a SAML 1.1 Asserting Party.

If you are configuring SAML 2.0:

The general process of configuring WebLogic Server to serve as a SAML 2.0 federated partner is to:

  1. Configure the appropriate SAML security provider.

    If the WebLogic server instance is in the role of producing SAML assertions -- that is, the server is an Identity Provider -- configure the SAML 2.0 Credential Mapping provider. For more information, see Configure Credential Mapping Providers.

    If the server instance is in the role of consuming SAML assertions -- that is, the server is a Service Provider -- configure the SAML 2.0 Identity Asserter provider. For more information, see Configure Authentication and Identity Assertion providers.

  2. Configure SAML 2.0 general properties.

    Enter details about this WebLogic Server instance in its role as a SAML authority, and publish that information in a partner metadata file. You then share this file with your federated partners. For more information, see Configure SAML 2.0 general services.

  3. Configure SAML 2.0 properties for the specific role of this WebLogic Server instance.

    For information about configuring the server instance in the role of Identity Provider, see Configure SAML 2.0 Identity Provider services.

    For information about configuring the server instance in the role of Service Provider, see Configure SAML 2.0 Service Provider services.

  4. Create and configure your federated partners:

Related Topics


Back to Top