Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure SAML 2.0 general services

Before you begin


You can use the Federation Services > SAML 2.0 General page to configure general SAML 2.0 services for this server. If you are configuring SAML 2.0 web single sign-on services with your federated partners, the site information you configure is published in a metadata file that you send to your federated partners.

To configure the general SAML 2.0 properties of this server:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane, select Environment > Servers and click the name of the server you are configuring (for example, myserver).
  3. Select Configuration > Federation Services > SAML 2.0 General.
  4. Select Replicated Cache Enabled to use the persistent cache for storing SAML 2.0 artifacts.

    This option is required if you are configuring SAML 2.0 services in two or more WebLogic Server instances in your domain. For example, if you are configuring SAML 2.0 services in a cluster, you must enable this option in each Managed Server instance individually.

    Note: If you are configuring SAML 2.0 services in two or more WebLogic Server instances in your domain, you must configure the RDBMS security store. The embedded LDAP server is not supported in these configurations.

  5. In the section titled Site Info, enter the following information about your SAML 2.0 site:
    1. Contact person details.
    2. Your organization's name and URL.
    3. The Published Site URL, which is the top-level URL for your site's SAML 2.0 service endpoints. This URL must be appended with the string /saml2, which will be automatically combined with constant suffixes to create full endpoint URLs.
  6. In the section titled Bindings, enter the common binding information to be used by this SAML 2.0 server instance.

    If you do not specify a Transport Layer Security key alias and passphrase, the server’s configured SSL private key alias and passphrase from the server's SSL configuration is used for the TLS alias by default.

  7. If the Artifact binding is enabled for any SAML 2.0 security provider hosted on this server instance, configure the Artifact Resolution Service in the section titled Artifact Resolution Service.
  8. In the section titled Single Sign-on, enter the keystore alias and passphrase for the key to be used for signing documents sent to federated partners.

    If you do not specify a single sign-on signing key alias and passphrase, the server’s configured SSL private key alias and passphrase from the server's SSL configuration is used by default.

  9. Click Save.
  10. Optionally, click Publish Meta Data to create or update the partner metadata file, which contains the information about this site's SAML 2.0 services to be shared with your federated partners that is used for SAML 2.0 web single sign-on.

    For more information, see Configuring Single Sign-On with Web Browsers and HTTP Clients.

  11. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

After you have configured this server's general SAML 2.0 services, click SAML 2.0 Identity Provider or SAML 2.0 Service Provider to configure this server as an Identity Provider or Service Provider, respectively. For more information, see Configure SAML 2.0 Identity Provider services and Configure SAML 2.0 Service Provider services.

See also Configuring Single Sign-On with Web Browsers and HTTP Clients, Configuring Identity and Trust, and Using Security Assertion Markup Language (SAML) Tokens For Identity.


Back to Top