Oracle® OpenSSO Release Notes Release 11gR1. Version 11.1.1.3.0 Part Number E17846-03 |
|
|
View PDF |
The Oracle OpenSSO Fedlet (Fedlet) is a lightweight service provider (SP) implementation that can be integrated with a Java or .NET application, enabling the application to communicate with an identity provider (IdP) such as an Oracle Identity Federation identity provider using the SAML 2.0 protocol.
This chapter includes the following topics for the Oracle OpenSSO Fedlet:
For detailed information, see the Oracle OpenSSO Fedlet Interoperability Guide for Oracle Identity Federation in this documentation library.
For information about the platforms and product versions supported by the Oracle OpenSSO Fedlet, see the appropriate certification matrix:
http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html
The Oracle OpenSSO Fedlet is available to download from the Oracle Fusion Middleware 11gR1 Software Downloads page:
http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.html
For some deployments, rather than downloading the Oracle OpenSSO Fedlet, a service provider administrator can get a previously configured Oracle OpenSSO Fedlet package from the identity provider administrator.
This section describes the following issues and workarounds for the Oracle OpenSSO Fedlet:
Section 2.3.2, "Java Oracle OpenSSO Fedlet Single Sign-On Fails on JBoss AS 5.0.x"
Section 2.3.3, "ConfigureFedlet Program Has Incorrect Korean Translation"
Section 2.3.4, "ConfigureFedlet Program Returns Message "Unrecognized command: -genKey""
Included per bug 9952201.
If the Oracle OpenSSO Fedlet service provider metadata (sp.xml
file) does not include a signing certificate, a version 11.1.1.2.0 and earlier Oracle Identity Federation identity provider returns an error at run time when it receives a SAML 2.0 AuthN request.
The workaround is to add a signing certificate to the Oracle OpenSSO Fedlet service provider metadata before you load the metadata into the Oracle Identity Federation identity provider.
The absence of a signing certificate in the Oracle OpenSSO Fedlet service provider metadata indicates that the Fedlet will not be sending signed requests. Therefore, you can add any arbitrary certificate to the metadata for this workaround, since the certificate will never be used at run time for signature verification.
Included per bug 9965450.
If you deploy the Java Oracle OpenSSO Fedlet on JBoss Application Server 5.0.x, index.jsp
does not display and the Java Fedlet single sign-on (SSO) fails with an IllegalStateException.
The workaround is to add the following Java options for JBoss AS 5.0.x:
Stop the JBoss AS 5.0.x web container.
Add the following Java options in the JBoss AS 5.0.x run.conf
file:
-Djavax.xml.soap.MetaFactory=com.sun.xml.messaging.saaj.soap.SAAJMetaFactoryImpl -Djavax.xml.soap.MessageFactory=com.sun.xml.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl -Djavax.xml.soap.SOAPConnectionFactory=com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnectionFactory -Djavax.xml.soap.SOAPFactory=com.sun.xml.messaging.saaj.soap.ver1_1.SOAPFactory1_1Impl
Start the JBoss AS 5.0.x web container.
Included per bug 9946834.
The Korean translation of the Java Oracle OpenSSO Fedlet ConfigureFedlet
program has an incorrect translation of the following prompt:
Enter the directory with path where Oracle-OpenSSO-Fedlet.zip is extracted to:
The workaround is to specify the directory where you extracted the Oracle-OpenSSO-Fedlet.zip
file.
Included per bug 12408673.
This error message is displayed when you use the ConfigureFedlet Program to configure the Fedlet and both of the following are true:
You are using a newer JDK such as Java version 1.6.0_22.
You answered "Yes" to this question: "Do you want to generate keystore and key pair for the Fedlet?"
The program fails with the following error:
ERROR>Unrecognized command: -genKey OUTPUT>Usage: keytool [COMMAND] [-- COMMAND]... OUTPUT>Manage private keys and public certificates. OUTPUT>Cannot generate keystore.
Use one of the following workarounds:
Use an older version of JDK such as Java version 1.6.0_21.
Use a newer version of JDK, but answer "No" to the question: "Do you want to generate keystore and key pair for the Fedlet?"
Then after the Configure Fedlet program is done, follow the steps in this documentation to generate the keystore and a signing/encryption certificate for the Fedlet: http://download.oracle.com/docs/cd/E17842_01/doc.1111/e17847/configjavasp.htm#BABEGHCE
This section describes documentation errata for the Oracle OpenSSO Fedlet.
The Oracle OpenSSO Fedlet Java API reference is available in the Oracle OpenSSO 8.0 Update 2 Java API Reference:
http://download.oracle.com/docs/cd/E19681-01/821-2131/index.html
Note:
The Oracle OpenSSO Fedlet does not support thegetPolicyDecisionForFedlet
method.