Oracle SAML allows Java developers to develop cross-domain single sign-on and federated access control solutions that conform to the SAML 1.0/1.1 and SAML 2.0 specifications.
This chapter contains the following topics:
The Oracle SAML SDK provides a Java API with supporting tools, documentation, and sample programs to assist developers of SAML-compliant Java security services. Oracle SAML can be integrated into existing Java solutions, including applets, applications, EJBs, servlets, and JSPs.
Oracle SAML provides the following features:
Support for the SAML 1.0/1.1 and 2.0 specifications
Support for SAML-based single sign-on (SSO), Attribute, Metadata, Enhanced Client Proxy, and federated identity profiles
See Also:
For more information and links to these specifications and related documents, see References.
This section explains how to set up your environment for Oracle SAML 1.0/1.1, how to use Oracle SAML 1.0/1.1, and the classes and interfaces of the Oracle SAML 1.0/1.1 toolkit. It contains the following topics:
The Oracle SAML Java API contains the following packages for creating SAML 1.0/1.1-compliant Java applications:
oracle.security.xmlsec.saml
This package contains classes that support SAML assertions.
oracle.security.xmlsec.samlp
This package contains classes that support the SAML request and response protocol (SAMLP).
The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME.
In order to use Oracle SAML, your system must have the Java Development Kit (JDK) version 1.6 or higher.
Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:
osdt_core.jar
osdt_cert.jar
osdt_xmlsec.jar
osdt_saml.jar
The org.jaxen_1.1.1.jar file (Jaxen XPath engine, included with your Oracle XML Security distribution)
See Setting the CLASSPATH Environment Variable for configuration details.
This section provides information and code samples for using the classes and interfaces of Oracle SAML 1.0/1.1. It contains these topics:
SAML assertions, requests, and responses are created with the Oracle SAML API.
This section provides a brief overview of the core SAML and SAMLP 1.0/1.1 classes with some brief code examples.
Topics include:
This class initializes the Oracle SAML toolkit. By default Oracle SAML is automatically initialized for SAML v1.0. You can also initialize Oracle SAML for a specific version of the SAML specification. When the initialize method is called for a specific version, previously initialized versions will remain initialized.
This example shows how to initialize the SAML toolkit for SAML v1.0 and SAML v1.1.
// initializes for SAML v1.1 SAMLInitializer.initialize(1, 1); // initializes for SAML v1.0, done by default SAMLInitializer.initialize(1, 0);
This class represents the Assertion element of the SAML Assertion schema.
This example shows how to create a new Assertion element and append it to an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
Assertion assertion = new Assertion(doc);
doc.getDocumentElement().appendChild(assertion);
This example shows how to obtain Assertion elements from an XML document.
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Assertion elements in the document
NodeList assrtList =
doc.getElementsByTagNameNS(SAMLURI.ns_saml, "Assertion");
if (assrtList.getLength() == 0)
System.err.println("No Assertion elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.saml.Assertion object and process
for (int s = 0, n = assrtList.getLength(); s < n; ++s)
{
Assertion assertion = new Assertion((Element)assrtList.item(s));
// Process Assertion element
...
}
This class represents the Request element of the SAML Protocol schema.
This example shows how to create a new Request element and append it to an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
Request request = new Request(doc);
doc.getDocumentElement().appendChild(request);
This example shows how to obtain Request elements from an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Request elements in the document
NodeList reqList =
doc.getElementsByTagNameNS(SAMLURI.ns_samlp, "Request");
if (reqList.getLength() == 0)
System.err.println("No Request elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.samlp.Request object and process
for (int s = 0, n = reqList.getLength(); s < n; ++s)
{
Request request = new Request((Element)reqList.item(s));
// Process Request element
...
}
This class represents the Response element of the SAML Protocol schema.
This example shows how to create a Response element and append it to an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
Response response = new Response(doc);
doc.getDocumentElement().appendChild(response);
This example shows how to obtain Response elements from an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Response elements in the document
NodeList respList =
doc.getElementsByTagNameNS(SAMLURI.ns_samlp, "Response");
if (respList.getLength() == 0)
System.err.println("No Response elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.samlp.Response object and process
for (int s = 0, n = respList.getLength(); s < n; ++s)
{
Response response = new Response((Element)respList.item(s));
// Process Response element
...
}
This section provides an overview of the supporting classes and interfaces of Oracle SAML 1.0/1.1:
This interface defines URI string constants for algorithms, namespaces, and objects. The following naming conventions are used:
Action Namespace URIs defined in the SAML 1.0 specifications begin with action_ .
Authentication Method Namespace URIs defined in the SAML 1.0 specifications begin with authentication_method_ .
Confirmation Method Namespace URIs defined in the SAML 1.0 specifications begin with confirmation_method_ .
Namespace URIs begin with ns_ .
The Oracle SAML 1.0/1.1 Java API reference (Javadoc) is available at:
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools
This section explains how to set up your environment for Oracle SAML 2.0, how to use Oracle SAML 2.0, and the classes and interfaces of the Oracle SAML 2.0 toolkit. It contains the following topics:
The Oracle SAML Java API contains the following packages for creating SAML 2.0-compliant Java applications:
oracle.security.xmlsec.saml2.core
This package contains classes that support SAML assertions.
oracle.security.xmlsec.saml2.protocol
This package contains classes that support the SAML request and response protocol (SAMLP).
oracle.security.xmlsec.saml2.ac
This package contains classes that support the SAML authentication context basic types.
oracle.security.xmlsec.saml2.ac.classes
This package contains classes that support various SAML authentication context classes.
oracle.security.xmlsec.saml2.metadata
This package contains classes that support the SAML metadata.
oracle.security.xmlsec.saml2.profiles.attributes
This package contains classes that support various SAML attribute profiles.
oracle.security.xmlsec.saml2.profiles.sso.ecp
This package contains classes that support the SAML ECP SSO profile.
The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME.
In order to use Oracle SAML, your system must have the Java Development Kit (JDK) version 1.6 or higher.
Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:
osdt_core.jar
osdt_cert.jar
osdt_xmlsec.jar
osdt_saml.jar
The org.jaxen_1.1.1.jar file (Jaxen XPath engine, included with your Oracle XML Security distribution)
For example, your CLASSPATH might look like this:
%CLASSPATH%;%ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_core.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_cert.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_xmlsec.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_saml.jar; %ORACLE_HOME%\modules\oracle.osdt_11.1.1\osdt_saml2.jar; %ORACLE_HOME%\modules\org.jaxen_1.1.1.jar;
See Setting the CLASSPATH Environment Variable for configuration details.
This section provides information and code samples for using the classes and interfaces of Oracle SAML 2.0. It contains these sections:
Core classes of the Oracle SAML 2.0 API enable you to create assertions, requests, and responses.
This section provides an overview of the core SAML and SAMLP classes with some brief code examples. Topics are:
This class represents the Assertion element of the SAML Assertion schema.
This example shows how to create a new Assertion element and append it to an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
Assertion assertion = new Assertion(doc);
doc.getDocumentElement().appendChild(assertion);
This example shows how to obtain Assertion elements from an XML document.
// Get a list of all Assertion elements in the document
NodeList assrtList =
doc.getElementsByTagNameNS(SAML2URI.ns_saml, "Assertion");
if (assrtList.getLength() == 0)
System.err.println("No Assertion elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.saml2.core.Assertion object and process
for (int s = 0, n = assrtList.getLength(); s < n; ++s)
{
Assertion assertion = new Assertion((Element)assrtList.item(s));
// Process Assertion element
...
}
This class represents the AuthnRequest element of the SAML Protocol schema.
This example shows how to create a new AuthnRequest element and append it to an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
AuthnRequest request = new AuthnRequest(doc);
doc.getDocumentElement().appendChild(response);
This example shows how to obtain AuthnRequest elements from an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all AuthnRequest elements in the document
NodeList reqList =
doc.getElementsByTagNameNS(SAML2URI.ns_samlp, "AuthnRequest");
if (reqList.getLength() == 0)
System.err.println("No Request elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.saml2.protocol.AuthnRequest
// object and process
for (int s = 0, n = reqList.getLength(); s < n; ++s)
{
AuthnRequest request = new AuthnRequest((Element)reqList.item(s));
// Process Request element
...
}
This class represents the Response element of the SAML Protocol schema.
The samlp:StatusResponseType element is a base type representing an extension point for the SAML 2.0 protocols. The various protocols defined in the SAML 2.0 specification use sub-types such as samlp:Response or samlp:LogoutResponse.
This example shows how to create a Response element and append it to an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
Response response = new Response(doc);
doc.getDocumentElement().appendChild(response);
This example shows how to obtain Response elements from an existing XML document.
Document doc = Instance of org.w3c.dom.Document;
// Get a list of all Response elements in the document
NodeList respList =
doc.getElementsByTagNameNS(SAML2URI.ns_samlp, "Response");
if (respList.getLength() == 0)
System.err.println("No Response elements found.");
// Convert each org.w3c.dom.Node object to a
// oracle.security.xmlsec.saml2.protocol.Response object and process
for (int s = 0, n = respList.getLength(); s < n; ++s)
{
Response response = new Response((Element)respList.item(s));
// Process Response element
...
}
This section provides an overview of the supporting classes and interfaces of Oracle SAML 2.0. It includes:
This interface defines URI string constants for algorithms, namespaces, and objects. The interface uses these naming conventions:
Action namespace URIs defined in the SAML 1.0/1.1/2.0 specifications begin with action_ .
Authentication method namespace URIs defined in the SAML 1.0/1.1/2.0 specifications begin with authentication_method_.
Confirmation method namespace URIs defined in the SAML 1.0/1.1/2.0 specifications begin with confirmation_method_ .
Namespace URIs begin with ns_.
The Oracle SAML Java API reference (Javadoc) is available at:
Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools