2.2 SAML Authentication Provider configuration

This topic describes the systematic instruction to SAML Authentication Provider configuration option.

Steps to configure SAML Authentication Providers changes into WebLogic console.

1. Login to WebLogic console with admin login and navigate to “Security Realms”.

   Figure 2-10 Security Realms

   
   

   
   Description of "Figure 2-10 Security Realms"

   
   
2. → Click on myrealm or your realm name present in screen. Navigate to “Providers” tab.

   Figure 2-11 Providers

   
   

   
   Description of "Figure 2-11 Providers"

   
   
3. Select “DefaultAuthenticator” and change the Control Flag value to “SUFFICIENT”.

   Figure 2-12 Default Authenticator

   
   

   
   Description of "Figure 2-12 Default Authenticator "

   
   
4. Again, navigate to “Security Realms” → myrealms → Providers and click on New button to create new Authentication Provider.
   Fill the below mentioned fields with appropriate values and click on OK.

   1. Name: Name of authentication provider.
   2. Type : Select value as “SAML2IdentityAsserter”.

   Figure 2-13 Create Authentication Provider

   
   

   
   Description of "Figure 2-13 Create Authentication Provider"

   
   
5. Restart Admin Server.
6. Login to WebLogic console and navigate to “Security Realms” → myrealms → Providers newly created authentication provider (e.g. SAML_OBDX_CONFIG) and navigate to “Management” tab.
7. Click on New button to add the Identity Provider Partner and select “New Web Single Sign-On Identity Provider Partner”.

   Figure 2-14 Management

   
   

   
   Description of "Figure 2-14 Management"

   
   
8. Provide the name for the identity partner and select the IDC metadata xml copied to WebLogic server.
   Click OK button to save.

   Figure 2-15 Create a SAML 2.0 Web Single Sign-on Identity Provider Partner

   
   

   
   Description of "Figure 2-15 Create a SAML 2.0 Web Single Sign-on Identity Provider Partner"

   
   
9. Open the newly added Identity Provider Partner and select below mentioned checkboxes and field and click on Save.
   1. Enable: Checked
   2. Virtual User: Checked
   3. Redirect URIs: /digx-infra/admin-dashboard

   Figure 2-16 Settings for Create a SAML 2.0 Web Single Sign-on Identity Provider Partner

   
   

   
   Description of "Figure 2-16 Settings for Create a SAML 2.0 Web Single Sign-on Identity Provider Partner"

   
   
10. Navigate to “Environment” → “Servers” and select the server on which SSO authentication application will be deployed.

    Figure 2-17 Servers

    
    

    
    Description of "Figure 2-17 Servers"

    
    
11. Navigate to “Federation Services” → “SAML 2.0 General” and provide values to below mentioned fields. Click on Save.
    1. Published Site URL: Recommended URL format <OHS URL>/saml2

       e.g. <PROTOCOL>://<OHS_HOST>:<OHS_PORT>/saml2

       http://whf000xxx.bank.com:9999/saml2

    2. Entity Id: Value should match with Entity Id provided in SAML configuration in IDCS console.
    3. Recipient Check Enabled: unchecked.

    Figure 2-18 SAML 2.0 General

    
    

    
    Description of "Figure 2-18 SAML 2.0 General"

    
    
12. Navigate to “Federation Services” → “SAML 2.0 Service Provider” and provide values to blow mentioned fields and click on Save.
    1. Enabled: Check box should be checked.
    2. Preferred Binding: Post
    3. Default URL: <OHS_URL>/digx-infra/admin-dashboard