| |
Servers: Configuration: Federation Services: SAML 2.0 Identity Provider
Configuration Options Related Tasks Related Topics
This page configures the SAML 2.0 per server identity provider properties
If you are configuring SAML 2.0 Identity Provider services for web single sign-on, after you complete the configuration settings on this page, return to the SAML 2.0 General page and click Publish Meta Data.
Configuration Options
Name Description Enabled Specifies whether the local site is enabled for the Identity Provider role.
MBean Attribute:
SingleSignOnServicesMBean.IdentityProviderEnabledOnly Accept Signed Authentication Requests Specifies whether incoming authentication requests must be signed. If set, authentication requests that are not signed are not accepted.
MBean Attribute:
SingleSignOnServicesMBean.WantAuthnRequestsSignedLogin Customized Specifies whether a customized login web application is used. If you use a customized login web application, you must specify a login URL. If you do not customize the login, the login URL and login return query parameter are cleared when you save the changes.
If you use a customized login web application, you must specify a login URL. If you do not use a customized login web application, the login URL and login return query parameter are cleared when you save the changes to this page.
MBean Attribute:
SingleSignOnServicesMBean.LoginURLLogin URL The URL of the login form web application to which unauthenticated requests are directed.
By default, the login URL is
/saml2/idp/loginusing Basic authentication. Typically you specify this URL if you are using a custom login web application.MBean Attribute:
SingleSignOnServicesMBean.LoginURLLogin Return Query Parameter The name of the query parameter to be used for conveying the login-return URL to the login form web application.
MBean Attribute:
SingleSignOnServicesMBean.LoginReturnQueryParameterPOST Binding Enabled Specifies whether the POST binding is enabled for the Identity Provider.
MBean Attribute:
SingleSignOnServicesMBean.IdentityProviderPOSTBindingEnabledRedirect Binding Enabled Specifies whether the Redirect binding is enabled for the Identity Provider.
MBean Attribute:
SingleSignOnServicesMBean.IdentityProviderRedirectBindingEnabledArtifact Binding Enabled Specifies whether the Artifact binding is enabled for the Identity Provider.
MBean Attribute:
SingleSignOnServicesMBean.IdentityProviderArtifactBindingEnabledPreferred Binding Specifies the preferred binding type for endpoints of the Identity Provider services. Must be set to
None,HTTP/POST,HTTP/Artifact, orHTTP/Redirect.MBean Attribute:
SingleSignOnServicesMBean.IdentityProviderPreferredBindingReplicated Cache Specifies whether the persistent cache (LDAP or RDBMS) is used for storing SAML 2.0 artifacts and authentication requests.
RDBMS is required by the SAML 2.0 security providers in production environments. Use LDAP only in development environments.
If this is not set, artifacts and requests are saved in memory.
If you are configuring SAML 2.0 services for two or more WebLogic Server instances in a domain, you must enable the replicated cache individually on each server. In addition, if you are configuring SAML 2.0 services in a cluster, each Managed Server must also be configured individually.
MBean Attribute:
SingleSignOnServicesMBean.ReplicatedCacheEnabledChanges take effect after you redeploy the module or restart the server.
Assertion Encryption Get assertion encryption enabled flag
MBean Attribute:
SingleSignOnServicesMBean.AssertionEncryptionEnabledKey Encryption Algorithm Get the preferred key encryption algorithm for SAML assertion encryption. This algorithm is used if it is found in the Service Provider's metadata or if the Service Partner's metadata does not include any key encryption algorithm.
MBean Attribute:
SingleSignOnServicesMBean.KeyEncryptionAlgorithmData Encryption Algorithm Get the preferred data encryption algorithm for SAML assertion encryption. This algorithm is used if it is found in the Service Provider's metadata or if the Service Partner's metadata does not include any data encryption algorithm.
MBean Attribute:
SingleSignOnServicesMBean.DataEncryptionAlgorithm
|