OTN Home > Oracle WebLogic Server 12.2.1.4.0 Documentation > Administration Console Online Help > Configure SAML 2.0 Service Provider services

Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure SAML 2.0 Service Provider services

Before you begin


You can use the Federation Services > SAML 2.0 Service Provider page to configure this WebLogic Server instance as a SAML 2.0 Service Provider. A Service Provider is a SAML authority that can receive SAML assertions and extract identity information from those assertions. The identity information can then be mapped to local Subjects, and optionally groups as well, that can be authenticated.

To configure a server as a SAML 2.0 Service Provider:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane, select Environment > Servers and click the name of the server you are configuring (for example, myserver).
  3. Select Configuration > Federation Services > SAML 2.0 Service Provider.
  4. Select Enabled to activate SAML 2.0 services in this server in the role of Service Provider.
  5. Set the configuration options for the local SAML 2.0 Service Provider services as appropriate. Note the following:
    1. Choose options for Always Sign Authentication Requests and Only Accept Signed Assertions as desired and in a manner that is coordinated with your federated partners so that authentication requests and assertions are accepted. Note that Only Accept Signed Assertions is selected by default to ensure that all incoming SAML 2.0 assertions must be signed.
    2. Provide the Assertion Key Pass Phrase required to retrieve the local site assertion key from the keystore, and the Assertion Key Alias for the keystore that contains the certificate and private key used to encrypt and decrypt the SAML assertions. Optionally, update the default list of encryption algorithms in the Meta Data Encryption Algorithms field.
    3. Communicate the SAML bindings settings for this server with your federated partners to ensure compatibility.
  6. Click Save.
  7. If you are configuring SAML 2.0 Service Provider services for web single sign-on, select SAML 2.0 General, and click Publish Meta Data.

    For more information about publishing SAML 2.0 metadata, see Publishing and Distributing the Metadata File.

  8. To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
    Not all changes take effect immediately—some require a restart (see Use the Change Center).

After you finish

Coordinate with your federated partners to ensure that the SAML bindings you have enabled for this SAML authority, as well as your requirements for signed documents, are compatible with your partners. For more information, see Create and Configure Web Single Sign-On Identity Provider Partners.

Related Tasks

Related Topics


Back to Top