21 Configuring Single Sign-On with Web Browsers and HTTP Clients Using SAML

WebLogic Server supports single sign-on (SSO) based on SAML. You configure single sign-on with Web browsers or other HTTP clients by using authentication based on the Security Assertion Markup Language (SAML) 2.0.

SAML enables cross-platform authentication between Web applications or Web services running in an Oracle WebLogic Server domain and Web browsers or other HTTP clients. When users are authenticated at one site that participates in a single sign-on (SSO) configuration, they are automatically authenticated at other sites in the SSO configuration and do not need to log in separately.

Note:

• A WebLogic Server instance that is configured for SAML 2.0 SSO cannot send a request to a server instance configured for SAML 1.1, and vice-versa.

• WebLogic Server supports encrypted SAML assertions for SAML 2.0.

• WebLogic Server supports SAML Single Logout for the WebLogic SAML Service Provider.

For an overview of SAML-based single sign on, see the following topics in Understanding Security for Oracle WebLogic Server:

• Security Assertion Markup Language (SAML)

• Web Browsers and HTTP Clients via SAML

• Single Sign-On with the WebLogic Security Framework

This chapter includes the following sections:

• Configuring SAML Services

• SAML for Web Single Sign-On Scenario API Example

Configuring SAML Services

To configure SAML services for single sign-on with Web browsers and HTTP clients, see Configuring SAML 2.0 Services.

SAML for Web Single Sign-On Scenario API Example

WebLogic Server provides a set of code examples for learning about and working with WebLogic Server. These code examples include a security API example for a SAML for Web single sign-on (SSO) scenario.

The Web SSO example, which you build, run, and deploy, shows a variety of SSO configurations for your applications using WebLogic Server and SAML. The server examples provide access to code examples and sample applications that offer several approaches to learning about and working with WebLogic Server.

The following scenarios are included:

• SAML 2.0 POST binding

• SAML 2.0 Artifact binding with custom attributes

All files needed to build, deploy, and run the example are included, as are the scripts that configure the WebLogic domains that are used. For more information about the examples, including the directories in which they are installed, see Sample Application and Code Examples in Understanding Oracle WebLogic Server.