Configuring Single Sign-On using SAML in WebLogic Server 9.2

Similar Messages

• Single Sign-On using SAML in WebLogic Server 10.3

  I followed Vikrant Sawant's tutorial on how to configure single sign-on (SSO) with SAML in WebLogic (http://www.oracle.com/technology/pub/articles/dev2arch/2006/12/sso-with-saml.html) but am being forced to re-authenticate when going from Domain B back to Domain A. I'd appreciate any help or suggestions.
  I posted a question in the General forum here:
  Single Sign-On using SAML in WebLogic Server 10.3

  I too am facing the same problem SSO with SAML - Session on Source Site killed after landing on Destination
  Thanks
  Togotutor
  <b><a class="jive-link-external" href="http://www.togotutor.com">http://www.togotutor.com</a> (Learn Programming and Administration for Free)</b>
  Edited by: user7507600 on Sep 17, 2010 10:01 AM

• Single Sign on using SAML between JWS application and Web Application

  Hi,
  We have two applications one is swing based Java Web Start application and other is a normal web application. We are trying to enable single sign on between both the applications. Can SAML be used to enable single sign on? If yes, can some one let us know how to do this?
  Thanks,
  Rama

  Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
  Thanks.
  Rama

• Single sign-on using Kerberos and Ldap

  I am currently setting up single sign-on using Kerberos for authentication and Ldap for authorization and information store.
  The setup includes several Solaris 8 & 9 workstations, a couple of SGI's, as well as a M$ terminal server farm, several WinXP desktops and their associated Active Directory.
  I am required to authenticate etc against the AD. (which has M$ SFU3.5 installed)
  I have the Kerberos authentication and part of the Ldap service working via pam & nss.
  ie. I can logon to the solaris worksatations using the AD username and password, mount the home directory from a M$ NFS server.
  BUT...
  id gives:- userID, groupID (primary group only)
  groups :- primary group only. (no secondary groups are listed)
  Question: what additional configuration information do I need in the pam, nss &/or ldap config files, so that I can list the secondary groups.
  Thanks in advance for any help.

  After evaluating (giving up on, and finally throwing out) the Sun Directory server it looks like we are going to endup with a similar solution..
  Sadly enough, the MS AD seems much more stable and easier to handle than Suns DS, kerberos and associated services.
  Anyway, currently we are evaluating a product called vintela ( www.vintela.com ), and it seems very promising; its easy, robust, stable and does what we require it to do, as well as more :) It comes with an additional nss module called 'vas', so you easily can retrieve data like hosts/groups from your AD.
  //M.

• Single sign on using IDM??????...plz help

  hey friends,,i need to make single sign on using IDm without system access mananger,,but using identity manager,,,i have netbean in which i have deployed idm war,,,now i have company site in which various subb-sites r thr,,,i need to make single sign on for all these,,,i dont know how to proceed so plz help...

  You need to have J2EE Policy Agent on the Appserver mechine where you will have your IDM server running. There are set of configuration steps involved in-order to acheive SSO/Pass thorugh Authentication.
  Thanks
  --ANJI                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Single sign-on using Oracle Identity Management

  Hi All,
  I am new to Oracle Identity Management. We are planning to implement Oracle Identity Management in our environment, which consists of :
  * Microsoft Active Directory.
  * Microsoft Exchange
  * Oracle eBusiness Suite Release 12 running on RedHat Enterprise Linux 5.5
  Is it possible to implement single sign-on using Oracle Identity Management. Once you integrate Microsoft Active Directory, Microsoft Exchange & Oracle eBS, a user should not be prompted to enter password to access Oralce Applications once he logins to his computer/Windows.
  Thank you for your time.
  Thanks

  Hi,
  You need to use different product eSSO for single sign on. to manage user credentials for applications from OIM then you need to implement Provisioning Gateway connector.
  Once you have eSSO Logon manager running on users workstation, user will be prompted for credentials for first time then going forward it will not ask.
  Regards,
  Raghav.

• Using servlet in weblogic server

  hi, guys,
  I have done quite a few research about using servlet in weblogic server, but still can't get it work, hope you guys can provide some suggestion. Thank you in advance.
  I have a folder structure like this:
  There is a "Jsp" folder under the "WebContent", and there is a configJsp.jsp file inside this folder, which is:<br>
  <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
  pageEncoding="ISO-8859-1"%> <br>
  <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><br>
  <html> <br>
  <head> <br>
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <br>
  <title>Insert title here </title> <br>
  </head> <br>
  <body> <br>
  <form method="POST" action="Config"> <br>
  <input type="text" name="myText"/> <br>
  <input type="submit" name="mySubmit" value="submit"> <br>
  </form> <br>
  </body> <br>
  </html> <br>
  And then under the "Java Resources", there is a "servlet" package, there is a ConfigServlet.java file inside, which is like this:
  <br>
  package servlet; <br>
  <br>
  import java.io.*; <br>
  import javax.servlet.*; <br>
  import javax.servlet.http.*; <br>
  public class ConfigServlet extends HttpServlet <br>
  {  <br>
  public void doGet(HttpServletRequest request,HttpServletResponse response) <br> throws ServletException,IOException <br>
  { <br>
  doPost(request, response); <br>
  } <br>
  <br>
  public void doPost(HttpServletRequest request,HttpServletResponse response) <br> throws ServletException,IOException <br>
  {  <br>
  String textContent=request.getParameter("myText"); <br>
  response.setContentType("text/html"); <br>
  PrintWriter out = response.getWriter(); <br>
  out.println(" <html>"); <br>
  out.println(" <head> <title>ServletCommit </title> </head>"); <br>
  out.println(" <body>"); <br>
  out.println(textContent); <br>
  out.println(" </body> </html>"); <br>
  } <br>
  } <br>
  and I add the following mapping configuration into web.xml:
  <servlet> <br>
  <servlet-name>Config </servlet-name> <br>
  <servlet-class>servlet.ConfigServlet </servlet-class> <br>
  </servlet> <br>
  <servlet-mapping> <br>
  <servlet-name>Config </servlet-name> <br>
  <url-pattern>/Jsp/* </url-pattern> <br>
  </servlet-mapping> <br><br>
  I run the application, click "submit", and got the following error message:<br>
  Error 404--Not Found <br>
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.5 404 Not Found<br>
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.<br><br>
  If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. <br><br>
  I guess there might be something wrong with the jsp and servlet mapping, but don't know what exactly it is, and have tried to change some configuration as well, but they don't work. This has annoyed me for a few days, hope there is someone who can be so kind to help me out of this. Thank you again.
  null

  to james.bayer:<br>
  I tried modifying my web.xml like the following:<br><br>
  <servlet><br>
  <servlet-name>Config</servlet-name><br>
  <servlet-class>servlet.ConfigServlet</servlet-class><br>
  </servlet><br>
  <servlet-mapping><br>
  <servlet-name>Config</servlet-name><br>
  <url-pattern>/Config</url-pattern><br>
  </servlet-mapping><br><br>
  is that what you mean? but the same error appear again, it doesn't seem to be able to find the servlet.<br><br>
  I am using an BEA workshop for weblogic platform 10.0. Actually, I am trying to develop a portal, and I need a jsp to be included in it, and will need to deal with the form submit. The jsp is under a portal application, does it matter? Or is it different with a normal dynamic web application? Thank you for your advice.

• Configuring JCo3 Connection Pool with single sign on on non SAP Java server

  Hi Everyone,
  i have configured a connection pool on JBoss as per JCo3 Documentation and is working great.
  Now I need help to configure this connection pool with single sign on so that RFc on SAP ECC systems are executed using end users credential rather than using single user name password used to configure JCo connection pool.
  On SAP Java stack I am sure its possible within Java WebDynpro    and i assume using JCA resource adapter. But what if we don't want to use SAP Java App server.
  Any help will be appreciated.
  Thanks,
  Divyakumar Jain

  Eason, 你好！
  I have exactly the same problem.  Did you find a solution to this problem?  If so, please let me know!

• Oracle Single Sign-On: Use NTLM inside LAN

  hi,
  i want to configure oracle single sign-on to use NTLM authentication when accessing a protected resource from the LAN (specific IP-range). when a user is accessing a protected resource from the internet it should still show up the login-page.
  how can i achieve that?
  regards,
  matthias

  Hi Darsh,
  1. Oracle Internet Directory (OID) is Oracle LDAP storage solution (more here), Oracle Virtual Directory is Oracle solution that can read identity data (and filter it (mask it) based on policies) from Oracle/non-Oracle databases, Oracle/non-Oracle Directories and files and provide the user profiles as LDAP view (more here), There is nothing called Oracle Active Directory, you must be referring to Microsoft Active Directory.
  2. No, Oracle Single Sign On (OSSO) is a feature in iAS (its obsolete), Identity Management is wide umbrella of solutions and concepts.
  3. Oracle Access Manager is one component of Oracle Identity and Access Management suite of products.
  4. Webgate is Oracle access Manager agent that is installed on a webtier, it intercepts the web requests and collect the credentails, send them to Oracle Access Manager for security evaluation (decide what Authentication is needed, verify collect credentials, etc), webgate then enforce the Access Manager decision.
  5. Oracle EBS AccessGate is a java application that has the same use of OAM Webgate (it is OAM agent) but specific to E Business suite, EBS Access Gate is the new solution replacing OSSO agents, OAM is replacing OSSO server component, EBS and OSSO customers can use OAM server with OSSO agents, or with EBS AccessGate.
  HTH.
  Ghassan

• E-sourcing Single sign on and SAML 1.1

  Does anyone have experience of using SAML token 1.1 to authenticate external users in e-sourcing?
  We have an external IdP u201CIdentity Provideru201D or u201CSource Siteu201D in the SAML-based exchange.
  We have a Portal that plays the role of u201CIdentity Asserteru201D or u201CService Provideru201D or u201CDestination Siteu201D in the SAML-based exchange, SAP e-sourcing would be Assertion Consumer Service.

  Thanks. But it is based on two WEB applications deployed on two different weblogic domains. What I am looking for is one application which is launched using Java Web Start(JNLP) and other a web application. The Java Web Start application uses its proprietary authentication implementation and the web application used DefaultAuthenticator of weblogic. Hope this detail will help you to answer my question better. I should have given this information earlier.
  Thanks.
  Rama

• Single sign on using AES or Triple DES algorithm.

  Hello all-
  At my client place we have to setup a Single Sign On Functionality to an external system. The link will be on the portal page for the employees to click. This functioanlity has to be done by either AES (Advanced Encryption Algorithm) or Triple DES algorithm.
  When the user clicks the SSO link on the portal page, the BSP application should implement any of these two above mentioned encryption algorithms and post the encrypted key appended to the third party URL. Then the third party system will decrypt and verify the user who is requesting the information and accordingly either allow or deny.
  If anyone has any info on this please revert back.
  Thank you very much for the help.
  Ramesh.

  Hi Ramesh,
  Did u get any clarification regarding Standard Triple DES algorithm.
  If yes,Please let me know.
  Thanks,
  JOhny lever

• Ask the Experts: Single Sign-On with Cisco WebEx Meetings Server, Internet Reverse Proxy, and Enterprise License Manager Solutions

  With Arun Kumar
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single Sign-On (SSO) with Cisco WebEx Meetings Server (Cisco WMS), Internet Reverse Proxy (IRP), and Enterprise License Manager (ELM) solutions.
  SSO standards such as Security Assertion Markup Language (SAML) 2.0 provide secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. SSO enables simplified user authentication and management.
  IRP provides public access, enabling users to host or attend meetings from the Internet and mobile devices. Although IRP is optional, Cisco encourages its use because it provides a better user experience for your mobile workforce.
  Example question topics include:
  SSO profiles and SAML 2.0 Identity providers (IdPs) supported in Cisco WMS
  Basic configuration of IdPs
  Interaction between IdPs and Cisco WMS
  Difference between the cloud client implementation and Cisco WMS
  Meeting access behavior in a split-horizon network topology with SSO
  How to enable public access to Cisco WMS
  Cisco WMS ELM operations
  Cisco WMS ELM compared to other unified communications ELM or standalone ELM and compatibility/inoperability between them
  Arun Kumar is a team lead in the San Jose Conferencing Technical Assistance Center. He has over eight years of experience in conferencing technology and specializes in Cisco Unified Meeting Place Express and Cisco WebEx Meeting Server. He joined Cisco in 2010 as an escalation engineer for the Cisco Telepresence group. Before joining Cisco he worked for the UK's third-largest internet service provider Supanet on VoIP technology and the *Nix domain. Kumar holds a master of science degree in computer science from Sikkim Manipal University in India, and he holds CCIE (Voice) and VMware Certified Professional certifications.
  Remember to use the rating system to let Arun know if you have received an adequate response.
  Arun might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice, and Video community Other Subjects subcommunity shortly after the event. This event lasts through Monday May 17, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Mobile Service,
  CWMS and Jabber integrations:
  http://www.cisco.com/en/US/docs/voice_ip_comm/jabber/Windows/9_1/JABW_BK_E4CC9599_00_environment-configuration-guide_chapter_01.html#JABW_TK_SF2ED5E1_00
  In above link start from section: Set Up Cisco WebEx Meetings Server on Cisco Unified Presence
  then move to section: Add Cisco WebEx Meetings Server to a Profile
  Once done, move to section: Specify Conferencing Credentials in the Client side. You will see above server already listed there, just go ahead and enter your username and password (pleae make sure this user already exists on your CWMS) and accept any certificate/s if presented. Jabber Integration is done and you can start testing the same.
  Attached CWMS - AFDS integration doc.
  Please let me know if any furhter question.
  Thanks, Arun

• SSO using SAML2 in WebLogic Server 10.3 not working

  Dear all,
  I have tried all possible configuration to configure SSO but with no hope :(
  My requirement is to configure SSO using SAML2, weblogic 10.3 and 1 domain.
  I followed the following links in my configuration:
  1- http://biemond.blogspot.com/2009/09/sso-with-weblogic-1031-and-saml2.html
  2- http://blogbypuneeth.wordpress.com/2011/01/15/steps-to-configure-saml-2-on-weblogic-server-10-3-0/
  Please if anyone can send me any other tutorial or working sample application as maybe i am configuring the web/weblogic xmls in a wrong way
  Appreciate any help

  Hi,
  This is how my web.xml looks like :
       <display-name>SAML Destination Site Application</display-name>
       <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
       </welcome-file-list>
       <security-constraint>
            <web-resource-collection>
                 <web-resource-name>SecurePages</web-resource-name>
                 <description>These pages are only accessible by authorized users.</description>
  <url-pattern>samldest01App/restricted01/*</url-pattern>
  <http-method>GET</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <description>These are the roles who have access.</description>
                 <role-name>SamlUser</role-name>
            </auth-constraint>
            <user-data-constraint>
                 <description>This is how the user data must be transmitted.</description>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
       <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>myrealm</realm-name>
       </login-config>
       <security-role>
            <description>These are the roles who have access.</description>
            <role-name>SamlUser</role-name>
       </security-role>
  </web-app>
  weblogic.xml :
  <?xml version='1.0' encoding='UTF-8'?>
  <weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <security-role-assignment>
            <role-name>SamlUser</role-name>
            <principal-name>SAML_SSO_GRP</principal-name>          
       </security-role-assignment>
       <context-root>/samldest01App</context-root>
  </weblogic-web-app>

• How to implement single sign-on using java?

  I need your help regarding the following task, please go through it and tell me if you have a solution to it.
  DSOWeb is a portal which has links to all the reports generated from Microstrategy8.0.1 (MSTR) [it is another tool which generates the BI Reports] and my requirement is like when a report link in DSOWeb is clicked it goes to MSTR and shows a report of MSTR but the user is unaware of all this that the system is entering into some other portal and giving that report to him.
  1. User logs into DSOWeb (Implemented using Struts framework) - He is automatically logged into MSTR (Java Spring Architecture) as well.
  How to get the session Id of MSTR from DSOWeb and maintain that session within the DSOWeb???
  2.User clicks on a report link - He either uses the session created above or a new session is created for him, if the old one no longer exists.
  3.When User clicks Logout in DSOWeb the system should also internally invalidate the MSTR Session and logout from MSTR .
  Note : Here DSOWeb and MSTR applications are running in different Servers.

  Hello Meghal,
  It is possible to implement social login via Facebook for SAP Enterprise Portal 7.3 by simply using the SAP Cloud Identity offering.
  More details about SAP Cloud Identity you will be able to find here:
  SAP Cloud Identity Solution Brief:  Simplify and Secure Cloud Access to Critical Business Data
  SAP Cloud Identity features - latest release: http://scn.sap.com/community/security/blog/2014/12/18/new-capabilities-with-the-latest-release-of-the-sap-cloud-identity
  Please, find also the documentation about social login implementation:
  Enable or Disable Social Sign-On for an Application
  Best regards,
  Donka Dimitrova

• Configuring Single Sign On (SSO) in JAAS

  Hi All,
  I am trying to configure SSO in JBoss . I have my custom LoginModules which I have configured in login-config.xml
  <application-policy name="LoginModule1">
     <authentication>
         <login-module code="com.MyLoginModule" flag="required">
         </login-module>
     </authentication>
  </application-policy>
  <application-policy name="LoginModule2">
     <authentication>
         <login-module code="com.MyLoginModule" flag="required">
              <module-option name="useSharedState">true</module-option>
         </login-module>
     </authentication>
  </application-policy>The name of my web applications are sso1 and sso2 . Both of them use the same instance of JBoss .
  I have also configured auth.conf
  sso1 {
  com.MyLoginModule required;
  sso2 {
  com.MyLoginModule required  useSharedState=true;
  };I am logging in to sso1 and their I am checking
  if user is logged in , if not then user is presented with login page .
  The username and passwords are checked and then user is forwaded to
  next page .
  The MyLoginModule code is :
  if ("true".equalsIgnoreCase((String)this.options.get("useSharedState")))
       userName = (String)this.sharedState.get("javax.security.auth.login.name");
       password = (String)this.sharedState.get("javax.security.auth.login.password");
  } else {
       userName = request.getParameter("userName");
       password = request.getParameter("password");
       //save the username and password into the shared state
       this.sharedState.put("javax.security.auth.login.name",userName);
       this.sharedState.put("javax.security.auth.login.password",password);
  }     when user logs in for the first time the
  username and password is put into sharedstate . Now when I fwd the user
  to sso2 application , MyLoginModule again comes into action , the 'if'
  part of the code is executed but the
  this.sharedState.get("javax.security.auth.login.name") or
  this.sharedState.get("javax.security.auth.login.password") returns null
  I have configured the jboss-web.xml also in respective webapps.
  <jboss-web>
  <security-domain>java:/jaas/LoginModule1</security-domain>
  <context-root>/sso1</context-root>
  </jboss-web>
  <jboss-web>
  <security-domain>java:/jaas/LoginModule2</security-domain>
  <context-root>/sso2</context-root>
  </jboss-web>Also server.xml is configured properly
  <Valve className="org.apache.catalina.authenticator.SingleSignOn" />     Any idea whats failing ?

  Hi All,
  I am trying to configure SSO in JBoss . I have my custom LoginModules which I have configured in login-config.xml
  <application-policy name="LoginModule1">
     <authentication>
         <login-module code="com.MyLoginModule" flag="required">
         </login-module>
     </authentication>
  </application-policy>
  <application-policy name="LoginModule2">
     <authentication>
         <login-module code="com.MyLoginModule" flag="required">
              <module-option name="useSharedState">true</module-option>
         </login-module>
     </authentication>
  </application-policy>The name of my web applications are sso1 and sso2 . Both of them use the same instance of JBoss .
  I have also configured auth.conf
  sso1 {
  com.MyLoginModule required;
  sso2 {
  com.MyLoginModule required  useSharedState=true;
  };I am logging in to sso1 and their I am checking
  if user is logged in , if not then user is presented with login page .
  The username and passwords are checked and then user is forwaded to
  next page .
  The MyLoginModule code is :
  if ("true".equalsIgnoreCase((String)this.options.get("useSharedState")))
       userName = (String)this.sharedState.get("javax.security.auth.login.name");
       password = (String)this.sharedState.get("javax.security.auth.login.password");
  } else {
       userName = request.getParameter("userName");
       password = request.getParameter("password");
       //save the username and password into the shared state
       this.sharedState.put("javax.security.auth.login.name",userName);
       this.sharedState.put("javax.security.auth.login.password",password);
  }     when user logs in for the first time the
  username and password is put into sharedstate . Now when I fwd the user
  to sso2 application , MyLoginModule again comes into action , the 'if'
  part of the code is executed but the
  this.sharedState.get("javax.security.auth.login.name") or
  this.sharedState.get("javax.security.auth.login.password") returns null
  I have configured the jboss-web.xml also in respective webapps.
  <jboss-web>
  <security-domain>java:/jaas/LoginModule1</security-domain>
  <context-root>/sso1</context-root>
  </jboss-web>
  <jboss-web>
  <security-domain>java:/jaas/LoginModule2</security-domain>
  <context-root>/sso2</context-root>
  </jboss-web>Also server.xml is configured properly
  <Valve className="org.apache.catalina.authenticator.SingleSignOn" />     Any idea whats failing ?