Original Publish date : 3/31/2015
Configure SAML SSO with Weblogic as mentioned in the following blog post :
Lets test the IDP initiated SSO first :
In the source application if you have an <auth-method> set to form then you would get a custom form login page.
web.xml :
<auth-method>CLIENT-CERT,FORM</auth-method>
<realm-name>myrealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/fail_login.htm</form-error-page>
</form-login-config>
</login-config>
Example :
When you try an SP initiated SSO, i.e you access a destination application – you get a basic challenge (from IDP) asking for the username and password.
This basic challenge is from the default saml2.war application located in ” <Oracle_Home>/wlserver/server/lib “
web.xml file is as follows :
<login-config>
<auth-method>BASIC_PLAIN</auth-method>
</login-config>
You can esit the web.xml file of the default saml2.war application and change the auth-method to FORM to get a form login.
However, Oracle doesnot recommend editing the default saml2.war file.
The goal of this document is to configure a custom login page instead of a basic challenge.
Below are the steps :
– Download the sample CustomLogin application from the link below :
– Deploy this application in your IDP domain.
– Login to Weblogic console on IDP domain -> <server> -> Federation Services -> SAML 2.0 Identity Provider -> Login Customized ( enable )
Login URL: /CustomLogin/saml2login
– Now test an SP initiated SSO, you should see a CustomLogin page ( FORM page ) from the CustomLogin.war application.
