X

Deep dive into various configurations with Oracle Weblogic Server

Steps to configure SAML 2.0 with Okta as IDP and Weblogic as SP

Puneeth Prakash
Principal Software Engineer

Below are the steps to configure SAML 2.0 with Okta as Identity Provider and Weblogic as a Service Provider.

Okta IDP configuration :

Step 1 :

Log-in to your Okta subdomain homepage to access the Application Dashboard.

Now click on Applications -> Add Application -> Create New App -> select SAML 2.0 -> create


Step 2 :

Follow the on-screen instructions.

Create a SAML integration as shown below :

Enter the following :

Single sign on URL : <https://<weblogic_sp_hostname>:<port>/saml2/sp/acs/post

Use this for Recipient URL and Destination URL (check)

Audience URI : This would be the entity ID that you will be specifying in your WLS SP ( Make a NOTE of what you have entered here, we need to use the same in --> WLS console->Federation Services->SAML2 General-> EntityID)

NOTE :

- Unlike other SAML configurations we are not importing the SP metadata into Okta IDP, instead we fill-in the above values manually.

- Hence it is important to make a NOTE of the Audience URI (i.e SP entity ID) and use the same in Weblogic SP configuration.


Step 3 :

We have successfully created a SAML Integration, now lets download the IDP metadata (say Okta_IDP_for_WLS-metadata.xml) from the Sign On sub-tab :

Step 4 :

Go to People sub-tab and assign users to your application :

Step 5 :

Click on the General sub-tab and validate your IDP configuration.

Step 6 :

Login to Okta with the user who was assigned this application :

Your Okta IDP configuration is now complete, lets configure Weblogic as a SAML Service Provider.

Weblogic SAML SP configuration :

Step 1 :

Login to Weblogic console -> Security Realms -> myrealm -> Providers -> Authentication -> new -> SAML2IdentityAsserter

Step 2 :

Click on the newly created SAML2IdentityAsserter (say SAML2IA) -> Management -> new -> "new Web Single Sign-On Identity Provider Partner" (say WebSSO-IdP-Partner-0)

Select the metadata.xml file that you downloaded from Okta (say Okta_IDP_for_WLS-metadata.xml)

Step 3 :

Click on the newly created IDP partner and enter the following :

Enable (check)

Redirect URIs : /Weblogic_SP_sample_App/restricted/protected_page.jsp

Step 4 :

Click on the Server (where the IDP application is deployed) -> Configuration -> Federation Services -> SAML 2.0 General -> and enter the following :

Publish Site URL : https://celbealnx1.us.oracle.com:8002/saml2

Entity ID : WLS_SP_for_Okta

Step 5 :

Click on Server (where the IDP application is deployed) -> Configuration -> Federation Services -> SAML 2.0 Service Provider -> and enter the following :

Enabled (check)

Preferred Binding : POST

Default URL : https://celbealnx1.us.oracle.com:8002/Weblogic_SP_sample_App/restricted/protected_page.jsp

You have successfully configured Okta IDP with Weblogic SP. Time to test it now :)

Deploy the sample application on Weblogic (Weblogic_SP_sample_App.zip)

DOWNLOAD  "Weblogic_SP_sample_App.zip"

Now open the Okta page -> click on the application and check if the protected page of application deployed on WLS is accessible.


NOTE :

- Okta sends the login name (i.e email address) by default in the SAML token to Weblogic.

- If you want to retrieve the Firstname of the user to authenticate into the protected page of Weblogic SP application, then make the following changes in Okta :

Login to Okta dashboard as Admin -> Directory -> Profile Editor


Click on "Apps" -> "Mapping" next to your application


Click on "Okta to Okta_IDP_for_WLS" -> Select "firstName" from the dropdown -> "Apply mapping on user create and update" -> "Save mapping"

Now test your application...!!!


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.