Monday Mar 31, 2014

Using Test SP App in OIF/ SP

In this article, I will talk about how to enable and use the Test SP Application in OIF/SP, which is very useful when OIF is an SP and Federation agreements are set up. It provides the following capabilities:

  • Test the Federation SSO flows
  • Verify if the mapping rules work
  • See which attributes are sent by the IdP, how they are named and how they are processed by OIF/SP
  • See the Federation token (SAML Assertion or OpenID SSO Response)

This tool is very useful to diagnose issues in the SAML/OpenID flows, before rolling Federation SSO out.

This is a Web Application that will exercise the SP functionality of OIF via a browser without creating any OAM session:

  • The application is accessed via a browser
  • Federation SSO is started with the specified IdP
  • You authenticate at the IdP
  • OIF/SP processes the SAML Assertion / OpenID SSO response
  • The application displays the result and SAML Assertion / OpenID SSO response
[Read More]

Friday Mar 28, 2014

Create SAML 1.1 / OpenID 2.0 IdP Partners in OIF/ SP

This article is a continuation of my previous entry where I discussed how to create SAML 2.0 IdP Partners in OIF/SP. In this article, I will cover how to set up a Federation agreement between OIF acting as an SP and a remote IdP Partner via the SAML 1.1 or OpenID 2.0 protocols:

  • Set up a remote SAML 1.1 IdP Partner
  • Set up a remote OpenID 2.0 IdP Partner

The article will describe how to perform the above tasks either via the UI, or via the use of the OIF WLST commands.

[Read More]

Monday Mar 24, 2014

Create SAML 2.0 IdP Partners in OIF/ SP

After having discussed in previous articles how to manage OIF/IdP, I will cover the administration of OIF/SP. In this post, I will explain how to set up a Federation agreement between OIF acting as a SAML 2.0 SP and a remote SAML 2.0 IdP Partner, including:

  • Set up a remote SAML 2.0 IdP Partner with SAML 2.0 Metadata
  • Set up a remote SAML 2.0 IdP Partner without SAML 2.0 Metadata
  • Configuring OIF/SP to map an incoming SAML Assertion to an LDAP user

The article will describe how to perform the above tasks either via the UI, or via the use of the OIF WLST commands.

Enjoy the reading!

[Read More]

Friday Mar 21, 2014

Example: Sending Attributes with OIF/ IdP

In this article, I will cover two examples on how to configure OIF/IdP to send attributes:
  • Via the OAM Administration Console to send attributes to a SAML 2.0 SP Partner
  • Via the OIF WLST commands to send attributes to an OpenID 2.0 RP Partner
The sent attributes will be based on:
  • The LDAP user record (attributes, DN…)
  • The OAM user session (attributes, session count…)
  • The browser’s HTTP request (cookie, user-agent…)
Enjoy the reading![Read More]

Monday Mar 17, 2014

Sending Attributes with OIF/ IdP

In this article, I will cover how OIF can be easily configured to send attributes with the SSO Assertion to the partner during the Federation SSO operation. Those attributes can be set to data retrieved from:
  • The LDAP user record (attributes, DN…)
  • The OAM user session (attributes, session count…)
  • The browser’s HTTP request (cookie, user-agent…)

Note that configuring how SAML NameID values are set is similar to how attributes are configured in OIF.

Enjoy the reading!

[Read More]

Friday Mar 14, 2014

Create SAML 1.1 / OpenID 2.0 SP Partners in OIF/ IdP

This article is a continuation of my previous entry where I discussed how to create SAML 2.0 SP Partners in OIF/IdP. In this article, I will cover how to set up a Federation agreement between OIF acting as an IdP and a remote SP Partner via the SAML 1.1 or OpenID 2.0 protocols:

  • Set up a remote SAML 1.1 SP Partner
  • Set up a remote OpenID 2.0 SP Partner

The article will describe how to perform the above tasks either via the UI, or via the use of the OIF WLST commands.

[Read More]

Monday Mar 10, 2014

Creating SAML 2.0 SP Partners in OIF / IdP

In this article, I will discuss about the various kinds of information one has to know in order to be able to set up a Federation agreement between OIF acting as a SAML 2.0 IdP and a remote SAML 2.0 SP Partner, including:

  • Set up a remote SAML 2.0 SP Partner with SAML 2.0 Metadata
  • Set up a remote SAML 2.0 SP Partner without SAML 2.0 Metadata

The article will describe how to perform the above tasks either via the UI, or via the use of the OIF WLST commands.

Enjoy the reading!

[Read More]

Tuesday Mar 04, 2014

Key and Certificate Management/Rollover in OIF/STS

As part of the Federation and WS-Trust protocol interaction, OIF/OSTS will need to use PKI Keys and Certificates for non repudiation and integrity via the use of digital signatures and confidentiality via digital encryption.

In this article, I discuss about the Keys and Certificates management, including how to:

  • Generate new keys and certificates
  • Configure OIF and OSTS to use the new keys and certificates
  • Implement a key rollover on a per partner basis
  • Distribute the new certificates to partners
[Read More]
About

Damien Carru is a member of the Oracle Identity Management organization, focusing on Federation and SSO. This blog will cover Federation use cases involving Oracle Access Manager, Oracle Identity Federation and Oracle Security Token Service

Search

Categories
Archives
« March 2014 »
SunMonTueWedThuFriSat
      
1
2
3
5
6
7
8
9
11
12
13
15
16
18
19
20
22
23
25
26
27
29
30
     
Today