By Damien Carru on May 14, 2014
In this article, I will discuss about the concept of Partner Profile in the OIF configuration.
During any Federation runtime operation between OIF (as an IdP or SP) and remote partners, numerous configuration properties are evaluated that will affect how OIF will execute the operation.
Some of the configuration parameters driving the protocol exchange are specific to the partner with which OIF is interacting (like how the NameID should be populated if OIF acts as a SAML 2.0 IdP), while others can be common to a group of partners (like whether or not to sign SAML 2.0 Assertions when OIF acts as an IdP).
Instead of having each partner entry in the OIF configuration containing all the OIF parameters required to perform the Federation runtime operations, OIF makes use of a Partner Profile which:
- Contains a set of settings that are common to all partners referencing that partner profile
- Is specific to
- A type, either IdP or SP
- A protocol: SAML 2.0, SAML 1.1 or OpenID 2.0
A Partner Profile in OIF typically contains configuration settings that are generally not changed often and that are considered advanced. For the day-to-day operations, the administration capabilities provided in the OAM Administration Console or via the OIF WLST commands are enough for most cases.
For advanced cases requiring configuration changes, an administrator would have the choice to:
- Either update the Partner configuration entry, so changes would only apply to the partner
- Or update the Partner Profile entry, so changes would apply to all partners bound to the Partner Profile
Important note: given the advanced nature of the configuration, Partner Profiles can only be managed via OIF WLST commands.[Read More]