In this article, I will discuss about the concept of Partner Profile in the OIF configuration.
any Federation runtime operation between OIF (as an IdP or SP) and
remote partners, numerous configuration properties are evaluated that
will affect how OIF will execute the operation.
of the configuration parameters driving the protocol exchange are
specific to the partner with which OIF is interacting (like how the
NameID should be populated if OIF acts as a SAML 2.0 IdP), while others
can be common to a group of partners (like whether or not to sign SAML
2.0 Assertions when OIF acts as an IdP).
of having each partner entry in the OIF configuration containing all
the OIF parameters required to perform the Federation runtime
operations, OIF makes use of a Partner Profile which:
- Contains a set of settings that are common to all partners referencing that partner profile
- Is specific to
- A type, either IdP or SP
- A protocol: SAML 2.0, SAML 1.1 or OpenID 2.0
Partner Profile in OIF typically contains configuration settings that
are generally not changed often and that are considered advanced. For
the day-to-day operations, the administration capabilities provided in
the OAM Administration Console or via the OIF WLST commands are enough
for most cases.
For advanced cases requiring configuration changes, an administrator would have the choice to:
- Either update the Partner configuration entry, so changes would only apply to the partner
- Or update the Partner Profile entry, so changes would apply to all partners bound to the Partner Profile
Important note: given the advanced nature of the configuration, Partner Profiles can only be managed via OIF WLST commands.