Steps to configure SAML 2.0 with Infisign as IDP and Weblogic as SP



Below are the steps to configure SAML 2.0 with Infisign  as Identity Provider and Weblogic as a Service Provider

.

Infisign IDP configuration :


Step 1 :


Log-in to your Infisign Superadmin account  and navigate to the Applications 

Now click on Applications -> Create App Registration -> select SAML 2.0 -> Click Next.



Step 2 :


Follow the on-screen instructions.

Create a SAML integration as shown below :


Enter the following :


App Intergation Name: WLS

App login  URL : <https://<weblogic_sp_hostname>:<port>/saml2/sp/acs/post


Entity Id : This would be the entity ID that you will be specifying in your WLS SP ( Make a NOTE of what you have entered here, we need to use the same in --> WLS console->Federation Services->SAML2 General-> EntityID)

NOTE :

- Unlike other SAML configurations we are not importing the SP metadata into Infisign IDP, instead we fill-in the above values manually.

-  Hence it is important to make a NOTE of the Audience URI (i.e SP entity ID) and use the same in Weblogic SP configuration.



Step 3 :

We have successfully created a SAML Integration, now lets download the IDP metadata (say INFSIGN_IDP_for_WLS-metadata.xml) from the Sign On sub-tab :



Your Infisign IDP configuration is now complete, lets configure Weblogic as a SAML Service Provider


Weblogic SAML SP configuration :


Step 1 :

Login to Weblogic console -> Security Realms -> myrealm -> Providers -> Authentication -> new -> SAML2IdentityAsserter.

Step 2 :

Click on the newly created SAML2IdentityAsserter (say SAML2IA) -> Management -> new -> "new Web Single Sign-On Identity Provider Partner" (say WebSSO-IdP-Partner-0).

Select the metadata.xml file that you downloaded from Infisign(say INFISIGN_IDP_for_WLS-metadata.xml)



Step 3 :

Click on the newly created IDP partner and enter the following :

Enable (check)

Redirect URIs : /Weblogic_SP_sample_App/restricted/protected_page.jsp


Step 4 :

Click on the Server (where the IDP application is deployed) -> Configuration -> Federation Services -> SAML 2.0 General -> and enter the following :

Publish Site URL : https://celbealnx1.us.oracle.com:8002/saml2

Entity ID : WLS_SP_for_Infisign


Step 5 :

Click on Server (where the IDP application is deployed) -> Configuration -> Federation Services -> SAML 2.0 Service Provider -> and enter the following :

Enabled (check)


Preferred Binding : POST

Default URL : 

https://celbealnx1.us.oracle.com:8002/Weblogic_SP_sample_App/restricted/protected_page.jsp

You have successfully configured Infisign IDP with Weblogic SP. Time to test it now :


Deploy the sample application on Weblogic (Weblogic_SP_sample_App.zip)

DOWNLOAD  "Weblogic_SP_sample_App.zip"

Now open the Infisign page -> click on the application and check if the protected page of application deployed on WLS is accessible.



NOTE :


- Infisign sends the login name (i.e email address) by default in the SAML token to Weblogic.

- If you want to retrieve the Firstname of the user to authenticate into the protected page of Weblogic SP application, then make the following changes in Infisign :

Login to Infisign dashboard as Admin -> Directory -> Profile Editor


Click on "Apps" -> "Mapping" next to your application


Click on "Infisign to Infisign_IDP_for_WLS" -> Select "firstName" from the dropdown -> "Apply mapping on user create and update" -> "Save mapping"


Now test your application!!

Still need help? Contact Us Contact Us