简体繁体 English

sso saml与weblogic和openam

[英]sso saml with weblogic and openam

原文 2014-05-15 13:59:38 9 2 weblogic/ single-sign-on/ saml-2.0/ openam

I'm trying to setup saml sso with openam and weblogic. 我正在尝试使用openam和weblogic设置saml sso。 The reason why I want to use saml is that I have multiple application where I can't change the web.xml to use the j2ee agent. 我之所以要使用saml是因为我有多个应用程序，无法更改web.xml以使用j2ee代理。

My question is if there is a good document explaining the setup with weblogic and openam. 我的问题是，是否有一个很好的文档说明了weblogic和openam的设置。 I have read several guides, but I'm still confused... Just looking for a good howto! 我已经阅读了几本指南，但是我还是很困惑……只是在寻找一个好的指导书！

My current setup is openam on tomcat installed on host1 weblogic installed on host2. 我当前的设置是在安装在host2上的host1 weblogic上安装的tomcat上的openam。 Webapp deployed on host2 在host2上部署的Webapp

So openam will be the IdP and weblogic will be the SP? 那么，openam将成为IdP，而weblogic将成为SP？ right? 对？ I have configured the openam hosted IdP. 我已经配置了openam托管的IdP。 I have added the saml identity asserter on weblogic and configured a web sso identity provider partner. 我已在weblogic上添加了saml身份声明器，并配置了一个Web sso身份提供程序合作伙伴。

2 个解决方案

You can configure WebLogic to enable SAML SSO implementation. 您可以配置WebLogic来启用SAML SSO实现。
This requires the following steps to be completed. 这需要完成以下步骤。

WebLogic and IDP(OpeanAM) should be coupled - you can register OpeanAM as an authentication service provider inside WebLogic container using the administration console. WebLogic和IDP（OpeanAM）应该耦合-您可以使用管理控制台将OpeanAM注册为WebLogic容器内的身份验证服务提供者。
This requires a SSL communication, hence ideally, it's better to install a SSL certificate inside the container. 这需要SSL通信，因此理想情况下，最好在容器内安装SSL证书。
WebLogic can be configured to implement SAML SP (Identity asserter and Assertion consumer) by configuring the required through the administration console. 通过在管理控制台中配置所需的WebLogic，可以将其配置为实现SAML SP（Identity断言和Assertion使用者）。
In fact it can be configured to work as a Credential mapper and Assertion receiver on the same way. 实际上，可以将其配置为以相同方式用作凭据映射器和声明接收器。

All these steps can be done inside a single WebLogic instance or between instances using a WebLogic federation. 所有这些步骤都可以在单个WebLogic实例内部或使用WebLogic联合的实例之间完成。

Please refer the below link for more details. 请参考以下链接以获取更多详细信息。

I don't think WebLogic itself can act as SAML SP. 我认为WebLogic本身不能充当SAML SP。 Every application has to implement an SAML SP. 每个应用程序都必须实现SAML SP。 Doing this via Spring Security SAML extension is quite neat. 通过Spring Security SAML扩展做到这一点非常整洁。 If you want more efforts look at the OpenAM Fedlet (it's also a lightweight SP). 如果您想付出更多努力，请查看OpenAM Fedlet（它也是轻量级的SP）。 However the sample app generated when creating the Fedlet is not too helpful. 但是，创建Fedlet时生成的示例应用程序并不太有用。 The 'Fedlet' is not the sample all ,but more or less the jars and metadata included in the sample app. “ Fedlet”不是全部示例，而是或多或少包含在示例应用程序中的jar和元数据。