Configuring WebLogic Server with IdP-Initiated SAML2 SSO (Doc ID 1262012.1)

Last updated on SEPTEMBER 13, 2023

Applies to:

Goal

The Security Assertion Markup Language (SAML) standard defines an XML-based framework for describing and exchanging security information between on-line business partners. This security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. The SAML standard defines precise syntax and rules for requesting, creating, communicating, and using these SAML assertions.

SAML system entities can operate in a variety of SAML roles which define the SAML services and protocol messages they will use and the types of assertions they will generate or consume. For example, to support Multi-Domain Single Sign-On (MDSSO, or often just SSO), SAML defines the roles called identity provider (IdP) and service provider (SP). At the heart of most SAML assertions is a subject (a principal is an entity that can be authenticated within the context of a particular security domain) about which something is being asserted.

In an Identity Provider initiated (IdP-initiated) SSO use case, the IdP is configured with specialized links that refer to the desired service providers. These links actually refer to the local IdP's Single Sign-On Service and pass parameters to the service identifying the remote Service Provider (SP). So instead of visiting the SP directly, the user accesses the IdP site and clicks on one of the links to gain access to the remote SP. This triggers the creation of a SAML assertion that will be transported to the service provider.

This article describes how to configure IdP-initiated SSO using SAML2 when:

• WebLogic Server acts as the Identity Provider (IdP) and
• WebLogic Server acts as the Service Provider (SP)

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.