My Oracle Support Banner

Configure SAML2.0 on Billing Care (Doc ID 2452186.1)

Last updated on FEBRUARY 28, 2019

Applies to:

Oracle Communications Billing and Revenue Management - Version 7.5.0.19.0 and later
Information in this document applies to any platform.

Purpose

Please find the steps to configure SAML (Security Assertion Markup Language) for BillingCare followed by the answer to the question regarding LDAP configuration.

Following are the steps involved in Configuring service provider:

1)  Create a SAML2.0 Assertion provider
2)  Create a SAML Authenticator
3)  Perform the SAML2.0 general configurations
4)  Configure the SAM2.0 Service Provider
5)  Publish the Service Provider metadata if your Identity Provider requires it
6)  Identity Provider Configurations
7)  Update the deployment plan of the Billing Care Application


1)  Create a SAML2.0 Assertion provider
=========================================
.  Login to the BillingCare weblogic domain console
.  Go to Security Realms -> myrealm -> Providers -> Authentication
.  Click on New and create a SAML2IdentityAsserter with the name samlBC
.  Restart weblogic
.  Open the samlBC Configuration after weblogic restart and go to the Management tab
.  Create a New Web Single Sign-On Identity Provider Partner with the name WebSSO-IdP-Partner-1
.  Import the IDP (Identity Provider) metadata XML to create the partner configuration and click on OK
.  Click on the newly created WebSSO-IdP-Partner-1 and verify the IDP details by checking the Site Info and the Single Sign-On Signing Certificate tabs
.  Check the Enabled, Virtual user, and Process Attributes flags in the General section of the WebSSO-IdP-Partner-1
.  Populate the Redirect URIs with /bc/* and click on Save

2)  Create a SAML Authenticator
============================================
.  Go to Security Realms -> myrealm -> Providers -> Authentication
.  Click on New and create a SAMLAuthenticator with the name samlBCAuth
.  Open the newly created samlBCAuth and modify the Control Flag to SUFFECIENT
.  Modify the Control Flag of the DefaultAuthenticator to SUFFECIENT
.  Reorder the providers in the following order:
   samlBCAuth
   samlBC
   DefaultAuthenticator
   DefaultIdentityAsserter

3)  Perform the SAML2.0 general configurations
=============================================
.  Go to Environment -> Servers -> AdminServer -> Federation Services -> SAML2.0 General
.  Fill in the following details:
    Published Site URL - http://<HOSTNAME>:<PORT>/saml2
    Entity ID: samlBC

4)  Configure the SAM2.0 Service Provider
========================================
.  Go to Environment -> Servers -> AdminServer -> Federation Services -> SAML2.0 Service Provider
.  Check the Enabled flag
.  Set the Preferred Binding as POST
.  Configure the Default URL as http://<HOSTNAME>:<PORT>/bc/login.html
.  Restart weblogic

5)  Publish the Service Provider metadata if your Identity Provider requires it
===============================================================================
.  Go to Environment -> Servers -> AdminServer -> Federation Services -> SAML2.0 General
.  Click on Publish metadata
.  Save it a file sppmeta.xml

6)  Identity Provider Configurations
====================================
In the IDP, configure the Assertion Consumer URL as: http://<HOSTNAME>:<PORT>/saml2/sp/acs/post

7)  Update the deployment plan of the Billing Care Application
=======================================================================
 Create the following plan.xml:


In WebLogic Console:
===============
1.  Go to Deployments and check the check box next to BillingCare
2.  Click on update
3.  Click on the Change Path against Deployment plan path and upload the provided plan.xml and click on Next
4.  Select the option: Redeploy this application using the following deployment files and click on Next
5.  Click on Finish

Access the BillingCare URL
=================
http://<HOSTNAME>:<PORT>/bc

This should result in login page of the IDP to be displayed. Once the credentials are entered and you try to login, the BillingCare application should be displayed.

 

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Questions and Answers
 If SSO is already returning the required information in SAML2.0 response why the direct configuration to LDAP is required?
 
What all information of the users is pulled from LDAP?
Does OES pulls all the users into the LDAP?
 
Do we need to have webgate in place even if we use SAML2.0?
 
Is IDP-Initiated login supported?
 
Is HTTP Post Binding supported?
 
What user value is to pass as NameID?
 Any specific steps that we need to skip which are documented in installation doc?
 How to configure additional SAML Attributes (Optional)?
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.