Example: Exchange SAML metadata XMLs
The customer IdP system uses WebLogic SP metadata to identify and trust messages received from WFO. The metadata also provides the IdP system with the URL which WFO WebLogic SP listens to SAML-related requests.
Export the SAML metadata XML and send it to the customer. The customer then configures the IdP with this XML or configures the required IdP settings manually. Finally, the customer provides an IdP metadata XML.
Procedure- Microsoft ADFS
-
Export the SP metadata:
-
From the WebLogic Console left pane, select the Monitoring tree icon (third icon), Environment, Servers, and ProductionServer.
-
From the right pane:
-
Select SAML 2.0.
-
Select Publish Meta Data.
-
Save the published XML file in the WFO WebLogic domain root directory, or in any directory with write privileges granted to MSA (WebLogic does not use this file).
-
Open the published XML file in any XML format parser, and remove the XML node md:KeyDescriptor use='encryption'.
-
Send the published xml file to the IdP system manager.
-
-
-
Once the customer configures the IdP, obtain the SAML IdP metadata file from the customer.
-
Verify that the SAML IdP metadata file meets the following requirements:
-
If exists in the file, remove all the <SingleLogoutService> elements.
-
If exists in the file, remove the attributes index and isDefault from the <SingleSignOnService> element.
-
If the metadata is exported from Microsoft ADFS and contains the following sections, remove them:
Section starts with
Section ends with
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
</ds:Signature>
<RoleDescriptor xsi:type="fed:ApplicationServiceType"
</RoleDescriptor>
<RoleDescriptor xsi:type="fed:SecurityTokenServiceType"
</RoleDescriptor>
<SPSSODescriptor WantAssertionsSigned="true"
</SPSSODescriptor>
-
Procedure- Azure AD
-
To configure the SAML IdP, do the following:
-
Match the Entity ID value from Weblogic - SAML 2.0 General.
-
Replace the Assertion Consumer Service URL using: https://application/saml2/sp/acs/post
-