SSO with SAML & ADF Security

Posted by Edwin Biemond

In my previous blog I got Single Sign On working with J2EE container security. In this blog entry I got it also working with ADF Security. Just create a SAML source and destination site and follow these steps
Create a new relying party for the ADF Security Application on the SAML source site.

Go the WLS console of the Saml source server and go to the myrealm Security Realm
Go to providers -> Credential Mapping -> SAMLCredentialMapper
SAMLCredentialMapper -> Managment -> new Relying Party

Partner ID: rp_00004
Profile: Browser/POST
Target URL: http://localhost:7101/appC/adfAuthentication the url of ADF security servlet on the destination site
Assertion Consumer URL: https://localhost:7102/samlacs/acs
Assertion Consumer Parameters: APID=ap_00002

Saml Destination server , this is the WebLogic Server of the ADF Security Application
Go the myrealm Security Realm -> Providers -> Authentication and select the SAML Identity Assertion provider -> Management -> Asserting Party

Partner ID: ap_00002
Profile: Browser/POST
Target URL: http://localhost:7001/appA This is the main application on the SAML source site

Source Site Redirect URIs: /appC/adfAuthentication The url of ADF Security Servlet
Source Site ITS URL: https://localhost:7002/samlits_ba/its
Source Site ITS Parameters: RPID=rp_00004

On the main site you can add a link to the ADF Security application like this appC

And change login-conf in the web.xml of the ADF Security Application so it uses certificate auhtentication.

CLIENT-CERT
myrealm


The only thing that isn't working yet is the redirecting to the success url after the succesfull authentication by the ADF Security servlet.