{"id":13212,"date":"2020-01-02T21:31:13","date_gmt":"2020-01-02T20:31:13","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/"},"modified":"2020-01-02T21:31:13","modified_gmt":"2020-01-02T20:31:13","slug":"weblogic-server-automatic-silent-setup-of-a-saml2-sso","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/","title":{"rendered":"WebLogic Server – Automatic\/Silent setup of a SAML2 SSO"},"content":{"rendered":"

In a previous blog<\/a>, I explained how it is possible to create an LDAP\/LDAPs Authentication Provider on WebLogic. My initial goal wasn’t just to setup an LDAP\/LDAPs on WebLogic Server. That was only a first step needed in order to automate the setup of a SAML2 Single Sign-On linked with the authentication from a LDAPs. Therefore, in this blog, we will take a look at that second part. Just like for the LDAP Authentication Provider, there are plenty of examples on the internet to do just that but they are all always using the GUI. When I searched for it, I didn’t find even a single one explaining how it could be done without. Maybe there are some but if so, it looks like they are pretty well hidden. In addition to that, you might think about just recording the steps in the WebLogic Administration Console so that it would create you the needed WLST scripts (just like for the LDAPs provider creation). Unfortunately, it’s not that simple. Indeed, it doesn’t work for everything and in addition to that, most of the steps that will be needed are outside of an edit session and therefore can’t be recorded.<\/p>\n

In this blog, I will SAML 2.0 and I will assume that there is already an Identity Provider (“Server side<\/strong>“) that has been configured and I will configure a WebLogic Server (“Client side<\/strong>” = Service Provider) to use this Identity Provider using a WebSSO partner. In the WebLogic examples provided with the OFM full installation, there is a complete example for SAML2 on both Server and Client sides. For the Client side, they are however using a manual creation of the IdP Partner, importing the SSL Certificate, defining the URLs, aso… A simpler & faster approach is to use a metadata file that can be extracted\/exported from the Server side which contains all these information and then imported into the Client side. That’s what I will show below, so it is pretty different to what is done in the example.<\/p>\n

Alright, so the first thing to be done is to create a new Authentication Provider using the SAML2IdentityAsserter type. Because this change requires a full restart of the WebLogic Server, I usually do it with the LDAP Authentication Provider but for this example, I will split things and only talk about the SAML2 part. Just like in the previous blog, I will use a properties file and a WLST script. You can disregard the LDAP Authentication Providers parameters, they are only used for the LDAP part in the other blog, except ATN_NAME which I still used below but that’s only in case you do have a LDAP\/LDAPs Authentication Provider in addition to the SAML2 one that you want to create:<\/p>\n

[weblogic@weblogic-server-0 ~]$ cat domain.properties\n# AdminServer parameters\nCONFIG_FILE=\/home\/weblogic\/secure\/configfile.secure\nKEY_FILE=\/home\/weblogic\/secure\/keyfile.secure\nADMIN_URL=t3s:\/\/weblogic-server-0.domain.com:8443\n# LDAP Authentication Providers parameters\nATN_NAME=Internal_LDAP\nATN_FLAG=SUFFICIENT\nATN_HOST=ldap.domain.com\nATN_PORT=636\nATN_PRINCIPAL=ou=APP,ou=applications,ou=intranet,dc=dbi services,dc=com\nATN_CREDENTIAL=T3stP4ssw0rd\nATN_SSL=true\nATN_BASE_DN=ou=people,ou=intranet,dc=dbi services,dc=com\nATN_USER_FILTER=(&(uid=%u)(objectclass=person))\nATN_USER_CLASS=person\nATN_USER_AS_PRINCIPAL=true\nATN_GROUP_FILTER=(&(cn=%g)(objectclass=groupofuniquenames))\nATN_TIMEOUT=30\n# IdP Partner parameters\nIDA_NAME=APP_SAML2_IDAsserter\nIDP_NAME=APP_SAML2_IDPartner\nIDP_METADATA=\/home\/weblogic\/idp_metadata.xml\nIDP_ENABLED=true\nIDP_REDIRECT_URIS=['\/D2-01\/*','\/D2-02\/*']\n# Managed Servers SSO parameters\nSSO_MS=msD2-01,msD2-02\nSSO_URLS=https:\/\/lb_url1\/saml2,https:\/\/lb_url2\/saml2\nSSO_ENTITY_IDS=APP_SAML2_Entity_ID_01,APP_SAML2_Entity_ID_02\nSSO_SP_ENABLED=true\nSSO_SP_BINDING=HTTP\/POST\n[weblogic@weblogic-server-0 ~]$\n[weblogic@weblogic-server-0 ~]$\n[weblogic@weblogic-server-0 ~]$ cat createSAML2AuthenticationProviders.wlst\n##################################################################\n#\n# Authors: Morgan Patou    \n# Version: 1.4 - 30\/08\/2019\n#\n# File: createSAML2AuthenticationProviders.wlst\n# Purpose: Script to create SAML2 Authentication Providers\n# Parameters: input properties file (optional)\n# Output:\n#\n##################################################################\n\n# Get operating system (for vars)\nimport os\n\n# Read the domain properties file\ntry:\n  if len(sys.argv) == 2:\n    domainProperties=sys.argv[1]\n  else:\n    domainProperties=os.path.realpath(os.path.dirname(sys.argv[0])) + \"\/domain.properties\"\n  loadProperties(domainProperties)\n  print \">>> Loaded the properties file: \" + domainProperties\n  print\n\nexcept:\n  exit(exitcode=1)\n\ntry:\n  redirect('\/dev\/null','false')\n  # Connect to AdminServer\n  connect(userConfigFile=CONFIG_FILE,userKeyFile=KEY_FILE,url=ADMIN_URL)\n  print \">>> Connected to the AdminServer.\"\n\n  # Start Edit Session\n  edit()\n  startEdit()\n  stopRedirect()\n  print \">>> Edit Session started.\"\n\n  # Get default Realm\n  realm=cmo.getSecurityConfiguration().getDefaultRealm()\n\n  # Create Authentication Providers\n  saml2IdA=realm.lookupAuthenticationProvider(IDA_NAME)\n  if saml2IdA != None:\n    realm.destroyAuthenticationProvider(saml2IdA)\n  saml2IdA=realm.createAuthenticationProvider(IDA_NAME,'com.bea.security.saml2.providers.SAML2IdentityAsserter')\n  print \">>> Authentication Provider created.\"\n\n  # Reorder Authentication Providers\n  defaultAtn=realm.lookupAuthenticationProvider('DefaultAuthenticator')\n  defaultIdA=realm.lookupAuthenticationProvider('DefaultIdentityAsserter')\n  iplanetAtn=realm.lookupAuthenticationProvider(ATN_NAME)\n  realm.setAuthenticationProviders(jarray.array([saml2IdA,iplanetAtn,defaultAtn,defaultIdA],weblogic.management.security.authentication.AuthenticationProviderMBean))\n  print \">>> Authentication Providers re-ordered.\"\n\nexcept Exception, e:\n  print \"ERROR... check error messages for cause.\"\n  print e\n  exit(exitcode=1)\n\nredirect('\/dev\/null','false')\nsave()\nactivate()\ndisconnect()\nexit(exitcode=0)\n[weblogic@weblogic-server-0 ~]$<\/pre>\n
 <\/p>\n
So let’s execute this script then:<\/p>\n
[weblogic@weblogic-server-0 ~]$ ls\nconfigServiceProviders.wlst  createSAML2AuthenticationProviders.wlst  createWebSSOIdPPartners.wlst  domain.properties  idp_metadata.xml\n[weblogic@weblogic-server-0 ~]$\n[weblogic@weblogic-server-0 ~]$ $ORACLE_HOME\/oracle_common\/common\/bin\/wlst.sh createSAML2AuthenticationProviders.wlst\n\nInitializing WebLogic Scripting Tool (WLST) ...\n\nWelcome to WebLogic Server Administration Scripting Shell\n\nType help() for help on available commands\n\n>>> Loaded the properties file: \/home\/weblogic\/domain.properties\n>>> Connected to the AdminServer.\n>>> Edit Session started.\n>>> Authentication Provider created.\n>>> Authentication Providers re-ordered.\n[weblogic@weblogic-server-0 ~]$<\/pre>\n
 <\/p>\n
As mentioned previously, you will need to restart the WebLogic Domain at this point. Once done, you can continue with the next part which is to create the IdP Partner. Using the same properties file and another WLST script:<\/p>\n
[weblogic@weblogic-server-0 ~]$ cat createWebSSOIdPPartners.wlst\n##################################################################\n#\n# Authors: Morgan Patou    \n# Version: 1.4 - 30\/08\/2019\n#\n# File: createWebSSOIdPPartners.wlst\n# Purpose: Script to create a WebSSO IdP Partner\n# Parameters: input properties file (optional)\n# Output:\n#\n##################################################################\n\n# Get operating system (for vars)\nimport os\n\n# Read the domain properties file\ntry:\n  if len(sys.argv) == 2:\n    domainProperties=sys.argv[1]\n  else:\n    domainProperties=os.path.realpath(os.path.dirname(sys.argv[0])) + \"\/domain.properties\"\n  loadProperties(domainProperties)\n  print \">>> Loaded the properties file: \" + domainProperties\n  print\n\nexcept:\n  exit(exitcode=1)\n\ntry:\n  redirect('\/dev\/null','false')\n  # Connect to AdminServer\n  connect(userConfigFile=CONFIG_FILE,userKeyFile=KEY_FILE,url=ADMIN_URL)\n  print \">>> Connected to the AdminServer.\"\n  stopRedirect()\n\n  # Get default Realm\n  realm=cmo.getSecurityConfiguration().getDefaultRealm()\n\n  # Config Web SSO IdP Partner\n  saml2IdA=realm.lookupAuthenticationProvider(IDA_NAME)\n  if saml2IdA != None:\n    if saml2IdA.idPPartnerExists(IDP_NAME):\n      saml2IdA.removeIdPPartner(IDP_NAME)\n    idpPartner=saml2IdA.consumeIdPPartnerMetadata(IDP_METADATA)\n    idpPartner.setName(IDP_NAME)\n    idpPartner.setEnabled(Boolean(IDP_ENABLED))\n    idpPartner.setRedirectURIs(array(eval(IDP_REDIRECT_URIS),java.lang.String))\n    saml2IdA.addIdPPartner(idpPartner)\n  print \">>> Web SSO IdP Partner created.\"\n\nexcept Exception, e:\n  print \"ERROR... check error messages for cause.\"\n  print e\n  exit(exitcode=1)\n\nredirect('\/dev\/null','false')\ndisconnect()\nexit(exitcode=0)\n[weblogic@weblogic-server-0 ~]$<\/pre>\n
 <\/p>\n
As you can see above, this one doesn’t require an edit session and therefore can’t be recorded. The key part above is the “consumeIdPPartnerMetadata(…)<\/strong>” method which is loading the metadata file that was generated by the Identity Provider (“Server side<\/strong>“). It will take care of setting up the SSL Certificate for the Identity Provider as well as all the usable URLs, aso… The path and name of this input metadata file can be found in the properties file. The execution of the WLST is simple and smooth:<\/p>\n
[weblogic@weblogic-server-0 ~]$ $ORACLE_HOME\/oracle_common\/common\/bin\/wlst.sh createWebSSOIdPPartners.wlst\n\nInitializing WebLogic Scripting Tool (WLST) ...\n\nWelcome to WebLogic Server Administration Scripting Shell\n\nType help() for help on available commands\n\n>>> Loaded the properties file: \/home\/weblogic\/domain.properties\n>>> Connected to the AdminServer.\n>>> Web SSO IdP Partner created.\n[weblogic@weblogic-server-0 ~]$<\/pre>\n
 <\/p>\n
The next step is then to configure your Managed Servers by creating the Service Providers, defining the published URL, the Entity ID and other parameters. Then generate an output metadata file for each of your Managed Servers. These output metadata files will need to be imported into the Identity Provider to close the SAML2 SSO chain. Again a new WLST script for this last part:<\/p>\n
[weblogic@weblogic-server-0 ~]$ cat configServiceProviders.wlst\n##################################################################\n#\n# Authors: Morgan Patou    \n# Version: 1.4 - 30\/08\/2019\n#\n# File: configServiceProviders.wlst\n# Purpose: Script to configure SSO Service Providers\n# Parameters: input properties file (optional)\n# Output:\n#\n##################################################################\n\n# Get operating system (for vars)\nimport os\n\n# Read the domain properties file\ntry:\n  if len(sys.argv) == 2:\n    domainProperties=sys.argv[1]\n  else:\n    domainProperties=os.path.realpath(os.path.dirname(sys.argv[0])) + \"\/domain.properties\"\n  loadProperties(domainProperties)\n  print \">>> Loaded the properties file: \" + domainProperties\n  print\n\nexcept:\n  exit(exitcode=1)\n\ntry:\n  redirect('\/dev\/null','false')\n  # Connect to AdminServer\n  connect(userConfigFile=CONFIG_FILE,userKeyFile=KEY_FILE,url=ADMIN_URL)\n  print \">>> Connected to the AdminServer.\"\n\n  # Start Edit Session\n  edit()\n  startEdit()\n  stopRedirect()\n  print \">>> Edit Session started.\"\n\n  # Config SSO Service Providers\n  publishedSiteURLs=SSO_URLS.split(',')\n  entityIDs=SSO_ENTITY_IDS.split(',')\n  id=0\n  for ssoServerName in SSO_MS.split(','):\n    ssoServer=cmo.lookupServer(ssoServerName)\n    ssoService=ssoServer.getSingleSignOnServices()\n    ssoService.setPublishedSiteURL(publishedSiteURLs[id])\n    ssoService.setEntityID(entityIDs[id])\n    ssoService.setServiceProviderEnabled(Boolean(SSO_SP_ENABLED))\n    ssoService.setServiceProviderPreferredBinding(SSO_SP_BINDING)\n    id=id+1\n  print \">>> SSO Service Providers configured.\"\n\nexcept Exception, e:\n  print \"ERROR... check error messages for cause.\"\n  print e\n  exit(exitcode=1)\n\nredirect('\/dev\/null','false')\nsave()\nactivate()\n\ntry:\n  # Start Runtime Session\n  domainRuntime()\n  stopRedirect()\n  print \">>> Runtime Session started.\"\n\n  # Export Service Providers metadata\n  for ssoServerName in SSO_MS.split(','):\n    cd('\/ServerRuntimes\/'+ssoServerName)\n    cmo.getSingleSignOnServicesRuntime().publish('\/tmp\/'+ssoServerName+'_sp_metadata.xml',false)\n  print \">>> Service Providers metadata files exported.\"\n\nexcept Exception, e:\n  print \"ERROR... check error messages for cause.\"\n  print e\n  exit(exitcode=1)\n\nredirect('\/dev\/null','false')\ndisconnect()\nexit(exitcode=0)\n[weblogic@weblogic-server-0 ~]$<\/pre>\n
 <\/p>\n
So as mentioned above, the first section is looping on the Managed Servers list from the parameters to configure the SAML2 SSO for all of them. This part requires an edit session. The second section is doing the export of the Service Providers metadata files under \/tmp and this doesn’t need any edit session, it needs to be done with a runtime session instead. Again, the execution:<\/p>\n
[weblogic@weblogic-server-0 ~]$ $ORACLE_HOME\/oracle_common\/common\/bin\/wlst.sh configServiceProviders.wlst\n\nInitializing WebLogic Scripting Tool (WLST) ...\n\nWelcome to WebLogic Server Administration Scripting Shell\n\nType help() for help on available commands\n\n>>> Loaded the properties file: \/home\/weblogic\/domain.properties\n>>> Connected to the AdminServer.\n>>> Edit Session started.\n>>> SSO Service Providers configured.\n>>> Runtime Session started.\n>>> Service Providers metadata files exported.\n[weblogic@weblogic-server-0 ~]$\n[weblogic@weblogic-server-0 ~]$ ls \/tmp\/*metadata.xml\n\/tmp\/msD2-01_sp_metadata.xml  \/tmp\/msD2-02_sp_metadata.xml\n[weblogic@weblogic-server-0 ~]$<\/pre>\n
 <\/p>\n
At that point, the WebLogic Server acting as Service Provider is fully configured. You can now transfer these metadata files to the Identity Provider side and import them there.<\/p>\n
There is one last thing that I didn’t talk about and that’s the configuration of the Application itself, if needed, to use the SAML2 SSO. In the case of Documentum D2, it does support the LDAP + SAML2 SSO, you just have to have some basic configuration in the web.xml and weblogic.xml. There is an example I wrote a little bit more than two years ago: here<\/a>.<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
In a previous blog, I explained how it is possible to create an LDAP\/LDAPs Authentication Provider on WebLogic. My initial goal wasn’t just to setup an LDAP\/LDAPs on WebLogic Server. That was only a first step needed in order to automate the setup of a SAML2 Single Sign-On linked with the authentication from a LDAPs. […]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[197],"tags":[60,1229,872,1417,445,647],"type_dbi":[],"class_list":["post-13212","post","type-post","status-publish","format-standard","hentry","category-application-integration-middleware","tag-12c","tag-saml2","tag-server","tag-silent","tag-sso","tag-weblogic"],"acf":[],"yoast_head":"\nWebLogic Server - Automatic\/Silent setup of a SAML2 SSO - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WebLogic Server - Automatic\/Silent setup of a SAML2 SSO\" \/>\n<meta property=\"og:description\" content=\"In a previous blog, I explained how it is possible to create an LDAP\/LDAPs Authentication Provider on WebLogic. My initial goal wasn’t just to setup an LDAP\/LDAPs on WebLogic Server. That was only a first step needed in order to automate the setup of a SAML2 Single Sign-On linked with the authentication from a LDAPs. […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-02T20:31:13+00:00\" \/>\n<meta name=\"author\" content=\"Morgan Patou\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MorganPatou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Morgan Patou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/\"},\"author\":{\"name\":\"Morgan Patou\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"headline\":\"WebLogic Server – Automatic\\\/Silent setup of a SAML2 SSO\",\"datePublished\":\"2020-01-02T20:31:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/\"},\"wordCount\":853,\"commentCount\":0,\"keywords\":[\"12c\",\"SAML2\",\"server\",\"Silent\",\"SSO\",\"WebLogic\"],\"articleSection\":[\"Application integration & Middleware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/\",\"name\":\"WebLogic Server - Automatic\\\/Silent setup of a SAML2 SSO - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"datePublished\":\"2020-01-02T20:31:13+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WebLogic Server – Automatic\\\/Silent setup of a SAML2 SSO\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/c4d05b25843a9bc2ab20415dae6bd2d8\",\"name\":\"Morgan Patou\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"caption\":\"Morgan Patou\"},\"description\":\"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex & critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\\\/Banking, and the Pharmaceutical industry.\",\"sameAs\":[\"https:\\\/\\\/blog.dbi-services.com\\\/author\\\/morgan-patou\\\/\",\"https:\\\/\\\/x.com\\\/MorganPatou\"],\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/morgan-patou\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"WebLogic Server - Automatic\/Silent setup of a SAML2 SSO - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/","og_locale":"en_US","og_type":"article","og_title":"WebLogic Server - Automatic\/Silent setup of a SAML2 SSO","og_description":"In a previous blog, I explained how it is possible to create an LDAP\/LDAPs Authentication Provider on WebLogic. My initial goal wasn’t just to setup an LDAP\/LDAPs on WebLogic Server. That was only a first step needed in order to automate the setup of a SAML2 Single Sign-On linked with the authentication from a LDAPs. […]","og_url":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/","og_site_name":"dbi Blog","article_published_time":"2020-01-02T20:31:13+00:00","author":"Morgan Patou","twitter_card":"summary_large_image","twitter_creator":"@MorganPatou","twitter_misc":{"Written by":"Morgan Patou","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/"},"author":{"name":"Morgan Patou","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"headline":"WebLogic Server – Automatic\/Silent setup of a SAML2 SSO","datePublished":"2020-01-02T20:31:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/"},"wordCount":853,"commentCount":0,"keywords":["12c","SAML2","server","Silent","SSO","WebLogic"],"articleSection":["Application integration & Middleware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/","url":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/","name":"WebLogic Server - Automatic\/Silent setup of a SAML2 SSO - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2020-01-02T20:31:13+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/weblogic-server-automatic-silent-setup-of-a-saml2-sso\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"WebLogic Server – Automatic\/Silent setup of a SAML2 SSO"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8","name":"Morgan Patou","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","caption":"Morgan Patou"},"description":"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex & critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.","sameAs":["https:\/\/blog.dbi-services.com\/author\/morgan-patou\/","https:\/\/x.com\/MorganPatou"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/13212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=13212"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/13212\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=13212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=13212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=13212"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=13212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}