It's all about Weblogic..!!!

January 15, 2011

Steps to configure SAML 2 on Weblogic Server 10.3.0

Filed under: Security — streethawkz @ 12:56 pm

 

To setup SAML 2 with Weblogic 10.3.0 we need to create a security database even before creating domain.

Steps to use a pointbase database provided with Weblogic Installation :

  • Copy ” pbembedded.lic ” located in ” C:\bea10.3\wlserver_10.3\common\eval\pointbase\lib ” to ” C:\bea10.3\wlserver_10.3\common\eval\pointbase\tools “
  • We need to create two security database – one for the source side domain and another for the destination end domain.
  • Now start the PointBase server ( run ” startPointBase.cmd ” located in ” C:\bea10.3\wlserver_10.3\common\eval\pointbase\tools “
  • Start the PointBase console  ( run ” startPointBaseConsole.cmd ” located in ” C:\bea10.3\wlserver_10.3\common\eval\pointbase\tools “Login using the user name ” EXAMPLES ” and password ” EXAMPLES “, as shown below :

 

 

 

 

 

 

 

  • Now lets create a database table using the sample ” rdbms_security_store_pointbase.sql ” located in ” C:\bea10.3\wlserver_10.3\server\lib “

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Now we need to create another database using the user name ” PUBLIC ” and password ” PUBLIC “

 

 

 

 

 

 

 

 

 

 

 

 

 

We have successfully created two security database, lets create the domains now, namely :

saml_2_source_post – Admin Server running on 7001 ( http ) and 7002 ( https )
saml_2_destination_post – Admin Server running on 7003 ( http ) and 7004 ( https )

  • Run the ” Configuration Wizard ” On the ” Customize Environment and Services Settings ” screen select the option ” Yes “

 

 

 

 

 

 

 

  • Select the option “I want to create, change, or remove RDBMS support” and make the changes as shown in the figure below, and also click on ” Test Connection ” button to make sure that the database is configured properly.

 

 

 

 

 

 

 

 

  • Configure SSL on both the domians, below is a link which talks about configuring ” Custom Identity and Custom Trust ” :

Link : http://wls4mscratch.wordpress.com/2010/06/08/steps-to-configure-custom-identity-custom-trust-on-wls/

 

SAML Souce site configuration :

  • We need to configure ” Credential Mapper ” on the IDP end.
  • So to ” myrealm ” –> ” Providers ” –> ” Credential Mapping ” –> and add a ” SAML2CredentialMapper ” say ” SAML2_CredentialMapper ” as shown below :

 

 

 

 

 

 

 

Now click on the newly created SAML2CredentialMapper say ” SAML2_CredentialMapper ” and make the following changes :

  • Issuer URI : http://www.souresite.com/saml
  • Name Qualifier : sourcesite.com
  • Web Service Assertion Signing Key Alias : cooldragon
  • Web Service Assertion Signing Key Pass Phrase : **********
  • Please type again To confirm : *********

 

 

 

 

 

 

 

 

Click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 Identity Provider ” and make the following changes :

  • Enabled : check
  • Only Accept Signed Authentication Request : check
  • Preferred Binding : POST


 

 

 

 

 

 

 

 

 

  • Click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 General ” and make the following changes :

Replicated Cache Enabled – Uncheck

Contact Person Given Name

Contact Person Surname

Contact Person Type

Contact Person Company

Contact Person Telephone Number

Contact Person Email Address

Organization Name

Organization URL

Published Site URL : http://<SourceSiteDNSName&gt;:<PORT>/saml2

Entity ID : ( Source Domain name)

Single Sign-on Signing Key Alias

Single Sign-on Signing Key Pass Phrase

Confirm Single Sign-on Signing Key Pass Phrase


 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Save the changes and export the IDP metadata into a XML file –> Click on “ Publish Meta Data ” button. ( say idp_metadata.xml ). We need to copy this file to the destination domain later.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Destination Site Configuration :

 

Now we need to generate the SAML destination site ( SP ) metadata

  • Click on ” myrealm ” –> ” Providers ” –> ” Authentication ” –> new ” SAML2IdentityAsserter “ say ” SAML2_IdentityAsserter :


 

 

 

 

 

Click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 Service Provider ” and make the following changes :

  • Enabled : check
  • Always Sign Authentication Requests : check
  • Force Authentication : Check
  • Preferred Binding : POST
  • Default URL : http://<DestinationSiteDNSName>:<PORT>/samldest01App

 

 

 

 

 

 

 

  • Now click on ” Servers ” –> Admin Server –> ” Federation Services ” –> ” SAML 2.0 General ” and make the following changes :

Replicated Cache Enabled : Uncheck

Contact Person Given Name

Contact Person Surname

Contact Person Type

Contact Person Company

Contact Person Telephone Number

Contact Person Email Address

Organization Name

Organization URL

Published Site URL : http://<DestinationSiteDNSName&gt;:<PORT>/saml2

Entity ID : ( Destination Domain name)

Single Sign-on Signing Key Alias

Single Sign-on Signing Key Pass Phrase

Confirm Single Sign-on Signing Key Pass Phrase

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  • Save the changes and export the IDP metadata into a XML file –> Click on “ Publish Meta Data ” button. ( say SP_metadata.xml ). We need to copy this file to the Source domain later.

 

 

 

 

 

 

  • Copy service provider metadata ( SP_metadata.xml ) to Source Domain and identity provider metadata ( idp_metadata.xml ) to the destination Domain as shown below :

 

 

 

 

 

 

  • Now configure Service Provider metadata on SAML Identity Provider in Source Site :
  • Log in to the source site Admin Console and click on ” Security Realms ” –> ” myrealm ” –> ” Providers ” –> ” Credential Mapper ”  –> ” SAML2_CredentialMapper ” –> ” Management ” –> ” New ” –> ” New Web Single Sign-On Service Provider Partner ” :











  • Name this “New Web Single Sign-On Service Provider Partner” as “SAML_SSO_SP01″ and select the SP_metadata.xml file.


 

 

 

 

 

 

 

  • Click on the newly created ” SAML_SSO_SP01 ” and enter the following :

Name :  SAML_SSO_SP01

Enabled :  Checked

Description  : SAML_SSO_SP01

Key Info Included  : Check

 

 

 

 

 

 

 

Click on Site info and verify the data :

 

 

 

 

 

 

 

  • Now configure Identity Provider metadata on SAML Service Provider in Destination site :

Login to Destination Site Admin Console :

Click on ” Security Realms ” –> ” myrealm ” –> ” Providers ” –> ” Credential Mapper ” –> SAML2_IdentityAsserter –> ” Management ”                           –> ” New ” –> ” New Web Single Sign-On Identity Provider Partner ” say ” SAML_SSO_IDP01 ”  and then select ” idp_metadata.xml ” :

 

 

 

 

 

 

 

 

 

 

 

 

  • Click on ” SAML_SSO_IDP01 ” and enter the following :
Name : SAML_SSO_IDP01
Enabled : Check
Description : SAML_SSO_IDP01
Redirect URIs : /samldest01App/restricted01/samldest01services.jsp

 

 

 

 

 

 

 

  • Deploy the source and destination application
  • Ufff..!! the configuration is now complete :) Test your SAML SSO now.
About these ads

46 Comments »

  1. I am trying to configure SAML in Weblogic but not using Pointbase.. I want to use embedded LDAP (part of WLS). You can find more details on http://forums.oracle.com/forums/click.jspa?searchID=-1&messageID=9246542
    Can you please help me with the issue?
    Thanks
    Raza

    Comment by Raza — February 20, 2011 @ 6:01 pm

    • Hi I’m also trying to o configure SAML in Weblogic and want to use LDAP. can you please tell me how to configure that?

      Comment by ujjwal — December 17, 2012 @ 9:16 pm

      • We have to use an RDBMS store, as there are issues seen while configuring SAML2 with embedded LDAP.

        There is a documentation bug opened with Oracle, because the doc says ” RDBMS is suggested but not required ” — But this is incorrect.

        Comment by streethawkz — December 17, 2012 @ 9:29 pm

  2. can u provide the source and destination applications

    Comment by George — March 10, 2011 @ 6:43 pm

  3. Sure I can. Please let me know the email id to send the applications.

    Thanks
    Raza

    Comment by Raza — March 11, 2011 @ 1:16 pm

    • Is database really required for SAML ?? I am planning to use EmbeddedLDAP of Weblogic for storing Credentials. Is that not fine?

      Comment by Raza — March 15, 2011 @ 4:59 pm

    • My Email Id is arumugam_j2005@yahoo.co.in.

      Please fwd ur applications to this ID

      Comment by George — March 18, 2011 @ 3:49 pm

    • Thanks for sharing this tutorial!

      Can you please send also to me, david.portabella@gmail.com, the source and destination applications?

      Just a minor typo in the tutorial:
      We need to restart the server after adding/configuring myrealm –> Providers –> Credential Mapping -> SAML2CredentialMapper,
      and before configuring the Servers –> Admin Server –> Federation Services->SAML 2.0 Identity Provider.

      You mention to “Replicated Cache Enabled – Uncheck”,
      but the screenshot shows it “checked”.

      On: ‘Click on ” Security Realms ” –> ” myrealm ” –> ” Providers ” –> ” Credential Mapper ” –> SAML2_IdentityAsserter …’
      should be “Authentication” instead of “Providers”.

      Best regards,
      David

      Comment by David Portabella — June 9, 2011 @ 9:46 pm

    • Hi Raza,
      Thank you for the tutorial. Can you please forward the source and destination applications for me too, my email salam_k@rediffmail.com

      Thank you.

      Comment by Abdul Salam — February 6, 2012 @ 12:37 pm

    • I tried to do SAML SSO, on desitination site I’m getting exception as : the saml object not signed. What might be the issue for this exception.

      Comment by Raj — June 29, 2012 @ 5:02 am

      • If you are getting an error like :

        ” <exception info
        org.opensaml.xml.validation.ValidationException: the SAML object is not signed.
        at com.bea.security.saml2.util.SAML2Utils.verifySamlObjectSignature(SAML2Utils.java:226)
        at com.bea.security.saml2.util.SAML2Utils.verifySamlObjectSignature(SAML2Utils.java:210) "

        and you are using :

        – SAML2.0 service provider (SP) : WebLogic Server 10.3.3
        – SAML2.0 Identity provider (IdP): Tivoli

        Then this might be a BUG 9913283

        Comment by streethawkz — June 29, 2012 @ 8:04 am

  4. I’m trying to use SAML to connect to a .NET application. How do I do destination configuration there? Also both applications share the same Active Directory LDAP.

    -Sheelu

    Comment by sheelu — March 25, 2011 @ 3:03 am

  5. Hi

    I think I did all fine. I have an application deployed on SP, as http://url:port/sample/hello.jsp

    I’ve added on the SP in the security realm under ‘redirect uri’s’ “/sample/hello.jsp”. Unfortunately I still can browse this site, without being asked for authentication.

    Any tip how I can debug such failure? Do I need to configure something extra?

    Cheers for all your effort to document this.

    Regards

    Peter Daalder

    Comment by Peter Daalder — April 8, 2011 @ 2:21 am

  6. Hi David,

    I ll mail you the app.

    — Puneeth

    Comment by streethawkz — June 21, 2011 @ 7:49 pm

  7. I am trying to implement the SP-initiated use case. For this what I have is:

    Identity Provider: a Federation Service (Active Directory). For me is a “black box”. The only thing that I am suppose to provide to this service is the name, url and home page of my application. Also I have to provide an XML with the metadata of my Service Provider.

    Service Provider: Weblogic Server (10.3.4). Here I have configured a security realm, creating a Authentication Provider and a Credential Mapper Provider. Also I have configured the selected server (AdminServer) for working with the Service Provider role.

    It is supposed that everything would be running ok, but I am at the same point than Barry (or at least is that I think…). When I request a “registered resource” (one of the apps that I have registered in our Federated Service system) the IDP doesn’t answer me with the login form.

    However with my Shibboleth set-up is working…

    Any ideas?

    I have been following these articles: http://biemond.blogspot.com/2009/09/sso-with-weblogic-1031-and-saml2.html, http://blogbypuneeth.wordpress.com/2011/01/15/steps-to-configure-saml-2-on-weblogic-server-10-3-0/ They are not the same use-case, but they have helped…

    Thanks in advance,

    Luis

    By the way these are the actions I have done:

    Domain: mydomain
    Set up SAML2 debug options: EXTRA_JAVA_PROPERTIES=”${EXTRA_JAVA_PROPERTIES} -Dweblogic.debug.DebugSecuritySAMLAtn=true -Dweblogic.debug.DebugSecuritySAMLLib=true -Dweblogic.debug.DebugSecuritySAML2Service=true -Dweblogic.debug.DebugSecuritySAML2CredMap=true -Dweblogic.debug.DebugSecuritySAML2Atn=true”
    Configure SSL Weblogic Server (AdminServer). Default port 7002
    Deploy app: myHost_domain_com_sample_weblogic_app_2
    Note: in the domain SSO System the registered home page of this app is myHost.domain.com:7002/myHost_domain_com_sample_weblogic_app_2/
    Test myHost.domain.com:7002/myHost_domain_com_sample_weblogic_app_2/
    Test …/myHost_domain_com_sample_weblogic_app_2/default.jsp
    Configure Security Realm: myrealm (default)
    Create a new Authentication Provider: domain SAML2 AUTH PROVIDER; saml2identityasserter
    In theory not necessary: reorder (Default Authentication JASS flag is REQUIRED)
    Restart
    Create a “New Web Single Sign On Identity Provider Partner” on domain SAML2 AUTH PROVIDER:
    domain SSO Identity Provider Partner
    /home/luis/Documents/domain_AUTH/FederationMetadata.xml File Descriptor of our Identity Provider. We have removed the element (we have to take a deeper look at the OASIS SAML2 SPEC) At this point we should have got this message in the admin console: Partner created successfully. The partner has been disabled by default. You will need to complete its configuration manually then enable it.
    Create a new Credential Mapping provider: SAML2_CMP; SAML2CredentialMapper
    Reorder (not strictly necessary)
    Restart
    SAML2_CMP provider specific:
    Issuer URI: myHost.domain.com
    Name Qualifier: myHost.domain.com
    Web Service Assertion Signing Key Alias: DemoIdentity
    … Key Pass Phrase: DemoIdentityKeyStorePassPhrase
    Generated Attributes
    Restart
    Create a New Web Single Sign On Provider Partner: domain SAML2 SERVICE PROVIDER PARTNER
    Import /home/luis/Documents/domain_AUTH/FederationMetadata.xml At this point we should have got this message in the admin console: Partner created successfully. The partner has been disabled by default. You will need to complete its configuration manually then enable it.
    Configure: Enabled, description, generate attributes
    Set settings for domain SAML2 AUTH PROVIDER:
    Enabled
    Redirect URI’S: /myHost_domain_com_sample_weblogic_app_2/default.jsp
    Configure the Server: AdminServer
    SAML2 General:
    Published Site URL: localhost:7001/saml2
    Entity ID: myHost.domain.com
    SAML2 Service provider: enabled

    Now if I make a request to the Redirect URI nothing happens, I mean, I am able to access the protected resource without being authenticated.

    However, if I include the URI of the Weblogic console, “/console/index.jsp”, when I request this resource the Service Provider invokes the Identity Provider and I am asked for authentication (through login form).

    Any ideas?

    Thanks in advance,

    Luis

    Comment by Luis — June 24, 2011 @ 7:58 pm

    • Now, It seems that we have got the right configuration, we are able to sign in our SSO System but we get and error from our Idp. You need to set up the security in your app through your descriptors (web.xml and weblogic.xml). Take a look at the configuration of your weblogic app console: $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/web.xml and $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/weblogic.xml)

      Comment by Luis — June 28, 2011 @ 8:43 pm

  8. I would love to see the sample apps too. Please email them to dbarstad @ hotmail.com .

    Thanks!

    Comment by dbarstad — July 1, 2011 @ 10:23 pm

    • Hi,

      The sample apps could be any webapp. You only need to configure a (or a few, as you want) security constraints in your web.xml and mapped the role, or roles, in your weblogic.xml. i.e:

      web.xml:

      sample_weblogic_app
      /secure/*

      FederatedUsers

      FederatedUsers

      weblogic.xml:

      FederatedUsers
      myuser@mydomain.com

      and you need a “myuser@mydomain.com” in your IdP datasource (LDAP Database, RDMS…)

      Regards,

      Luis

      Comment by Luis — July 8, 2011 @ 6:58 pm

  9. Better than the weblogic documentation!. Good post.

    Comment by Java Coder — July 11, 2011 @ 2:55 am

  10. this is a very good post thanks a lot.It helped me get started. My requirement is different we are service providers we have to integrate saml2 in weblogic , I tried with a sample app ,it worked , ours is a very old application and it does not use jaas or server based authentication , it authenticates by using a servlet which uses a database procedure, please advice me can I configure saml2 on service prodiver or destination side to use custom authentication ?

    Comment by fachhoch — July 20, 2011 @ 4:00 am

    • Hi,

      I think you have to configure a Weblogic Server for working as a IdP, being the datasource of this IdP your “servlet which uses a database procedure”. I have to confess that I have not done anything like this, but I am afraid that maybe you are going to need to do a little bit of coding work…

      In Source Forge I have found a project that implements a SP and an IdP, using spring-security under the hood. Maybe this implementation could provide you a clue: http://sourceforge.net/projects/spring-saml/files/0.1/ Perhaps you could use this IdP setting up your servlet as a datasource.

      Best regards,

      Luis

      Comment by gauchoproluanco — July 21, 2011 @ 1:25 pm

  11. Hi
    Would you please share the source and the destination files. My email id is kumaras@gmail.com

    Thanks & Regards
    Kumar A S

    Comment by Kumar Subramonian — September 13, 2011 @ 3:10 pm

  12. Hi ,
    I am using weblogic as an Identity Provider and Oracle Identity federation (OIF) as a service Provider. The federation will be IDP(weblogic) initiated.
    I have configured both sides. I have configured both the sides as per your blog (weblogic and OIF) , published metadata and exchanged.
    Now the problem we are facing is that we don’t know that any web application need to be deployed in weblogic or any out of box feature is there in weblogic which we can use in order to get SAML working.
    Is there any out of box feature of weblogic by which we can use SAML after configuration only or we need to write a separate java code in order to create login page and using the entire configuration which I made in weblogic.
    As my requirement is a bit different from the solution in your blog. I am using OIF as service provider and in your blog weblogic is being used on both the places. I used source site configuration part form the blog (cause I am also using weblogic as an IDP). I configured OIF on my own. Exchanged metadata of OIF and weblogic.
    IF I had used OIF at both sides in that case my job would be pretty easy (cause OIF is specifically made for this purpose. But our requirement is different as I have to use weblogic as an IDP).
    In your blog you you haven’t written about any web application which needs to be deployed on weblogic side .
    What URL I need to hit for SAML if there is out of box feature in weblogic for using SAML(after configuring everything in weblogic).
    It’s been so long I am doing this task but I am not able to achieve it. Therefore any help regarding this task will be highly appreciated

    Thanks.

    Comment by piyush — January 3, 2012 @ 2:47 pm

  13. I tried a SAML2 tutorial based on a earlier post (and verified it against this one), where I setup two WL 10.3.5 domains (for Idp, Sp) and deploy the two applications (Idp-appA, Sp-appB). For some reason I can’t go from Idp -> Sp or the other way either.

    The only error I see in the Idp’s log is “Security:096565]Artifact requester authentication failed

    Any help is appreciated.

    Comment by Pradeep Balachandran — February 16, 2012 @ 6:36 am

  14. When I click on the link in the Idp-appA that directs to Sp-appB, I see the following URL with a 403

    http://sp.hostname:port/saml2/sp/acs/artifact?SAMLart=AAQAAFhcYe834w0tS5Q1VEYsKSg09V0cd1MfaDvUEN%2F%2B93C9OjNNbEYIgG8%3D

    Not sure what to make of it.

    Thank you.

    Comment by Pradeep Balachandran — February 16, 2012 @ 6:47 am

  15. Hi there,

    Anybody know if it is possible to do the “Publish Meta Data” through a WLST script?

    I would like to use a different key for the SP metadata XML than the Managed Sever one, so am I wondering if it would be possible to develop an WLST script where I could specify the key.

    Thanks in advance,

    Luis

    Comment by gauchoproluanco — February 16, 2012 @ 2:03 pm

  16. I was able to get the sample App A & B setup working for SAML2.

    Comment by Pradeep Balachandran — February 17, 2012 @ 1:22 am

  17. could you send the sample apps to tonyfresh024@hotmail.com. thanks a lot

    Comment by Tony F — July 1, 2012 @ 3:03 am

  18. BTW, can some one post the web.xml and weblogic.xmls? I’d like to see how the security constraints are set up.

    Comment by Tony F — July 1, 2012 @ 3:04 am

  19. Could I likewise get the source and destination applications please? dgrstlwow AT gmail DOT com

    Comment by David — July 18, 2012 @ 6:28 am

  20. Hello! Thanks for a good post.
    Having trouble generating the Assertion thou, can anybody help out?

    ####
    #### <SAML2CreateAssertion: SAML name mapper returned no mapping for: Subject: 1
    Principal = class weblogic.security.principal.WLSKernelIdentity("”)>
    #### <Unable to generate SAML Assertion: No name mapping for 'Subject: 1
    Principal = class weblogic.security.principal.WLSKernelIdentity("”)’>
    ####
    #### <> <[Security:096578]Can't generated assertion for the user.

    All help appriciated!

    Comment by Erik Andersson — August 7, 2012 @ 12:57 pm

  21. ooopps, got filtered out in my prev post.
    Principal = class weblogic.security.principal.WLSKernelIdentity(WLS Kernal)>

    Comment by Erik Andersson — August 7, 2012 @ 1:17 pm

  22. We don’t have SSO requirement and I am not sure if I need to configure RDBMS Security store. Can you throw some light?

    Thanks,
    Charmi

    Comment by Charmi — September 13, 2012 @ 12:05 am

    • No, its not a must to create RDBMS store…

      — puneeth

      Comment by streethawkz — September 13, 2012 @ 5:39 am

  23. Hi,

    I have uploaded the application to the following URL :

    http://blogbypuneeth.files.wordpress.com/2011/09/saml-apps.doc

    Note : change the extension of the file to .zip after downloading it.

    – Puneeth

    Comment by streethawkz — September 13, 2012 @ 9:04 am

  24. I’ve did the configuration and worked fine with me, but if i change the Published Site URL: from http://server.domain/smal2 to https://server.domain/smal2 I recive internal server error stating that handshake failure. please if you have something in mind let me knwo?

    Comment by ALBanna — October 6, 2012 @ 10:48 pm

  25. Correction in above doc :

    Login to Destination Site Admin Console :

    Click on ” Security Realms ” –> ” myrealm ” –> ” Providers ” –> SAML2_IdentityAsserter –> ” Management ” –> ” New ” –> “ New Web Single Sign-On Identity Provider Partner ” say ” SAML_SSO_IDP01 ” and then select ” idp_metadata.xml ” :

    Comment by streethawkz — January 30, 2013 @ 8:33 pm

  26. Please send me the the two web applications to my email id maavillapallekiran@gmail.com

    Comment by Kiran — March 14, 2013 @ 10:41 am

  27. i have configured both the IDP and SP. In the IDP application, In IDP we have configured published site url as https://localhost:8004/saml2 in Federation Services-> SAML2.0 General .and the same url we have mentioned in the source application jsp as https://localhost:8004/saml2. Once we login to source application and clicking on same url gives Forbidden 403 error, its not doing any assertion with the IDP

    Comment by kiran — March 18, 2013 @ 7:45 am

  28. Hello there! Do you use Twitter? I’d like to follow you if that would be ok. I’m undoubtedly enjoying your blog and look forward to
    new posts.

    Comment by justin beiber — June 7, 2013 @ 1:23 pm

  29. It’s not my first time to visit this site, i am visiting this site dailly and obtain good facts from here every day.

    Comment by real traffic visitors — June 26, 2013 @ 5:23 am

  30. Hi Puneeth
    Excellent post and very useful tips. I configured the idp and sp and for some reason it gets routed to the default page as the sp treats me as an unsolicited user. could you point me in the right direction with possible test points of where things are going wrong. For instance is there a way to intercept the tokens? I have also tuned debugging on on both sp and idp.
    Not sure if certificates have anything to do with this. the sp server for me is only accessbile outside our network and only thru the internet. would this then cause problems if the sp has to contact the idp for asserting requests from idp? please let me know.
    thanks

    Comment by Patrick — July 4, 2013 @ 1:27 pm

  31. Good day! Do you know if they make any plugins to
    protect against hackers? I’m kinda paranoid about losing everything I’ve worked
    hard on. Any suggestions?

    Comment by tits — July 12, 2013 @ 5:10 pm

  32. can you please mail me sample applications

    prasanna.yalam@gmail.com

    Comment by Prasanna — August 17, 2013 @ 1:27 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: