-
WebCenter Portal SAML 2.0 SSOOracle | 2016 4
-
1 | WebCenter Portal SAML 2.0 SSO
-
2 | WebCenter Portal SAML 2.0 SSO
1
3
4
4
WebCenter Portal SSL 4
webCenter.ear 4
WebCenter Portal 6
6
IIS 7
ADFS 7
ADFS SAML 2.0 8
ADFS WebCenter Portal 8
WLS 10
SAML 2.0 11
SAML 2.0 13
SAML 2.0 14
16
SAML 2.0 SSO 19
-
3 | WebCenter Portal SAML 2.0 SSO
WebCenter Portal 11.1.1.6.0 SAML 1.1 SSO WebCenter Portal
11.1.1.8.0 SAML 2.0 SSO
SAML 2
IDP SAML
SPSAML
SAML 1.0 WebCenter Portal WebLogic ServerWLS IDP SP SAML 1.0
SAML WebCenter Portal SAML 2.0 WLS IDP SP ADFSPing FederateOAM SAML
2.0 IDP ADFS SAML 2.0 IDPWLS SP ADFS OAMWLSPing Federate SAML 2.0
IDP SSO WebCenter Portal WebCenter Portal SSO 1 SAML SSO
1SAML SSO
SAML SSO SP
http://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-4C0E79F9-4816-4DEA-9002-1D02E3F143F9.htm#GUID-BE94DCE0-84B9-4F8D-ABB1-0C8E1D865788http://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-4C0E79F9-4816-4DEA-9002-1D02E3F143F9.htm#GUID-BE94DCE0-84B9-4F8D-ABB1-0C8E1D865788
-
4 | WebCenter Portal SAML 2.0 SSO
SP WebCenter Portal WSL IDP WebCenter Portal WLS SP IDP IDP SAML
2.0 SP SP IDPSP IDP SAML 2.0
SAML 2.0 SSO
1.
2.
3. WLS
Windows Server 2008 R2 ADFS 2.0 IDP
IDP Active Directory Federation ServicesADFS2.0
WebCenter PortalWCPOracle WebCenter Portal
WebCenter PortalSSL
SAML 2.0 ADFS HTTPS/SSL WebCenter Portal ADFS WCP SAML 2.0
WebCenter Portal SSL SSL
webCenter.ear
webcenter.ear Cookie /webcenter WebCenter Portal SSL WLS SAML
2.0 Cookie "/"WLS SP SAML 2.0 Cookie "/"
1. WebCenter Oracle
2. webcenter.ear
$WebCenter_Install_Dir/archives/applications
3. Spaces EAR
4. XML weblogic.xml/WEB_INF/weblogic.xmlsession-
https://docs.oracle.com/cd/E50629_01/owsm/INTER/owsm-interop-net.htm#BABEDFEFhttps://docs.oracle.com/cd/E50629_01/owsm/INTER/owsm-interop-net.htm#BABEDFEFhttp://docs.oracle.com/cd/E72987_01/core/INSWC/GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4A.htm#GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4Ahttp://docs.oracle.com/cd/E72987_01/core/INSWC/GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4A.htm#GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4Ahttps://docs.oracle.com/cd/E50629_01/wls/SECMG/ssl.htm#i1194325
-
5 | WebCenter Portal SAML 2.0 SSO
descriptor Cookie /
5. IDP WebCenter Portal WebCenter Portal CLIENT-CERT XML
web.xml/WEB_INF/web.xmllogin-config
CLIENT-CERT
6. weblogic.xml web.xml jar webcenter.ear zip Weblogic
7. Weblogic 2 WebCenter
2WebCenter
8. WebCenter Update 3
-
6 | WebCenter Portal SAML 2.0 SSO
3WebCenter
9. Source path webcenter.ear Finishwebcenter.ear
WebCenter Portal
WebCenter Portal IDP ADFS IDP SP LDAP IDP SP LDAP IDP LDAP SP
LDAP LDAP
Active Directory Federation ServiceADFSIPADFS Microsoft ADFS
ID
Ping FederateOAMShiboleth IDP IDP SP IDP SP SP IDP
ADFS
IIS
ADFS
ADFS SAML 2.0
ADFS WebCenter Portal
http://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5A.htm#GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5Ahttp://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5A.htm#GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5A
-
7 | WebCenter Portal SAML 2.0 SSO
IIS
Secure Sockets LayerSSLIIS Web
1. IIS
2. (IIS)
3. IIS
4.
5. OK
6. Web
7.
8.
9. httpSSL OK
10. IIS
ADFS
1. ADFS 2.0 ADFS 2.0
2. ADFS 2.0
3.
4.
5. IIS
6. Ready to Apply Settings
7.
4 ADFS
-
8 | WebCenter Portal SAML 2.0 SSO
4ADFS
ADFSSAML 2.0
ADFS SAML 2.0
1. URL xml
https://adfsHost:adfsPort/FederationMetadata/2007-
06/FederationMetadata.xmlhttps://localhost/FederationMetadata/2007-
06/FederationMetadata.xml
2. WebCenter Portal ADFS WLS idp_metadata.xml
IDP IDP SAML 2.0 WebCenter Portal WLS
ADFSWebCenter Portal
WLS SAML 2.0 SP
ADFS IDP WebCenter Portal
1. ADFS 2.0
2.
3.
https://adfsHost:adfsPort/FederationMetadata/2007-06/FederationMetadata.xmlhttps://adfsHost:adfsPort/FederationMetadata/2007-06/FederationMetadata.xmlhttps://localhost/FederationMetadata/2007-06/FederationMetadata.xmlhttps://localhost/FederationMetadata/2007-06/FederationMetadata.xml
-
9 | WebCenter Portal SAML 2.0 SSO
4. WLS SAML 2.0 sp_metadata.xml
SAML 2.0
5. WCP SAML 2.0 WCP SP
6.
7. Open the Edit claims
8.
LDAP ID SAML ADFS
9. LDAP
10. Active DirectoryLDAP SAM ID 5
5 - LDAP
11.
12. LDAP
13. Given Name
14. Given NameGiven Name 6
-
10 | WebCenter Portal SAML 2.0 SSO
6
15.
16. WCP SP
17. SHA-256 WLS SHA-1OK
WLS
SSO SP WebCenter Portal SP DiscussionWebCenter Content
Server
SAML IDP SAML 2.0 SAML 2.0 SAML 2.0 IDP ADFS ADFS SAML 2.0
WebCenter Portal
SP
SAML 2.0
SAML 2.0
SAML 2.0
-
11 | WebCenter Portal SAML 2.0 SSO
SAML 2.0
1. WebCenter Portal Weblogic
2.Security RealmsmyrealmProvidersAuthentication
3. 7NewSAML2IdentityAsserter
4. SAML2IAsserterOK
7Create a New Authentication Provider
5. Activate Changes
-
12 | WebCenter Portal SAML 2.0 SSO
8
6.
ID
9 SAML2IAsserter Replicated Cache Enabled
9 SAML 2.0
https://docs.oracle.com/cd/E50629_01/wls/SECMG/atn.htm#i1213691https://docs.oracle.com/cd/E50629_01/wls/SECMG/atn.htm#i1213691
-
13 | WebCenter Portal SAML 2.0 SSO
SAML 2.0
ServersWC_PortalFederation ServicesSAML 2.0 Service Provider
10
Enabled
Always Sign Authentication Requests
Preferred Binding as POST
Default URL https://WCP_HOST:WCP_SSL_PORT/webcenter
10SAML 2.0
-
14 | WebCenter Portal SAML 2.0 SSO
SAML 2.0
SAML 2.0
ServersWC_PortalFederation ServicesSAML 2.0 General 11
Replicated Cache Enabled
WebLogic Server SAML 2.0
Contact Person Given Name
Contact Person Surname
Contact Person Type
Contact Person Company
Contact Person Telephone Number
Contact Person Email Address
Organization Name
Organization URL
Published Site URLhttps://:/saml2
Entity ID
Single Sign-on Signing Key Alias
Single Sign-on Signing Key Pass Phrase
Confirm Single Sign-on Signing Key Pass Phrase
-
15 | WebCenter Portal SAML 2.0 SSO
11 SAML 2.0
WLS demoidentity 12
demoIdentity DemoIdentdityPassPhrase
-
16 | WebCenter Portal SAML 2.0 SSO
12
SavePublish MetadataSP sp_metadata.xml IDP ADFS WebCenter
Portal
SAML 2.0
SAML 2.0 IDP SAML 2.0 IDP Security Realms RealmName Providers
Authentication SAML2IdentityAsserterName Management
1. Security
RealmsmyrealmProvidersAuthenticationSAML2IAsserterManagementNewNew
Web Single Sign-On Identity Provider Partne
2. Create SAML 2.0 Web Single Sign-on Identity Provider Partner
Name SAML_SSO_IDP01 13
3. ADFS idp_metadata.xml
4. OK
https://docs.oracle.com/cd/E50629_01/wls/SECMG/saml.htm#i1106517
-
17 | WebCenter Portal SAML 2.0 SSO
13Create SAML 2.0 Web Single Sign-on Identity Provider
Partner
ADFS WS-Trust WS-Trust
-
18 | WebCenter Portal SAML 2.0 SSO
5. XML idp_metadata.xml
6.
7. ADFS 2.0 IDP SP IDP WLS SAML 2.0 IDP SP
8.
SAML_SSO_IDP01
NameSAML_SSO_IDP01
Enabled
DescriptionSAML_SSO_IDP01
Redirect URIs/webcenter/*
WCP SP SSO
ADFS WebCenter Portal
-
19 | WebCenter Portal SAML 2.0 SSO
SAML 2.0SSO
WebCenter SAML 2.0 ADFS IDP SSO
WebCenter Portal ADFS Oracle Internet Directory WebCenter Portal
Oracle Internet Directory ADFS WebCenter Portal
WebCenter Portal SSL URL https://WCP_HOST:WCP_PORT/webcenterADFS
Windows ADFS WebCenter Portal
-
Oracle Corporation, World Headquarters 500 Oracle Parkway
Redwood Shores, CA 94065, USA
+1.650.506.7000
+1.650.506.7200
C O N N E C T W I T H U S
blogs.oracle.com/oracle
facebook.com/oracle
twitter.com/oracle
oracle.com
Copyright 2016, Oracle and/or its affiliates.All rights
reserved. Oracle Java Oracle Intel Intel Xeon Intel Corporation
SPARC SPARC International, Inc.AMDOpteronAMD AMD Opteron Advanced
Micro Devices UNIX The Open Group 0416 WebCenter Portal SAML 2.0
SSO 2016 4 Nitin Shah Suresh Alagarswamy
1SAMLSSO
WebCenter PortalSSLwebCenter.ear2WebCenter3WebCenter
WebCenter Portal
IISADFS4ADFS
ADFSSAML 2.0ADFSWebCenter Portal5 - LDAP6
WLSSAML 2.07Create a New Authentication Provider89SAML 2.0
SAML 2.010SAML 2.0
SAML 2.011SAML 2.012
13Create SAML 2.0 Web Single Sign-on Identity Provider
Partner
SAML 2.0SSO
