Upload
trinhkiet
View
222
Download
4
Embed Size (px)
Citation preview
WebCenter Portal SAML 2.0 SSOOracle | 2016 4
1 | WebCenter Portal SAML 2.0 SSO
2 | WebCenter Portal SAML 2.0 SSO
1
3
4
4
WebCenter Portal SSL 4
webCenter.ear 4
WebCenter Portal 6
6
IIS 7
ADFS 7
ADFS SAML 2.0 8
ADFS WebCenter Portal 8
WLS 10
SAML 2.0 11
SAML 2.0 13
SAML 2.0 14
16
SAML 2.0 SSO 19
3 | WebCenter Portal SAML 2.0 SSO
WebCenter Portal 11.1.1.6.0 SAML 1.1 SSO WebCenter Portal 11.1.1.8.0 SAML 2.0 SSO
SAML 2
IDP SAML
SPSAML
SAML 1.0 WebCenter Portal WebLogic ServerWLS IDP SP SAML 1.0 SAML WebCenter Portal SAML 2.0 WLS IDP SP ADFSPing FederateOAM SAML 2.0 IDP ADFS SAML 2.0 IDPWLS SP ADFS OAMWLSPing Federate SAML 2.0 IDP SSO WebCenter Portal WebCenter Portal SSO 1 SAML SSO
1SAML SSO
SAML SSO SP
http://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-4C0E79F9-4816-4DEA-9002-1D02E3F143F9.htm#GUID-BE94DCE0-84B9-4F8D-ABB1-0C8E1D865788http://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-4C0E79F9-4816-4DEA-9002-1D02E3F143F9.htm#GUID-BE94DCE0-84B9-4F8D-ABB1-0C8E1D865788
4 | WebCenter Portal SAML 2.0 SSO
SP WebCenter Portal WSL IDP WebCenter Portal WLS SP IDP IDP SAML 2.0 SP SP IDPSP IDP SAML 2.0
SAML 2.0 SSO
1.
2.
3. WLS
Windows Server 2008 R2 ADFS 2.0 IDP
IDP Active Directory Federation ServicesADFS2.0
WebCenter PortalWCPOracle WebCenter Portal
WebCenter PortalSSL
SAML 2.0 ADFS HTTPS/SSL WebCenter Portal ADFS WCP SAML 2.0 WebCenter Portal SSL SSL
webCenter.ear
webcenter.ear Cookie /webcenter WebCenter Portal SSL WLS SAML 2.0 Cookie "/"WLS SP SAML 2.0 Cookie "/"
1. WebCenter Oracle
2. webcenter.ear $WebCenter_Install_Dir/archives/applications
3. Spaces EAR
4. XML weblogic.xml/WEB_INF/weblogic.xmlsession-
https://docs.oracle.com/cd/E50629_01/owsm/INTER/owsm-interop-net.htm#BABEDFEFhttps://docs.oracle.com/cd/E50629_01/owsm/INTER/owsm-interop-net.htm#BABEDFEFhttp://docs.oracle.com/cd/E72987_01/core/INSWC/GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4A.htm#GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4Ahttp://docs.oracle.com/cd/E72987_01/core/INSWC/GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4A.htm#GUID-D5AFD830-8A7D-42CC-8C22-CE68C452CF4Ahttps://docs.oracle.com/cd/E50629_01/wls/SECMG/ssl.htm#i1194325
5 | WebCenter Portal SAML 2.0 SSO
descriptor Cookie /
5. IDP WebCenter Portal WebCenter Portal CLIENT-CERT XML web.xml/WEB_INF/web.xmllogin-config
CLIENT-CERT
6. weblogic.xml web.xml jar webcenter.ear zip Weblogic
7. Weblogic 2 WebCenter
2WebCenter
8. WebCenter Update 3
6 | WebCenter Portal SAML 2.0 SSO
3WebCenter
9. Source path webcenter.ear Finishwebcenter.ear
WebCenter Portal
WebCenter Portal IDP ADFS IDP SP LDAP IDP SP LDAP IDP LDAP SP LDAP LDAP
Active Directory Federation ServiceADFSIPADFS Microsoft ADFS ID
Ping FederateOAMShiboleth IDP IDP SP IDP SP SP IDP
ADFS
IIS
ADFS
ADFS SAML 2.0
ADFS WebCenter Portal
http://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5A.htm#GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5Ahttp://docs.oracle.com/cd/E80149_01/wcp/admin/GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5A.htm#GUID-9A3086DA-E2D8-47F6-A47A-90819AFB5F5A
7 | WebCenter Portal SAML 2.0 SSO
IIS
Secure Sockets LayerSSLIIS Web
1. IIS
2. (IIS)
3. IIS
4.
5. OK
6. Web
7.
8.
9. httpSSL OK
10. IIS
ADFS
1. ADFS 2.0 ADFS 2.0
2. ADFS 2.0
3.
4.
5. IIS
6. Ready to Apply Settings
7.
4 ADFS
8 | WebCenter Portal SAML 2.0 SSO
4ADFS
ADFSSAML 2.0
ADFS SAML 2.0
1. URL xml https://adfsHost:adfsPort/FederationMetadata/2007-
06/FederationMetadata.xmlhttps://localhost/FederationMetadata/2007-
06/FederationMetadata.xml
2. WebCenter Portal ADFS WLS idp_metadata.xml
IDP IDP SAML 2.0 WebCenter Portal WLS
ADFSWebCenter Portal
WLS SAML 2.0 SP
ADFS IDP WebCenter Portal
1. ADFS 2.0
2.
3.
https://adfsHost:adfsPort/FederationMetadata/2007-06/FederationMetadata.xmlhttps://adfsHost:adfsPort/FederationMetadata/2007-06/FederationMetadata.xmlhttps://localhost/FederationMetadata/2007-06/FederationMetadata.xmlhttps://localhost/FederationMetadata/2007-06/FederationMetadata.xml
9 | WebCenter Portal SAML 2.0 SSO
4. WLS SAML 2.0 sp_metadata.xml
SAML 2.0
5. WCP SAML 2.0 WCP SP
6.
7. Open the Edit claims
8.
LDAP ID SAML ADFS
9. LDAP
10. Active DirectoryLDAP SAM ID 5
5 - LDAP
11.
12. LDAP
13. Given Name
14. Given NameGiven Name 6
10 | WebCenter Portal SAML 2.0 SSO
6
15.
16. WCP SP
17. SHA-256 WLS SHA-1OK
WLS
SSO SP WebCenter Portal SP DiscussionWebCenter Content Server
SAML IDP SAML 2.0 SAML 2.0 SAML 2.0 IDP ADFS ADFS SAML 2.0
WebCenter Portal
SP
SAML 2.0
SAML 2.0
SAML 2.0
11 | WebCenter Portal SAML 2.0 SSO
SAML 2.0
1. WebCenter Portal Weblogic
2.Security RealmsmyrealmProvidersAuthentication
3. 7NewSAML2IdentityAsserter
4. SAML2IAsserterOK
7Create a New Authentication Provider
5. Activate Changes
12 | WebCenter Portal SAML 2.0 SSO
8
6.
ID
9 SAML2IAsserter Replicated Cache Enabled
9 SAML 2.0
https://docs.oracle.com/cd/E50629_01/wls/SECMG/atn.htm#i1213691https://docs.oracle.com/cd/E50629_01/wls/SECMG/atn.htm#i1213691
13 | WebCenter Portal SAML 2.0 SSO
SAML 2.0
ServersWC_PortalFederation ServicesSAML 2.0 Service Provider 10
Enabled
Always Sign Authentication Requests
Preferred Binding as POST
Default URL https://WCP_HOST:WCP_SSL_PORT/webcenter
10SAML 2.0
14 | WebCenter Portal SAML 2.0 SSO
SAML 2.0
SAML 2.0
ServersWC_PortalFederation ServicesSAML 2.0 General 11
Replicated Cache Enabled
WebLogic Server SAML 2.0
Contact Person Given Name
Contact Person Surname
Contact Person Type
Contact Person Company
Contact Person Telephone Number
Contact Person Email Address
Organization Name
Organization URL
Published Site URLhttps://:/saml2
Entity ID
Single Sign-on Signing Key Alias
Single Sign-on Signing Key Pass Phrase
Confirm Single Sign-on Signing Key Pass Phrase
15 | WebCenter Portal SAML 2.0 SSO
11 SAML 2.0
WLS demoidentity 12
demoIdentity DemoIdentdityPassPhrase
16 | WebCenter Portal SAML 2.0 SSO
12
SavePublish MetadataSP sp_metadata.xml IDP ADFS WebCenter Portal
SAML 2.0
SAML 2.0 IDP SAML 2.0 IDP Security Realms RealmName Providers Authentication SAML2IdentityAsserterName Management
1. Security RealmsmyrealmProvidersAuthenticationSAML2IAsserterManagementNewNew Web Single Sign-On Identity Provider Partne
2. Create SAML 2.0 Web Single Sign-on Identity Provider Partner Name SAML_SSO_IDP01 13
3. ADFS idp_metadata.xml
4. OK
https://docs.oracle.com/cd/E50629_01/wls/SECMG/saml.htm#i1106517
17 | WebCenter Portal SAML 2.0 SSO
13Create SAML 2.0 Web Single Sign-on Identity Provider Partner
ADFS WS-Trust WS-Trust
18 | WebCenter Portal SAML 2.0 SSO
5. XML idp_metadata.xml
6.
7. ADFS 2.0 IDP SP IDP WLS SAML 2.0 IDP SP
8.
SAML_SSO_IDP01
NameSAML_SSO_IDP01
Enabled
DescriptionSAML_SSO_IDP01
Redirect URIs/webcenter/*
WCP SP SSO
ADFS WebCenter Portal
19 | WebCenter Portal SAML 2.0 SSO
SAML 2.0SSO
WebCenter SAML 2.0 ADFS IDP SSO
WebCenter Portal ADFS Oracle Internet Directory WebCenter Portal Oracle Internet Directory ADFS WebCenter Portal
WebCenter Portal SSL URL https://WCP_HOST:WCP_PORT/webcenterADFS Windows ADFS WebCenter Portal
Oracle Corporation, World Headquarters 500 Oracle Parkway
Redwood Shores, CA 94065, USA
+1.650.506.7000
+1.650.506.7200
C O N N E C T W I T H U S
blogs.oracle.com/oracle
facebook.com/oracle
twitter.com/oracle
oracle.com
Copyright 2016, Oracle and/or its affiliates.All rights reserved. Oracle Java Oracle Intel Intel Xeon Intel Corporation SPARC SPARC International, Inc.AMDOpteronAMD AMD Opteron Advanced Micro Devices UNIX The Open Group 0416 WebCenter Portal SAML 2.0 SSO 2016 4 Nitin Shah Suresh Alagarswamy
1SAMLSSO
WebCenter PortalSSLwebCenter.ear2WebCenter3WebCenter
WebCenter Portal
IISADFS4ADFS
ADFSSAML 2.0ADFSWebCenter Portal5 - LDAP6
WLSSAML 2.07Create a New Authentication Provider89SAML 2.0
SAML 2.010SAML 2.0
SAML 2.011SAML 2.012
13Create SAML 2.0 Web Single Sign-on Identity Provider Partner
SAML 2.0SSO