How to configure a SAML 2.0 service provider for an ADF application

Question

1. I have successfully configured a SAML 2.0 Identity provider in a separate Weblogic domain
2. We have an ADF application deployed in Weblogic in another domain with non-SAML form-based authentication (ReadOnlySQLAuthenticator is used to verify credentials)

I want to configure the second domain as a Service Provider (to enable the existing application to login with the Identity provider.

I did the folowing:

1. Configure a SAML 2.0 Identity Asserter
2. Enable the Service Provider in the federated services for the server
3. Add and enable the "service provider partners" and exchange metadata on both IDP and SP side
4. Configure the "redirect URI" on the SP side
5. Add the SAML 2.0 Authenticator (the documentation doesn't mention this, but some blogs do)

This should be enough to make the SSO work, but it doesn't.

• opening the application doesn't trigger a redirect to the IDP (even when the URL is configured in the provider partner config)
• after logging into the application, other applications still have to log in with the IDP (SSO doesn't work)

The "other application" is the Spring SAML sample application and I verified that SSO works with 2 different instances of that app (which means the IDP side should be configured correctly).

Answer 1

We've had some Oracle experts come over to our company to solve various issues. In the end even they could't help with this and suggested that SAML support may not really work that well.

They suggested that we try to use Oracle Access Manager, that's supposed to support both OAUTH and SAML. We didn't get to that yet and maybe never will. Still if you need SSO in Weblogic, you could give it a go.