Typically Achieving SSO using SAML 1.1 between two applications deployed to WebLogic domains involves configuring
- Identity Asserter (IA) on Destination WebLogic domain
- Credential Mapper (CM) on the Source WebLogic domain
Details on how to achieve SSO using SAML 1.1 is not the intent of this article, hence this articles just focuses on one of the major issue that is faced with SSO using SAML 1.1. Assuming that with the required IA and CM configuration settings done on the source and the destination WebLogic domains , SSO using SAML 1.1 starts working. Users can login to one application and they are logged into the other application via SSO using SAML 1.1.
So far so good, but after a user logs in onto the landing page of any of the application and hits back button of the browser, they encounter HTTP 404 error.
The solution provided below solves the problem:
- Deploy the attached web appliation saml_acs.war to all the WebLogic domains configured to be SAML 1.1 destinations
- Target saml_acs.war to the cluster
- Set the system flags like below. Set the flag on all the servers in the domain and restart them for the system flags to take effect.
- -Dsaml_acs.redirect.url=http(s)://<hostname>:<port>/<landing page>
- In the WLS admin console update all the servers
- Navigate to the “Server name -> Configuration -> Federation Services -> SAML 1.1 Destination Site” tab
- Change the “Assertion Consumer URI” to “/saml_acs/acs”
- This requires a restart
saml_acs.war
-web-inf
--web.xml
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<error-page>
<error-code>404</error-code>
<location>/redirect.jsp</location>
</error-page>
</web-app>
--weblogic.xml
<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 8.1//EN" "http://www.bea.com/servers/wls810/dtd/weblogic810-web-jar.dtd">
<weblogic-web-app>
</weblogic-web-app>
meta-inf
redirect.jsp
<%@page import="javax.servlet.http.*"%>
<%
/*
This jsp helps in handing 404 http error that occurs when a user
authenticates to portal desktop via saml for the first time and
hits the browser back button.
set the system property = the portal url like the default property value shown below
Example:
-Dsaml_acs.redirect.url="https://<hostname>:<port>/<default landing page if required>"
*/
String newLocation=System.getProperty("saml_acs.redirect.url","/default landing page");
response.sendRedirect(newLocation);
%>
No comments:
Post a Comment