tag:blogger.com,1999:blog-4533777417600103698.post2136015848547254033..comments2023-08-13T17:29:27.354+02:00Comments on Darwin-IT: Service Provider initiated SSO on WLS11g using SAML2.0Martien van den Akkerhttp://www.blogger.com/profile/05183907832966359401noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4533777417600103698.post-47985155783714557302014-10-31T15:22:28.180+01:002014-10-31T15:22:28.180+01:00Hmmm. I would say this would do the trick.Apparent...Hmmm. I would say this would do the trick.Apparently the second SP does not recognize the SAML2 token of the first SP as applicaple to his own. I should take a look into this more deeper, but unfortunately I don't have the time myself right now. Did you post a question on https://community.oracle.com/community/fusion_middleware/weblogic/weblogic_server_-_security?Martien van den Akkerhttps://www.blogger.com/profile/05183907832966359401noreply@blogger.comtag:blogger.com,1999:blog-4533777417600103698.post-27623987942997394282014-10-28T11:25:23.280+01:002014-10-28T11:25:23.280+01:00I have deployed one IDP and two SP applications in...I have deployed one IDP and two SP applications in a three independent weblogic domains on its own clusters and then i added the necessary SAML2 configurations in the idp and 2 sp servers. Now, Iam able to login to the SP applications through IDP login screen and able to visit the protected pages (role based) in the individual SP application without any issues.<br /><br />But my requirement additionally says that if the user logins in one SP application then he should be able to visit the protected pages of other SP application also. User should not be asked to re-login again for the second SP application. But in reality on my setup/configuration, each service provider asks for the saml2 assertion from the IDP individually. So it asks for the re-login again, if the user moves from one sp application to another sp application by clicking the link provided in the first sp application.<br /><br />What is the additional configuration should be done to make it work as a real SSO with the above said feature?<br /><br />Your help is very much appreciated. Advance thanks..Anonymoushttps://www.blogger.com/profile/18402012289872261557noreply@blogger.com