What is a Fedlet? (snipped from Oracle’s Identity Management Web site)
The Oracle OpenSSO Fedlet (Fedlet) is a compact, easy to deploy SAML 2.0 service provider implementation. It includes a small software package and a simple file-based configuration, embeddable into a service provider’s Java or .NET application. The Fedlet establishes single sign-on (SSO) between an identity provider instance and the service provider application without requiring a fully-featured federation product on the service provider side.
The Oracle OpenSSO Fedlet can accept SAML 2.0 assertions from any SAML 2.0 identity provider and retrieve user attributes to accomplish SSO and content personalization. The Fedlet can be configured to communicate with any number of identity providers. It also can leverage an external discovery service to find the preferred identity provider.
My Environment:
- OIF 11g is configured as an Identity Provider (IDP)
- Fedlet is configured as Service Provider (SP)
- SAML version is 2.0
Assumptions:
- Weblogic is already installed and configured
- Have access to the idp.xml metadata file from your Identity Provider
- Installing on either Linux or Solaris (I am installing on Solaris but this is essentially the same for Linux)
Make sure that $JAVA_HOME/bin is in your PATH variable, so that JDK commands such as jar, java, and keytool are accessible.
Copy the Fedlet binary (from Oracle) to /opt/Fedlet_stuff/ cd /opt/Fedlet_stuff/java
Expand the war file:
jar xvf FEDLET_ZIP_DIR/java/fedlet.war
Run the Configure Fedlet Script
java -classpath WEB-INF/lib/opensso-sharedlib.jar:WEB-INF/lib/openfedlib.jar:install/lib/configurefedlet.jar oracle.security.fed.fedlet.install.ConfigureFedlet
Enter the directory with path where Oracle-OpenSSO-Fedlet.zip is extracted to: /opt/Fed_stuff
Enter the URL where this Fedlet will be deployed on (in http(s)://host.domain:port/uri format):
http://hostname.hostdomain:7001/fedletsample
Enter Fedlet Provider ID:[fedlet_sp_sample] // I accepted the default here
Do you want to generate keystore and key pair for the Fedlet? 1=yes/2=no [1] 1
Enter Fedlet keystore password: Re-enter Fedlet keystore password: Enter Fedlet key password: Re-enter Fedlet key password:
Do you want to import IDP metadata? 1=yes/2=no [1] 1
Enter IDP metadata filename with path: /opt/Fed_stuff/idp.xml
Include sample and generate fedletsample.war? 1=yes/2=no [2] 1
Enter the directory with path where the newly generated Fedlet configuration and optionally fedletsample.war should be saved to: /opt/fedlet
Fedlet configuration is created at: /opt/fedlet fedletsample.war is created at: /opt/fedlet
Deploy the newly created war file, that was created here: /opt/fedlet/fedletsample.war
[if you need instructions on deploying the war to Weblogic or Glassfish ... then email me and I can provide to you.]
Copy the sp.xml file (from /opt/fedlet/fedlet/sp.xml) to your desktop console.
Import the sp.xml (that you just copied) to the Circle of Trust on your IDP’s OIF Admin Console.
Hi,
i am getting this error when i send an auth request to IDP, can you help me with this please?
11/03/09 11:33:59: ERROR
oracle.security.fed.http.translator.saml.SAMLProtocolMessageTranslator.translateMessage() – oracle.security.fed.xml.translator.TranslationException: org.xml.sax.SAXException: Could not locate translation scheme associated with “urn:oasis:names:tc:SAML:2.0:protocol”:NameIdPolicy, child of “urn:oasis:names:tc:SAML:2.0:protocol”:AuthnRequest.
11/03/09 11:33:59: ERROR
oracle.security.fed.controller.ApplicationController.processServletRequest() – oracle.security.fed.controller.web.action.RequestHandlerRuntimeException: Message creation failed. null; oracle.security.fed.xml.translator.TranslationException: org.xml.sax.SAXException: Could not locate translation scheme associated with “urn:oasis:names:tc:SAML:2.0:protocol”:NameIdPolicy, child of “urn:oasis:names:tc:SAML:2.0:protocol”:AuthnRequest.
Regards,
Sudarshan
Hi Sudarshan,
Hopefully I can help. Can you post your SP metadata file that you provided to your IDP? What version of the Oracle OpenSSO Fedlet are you using? What J2EE container did you deploy to and on what OS platform? Also, which version of Java do you have installed on this server? Additionally, Can you tell me which vendor is the IDP platform?
Thanks,
Brad
I am getting a http error 404 (no such resource) AFTER a saml assertion is generated.
OIF 11.1.1.5 on linux hosted on weblogic 10.3.5
Fedlet 11.1.1.3 on windows on weblogic 10.3.5
I generated the fedletsample.war and deployed on the weblogic windows. I can go to fedletsample/index.jsp and then click on idp generated sso. I get OIF login prompt, provide credentials- but when the response is POST ed to the fedlet:7001/samplefedlet/fedletapplication, then it gets error 404.
Any clue?
Mitra,
Check to make sure that the URL on the initiate page and the URL on the return URL is the same. I have noticed that if the hostname changed that you can get a 404. Also, I noticed if the name that the war is deployed as doesnt match what is expected that you can get a 404 as well.
Let me know if you need additional assistance.
Brad