weblogicsaml-2.0service-providernetiq

Weblogic Service Provider with NetIq Identity Manager


I'm trying to configure a Service Provider on Weblogic 12c.2.1, pointing to NetIq Identity Manager.

Also, i'm trying to deploy a simple jsp app to test it.

As of now, this is what i've done:

Weblogic

  1. Created an Authentication Provider (Security Realms -> myrealm -> Providers -> Authentication -> SAML2 Identity Asserter)
  2. Configured a to host the jsp app and the Service Provider (Server -> Configuration -> Federation Services -> SAML2 Service Provider) ServiceProviderConfig
  3. Configured the server 'SAML2 General Service' tab as well.ServiceProviderGeneralConfig
  4. Published the metadata.
  5. Imported the metadata on NetIq Identity Manager as Service Provider
  6. Downloaded the metadata from NetIq Identity Manager.
  7. Back to the Authentication Provider, created on 'Management' tab, a new Web SSO Identity Provider Partner.IDPonWeblogic

After those steps, i deployed the app and tried to access, hoping it would redirect me to the NetIq Identity Manager to login. Instead, I'm getting the following error:

Error 401--Unauthorized

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.

The error is not being logged on neither weblogic app log or NetIq IDP log.

My app link is: http://www.andreaswittmann.de/weblogic-corner/saml2_sso/SAML_SSO.zip

I extracted the appB only, since i don't need the appA (as it's the idp).

Any clues of what i'm doing wrong?

Thanks in advance.


Solution

  • The problem was related to certificate.

    I don't really know why, but i had to download the IdP .jks, to make sure the privateKeyEntry was related. When i used the default jks, it wouldn't work.

    Also, i had to import all certificate chain on IdP.