Service Provider initiated SSO on Weblogic server 11g with SAML 2.0
SERVICE PROVIDER INITIATED SSO ON WLS11G USING SAML2.0 At a recent customer I got the assignment to implement a SAML 2.0 configuration. (http://blog.darwin-it.nl/2014/04/service-provider-initiated-sso-on.html) The customer is in this setup a Service Provider. They provide a student-administration application for the Dutch Higher Education Sector, like Colleges and Universities. The application conventionally is implemented on premise. But they like to move to a SaaS model. One institute is going to use the application from 'the cloud'. In the Dutch education sector, an organization called SurfConext serves as an authentication broker. Note the below diagram is a good representation of SP-initiated SSO. A good schematic explanation of the setup is in the Weblogic 11g docs : When a user connects to the application, Weblogic finds that the user is not authenticated: it lacks a SAML2.0 token (2). So when configured correctly the browser is rerouted to SurfConext (3). O