FreeKB - Single Sign On (SSO) and SAML in WebSphere - Identity Provider (Idp)
Single Sign On (SSO) and SAML in WebSphere - Identity Provider (Idp)

Home > Search


This assume you've already enable the WebSphere SAML Service Provider (SP). The following procedure will setup the SAML Service Provider (SP) with metadata from an Identity Provider (IdP). If you do not have a SAML IdP that can provide metadata, you'll want to setup an IdP, such as Shibboleth IdP.

Using wsadmin, add the Identity Provider metadata. This example assumes that the metadata file (idp-metadata.xml) is on the WebSphere server. Notice also in this example that the certificate alias is "shibboleth-idp". You can use any alias you want, as this is going to create a new certificate.

AdminTask.importSAMLIdpMetadata('-idpMetadataFileName /opt/shibboleth-idp/metadata/idp-metadata.xml -idpId 1 -ssoId 1 -signingCertAlias shibboleth-idp')
u'true'
wsadmin>AdminConfig.save()
u''
wsadmin>quit

 

After issuing these wsadmin commands, at Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificate, there should be a new certificate (shibboleth-idp in this example).



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter c4c26 in the box below so that we can be sure you are a human.




Comments