FreeKB - IBM WebSphere Single Sign On (SSO) and SAML - Identity Provider (Idp)
IBM WebSphere - Single Sign On (SSO) and SAML - Identity Provider (Idp)

This assume you've already enable the WebSphere SAML Service Provider (SP). The following procedure will setup the SAML Service Provider (SP) with metadata from an Identity Provider (IdP). If you do not have a SAML IdP that can provide metadata, you'll want to setup an IdP, such as Shibboleth IdP.

Using wsadmin, add the Identity Provider metadata. This example assumes that the metadata file (idp-metadata.xml) is on the WebSphere server. Notice also in this example that the certificate alias is "shibboleth-idp". You can use any alias you want, as this is going to create a new certificate.

AdminTask.importSAMLIdpMetadata('-idpMetadataFileName /opt/shibboleth-idp/metadata/idp-metadata.xml -idpId 1 -ssoId 1 -signingCertAlias shibboleth-idp')


After issuing these wsadmin commands, at Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificate, there should be a new certificate (shibboleth-idp in this example).

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter a094b in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |