Wednesday, August 12, 2015

Send IDP certificate in SAML assertion in OAM 11gr2 ps2 (OAM 11.1.2.2)

Typically by default, the SAML response wont have the IDP certificate in it.

if you encounter an issue saying that the Service provider is expecting a tag called <dsig:KeyInfo> in the SAML response, it means they are expecting IDP signing certificate to be sent in the SAML response.

Make the below changes on the OAM side to facilitate this.

1. SSH to OAM server
2.   Run the below commands

Ø  $ORACLE_HOME/common/bin/wlst.sh
Ø  connect()
Ø  domainRuntime()

Ø  updatePartnerProperty(partnerName="<partner name>", partnerType="sp",propName="includecertinsignature",propValue="true",type="boolean")

Make sure you replace <partner name> with the exact SP name you configured in OAM.

Test and it will now send the IDP certificate in the SAML assertion

No comments:

Post a Comment

Other Posts