SAML Web Single Sign-On2.0
This feature enables web applications to use SAML web single sign-on version 2.0 function.
Enabling this feature
To enable the SAML Web Single Sign-On 2.0 feature, add the following element declaration into your server.xml
file, inside the featureManager
element:
<feature>samlWeb-2.0</feature>
Examples
Default configuration
Open Liberty provides a default configuration of the SAML Web Single Sign-on feature after the feature is enabled. The SAML Web Single Sign-on feature activates the following two endpoints:
-
https://<hostname>:<sslport>/ibm/saml20/defaultSP/acs
The AssertionConsumerService URL endpoint on the service provider point of contact server receives assertions from the identity provider.
-
https://<hostname>:<sslport>/ibm/saml20/defaultSP/samlmetadata
The service provider metadata URL endpoint provides configuration information for the service provider. You can download the metadata for the service provider on a browser with the service provider metadata URL. Further, you can provide the service provider metadata URL to the SAML identity provider to establish a federation between the service provider and identity provider.
Custom configuration
You can disable the default service provider instance when you add the following code to the server.xml
file:
<samlWebSso20 id="defaultSP" enabled="false"/>
<samlWebSso20 id="newSP" allowCustomCacheKey="false"/>
Thus, you can disable the default defaultSP
service provider instance, and configure the new newSP
service provider instance.