The SAML assertion provider validates a client's identity by mapping a client-supplied token to a user name.

To create a SAML assertion provider for PDC:

1. Log in to PDC WebLogic Server Administration Console.

2. In the Domain Structure section, click the Security Realms link.

   The Summary of Security Realms page appears.

3. Click the myrealm link.

   The Settings for myrealm page appears.

4. Click the Providers tab and then click the Authentication subtab.

5. Click New.

   The Create a New Authentication Provider page appears.

6. In the Name field, enter samlPDC.

7. From the Type list, select SAML2IdentityAsserter.

8. Click OK.

9. Activate your changes and then restart WebLogic Server.

10. Click the Providers tab and then click the Authentication subtab.

11. In the Authentication Providers table, click the samlPDC link.

    The Settings for samlPDC appears.

12. Click the Management tab.

13. In the table under Identity Provider Partners, click New and then New Web Single Sign-On Identity Provider Partner.

14. In the Create a SAML 2.0 Web Single Sign-on Identity Provider Partner page, do the following:

    • In the Name field, enter WebSSO-IdP-Partner-1.

    • In the Path field, specify or browse to the full path of the metadata partner file.

    • Click OK.

15. In the Identity Provider Partners table, click WebSSO-IdP-Partner-1.

16. Select the Enabled, Virtual User, and Process Attributes checkboxes.

17. In Redirect URIs, enter /pdc/*.

18. Click Save.

19. Verify the Identity Provider details in the Site Info and Single Sign-on Signing Certificate tabs.

The SAML authenticator verifies the identity of users or system processes, and makes identity information available to PDC when that information is needed.

To create a SAML authenticator for PDC:

1. Log in to PDC WebLogic Server Administration Console.

2. In the Domain Structure section, click the Security Realms link.

   The Summary of Security Realms page appears.

3. Click the myrealm link.

   The Settings for myrealm page appears.

4. Click the Providers tab and then click the Authentication subtab.

5. Click New.

   The Create a New Authentication Provider page appears.

6. In the Name field, enter samlPDCAuth.

7. From the Type list, select SAMLAuthenticator.

8. Click OK.

9. Click the samlPDCAuth link and then set Control Flag to SUFFICIENT.

10. Click Save.

11. Click the DefaultAuthenticator link and then set Control Flag to SUFFICIENT.

12. Click Save.

13. In the Settings for myrealm page, click Reorder.

14. Arrange the providers in the following order:

    • samlPDCAuth

    • samlPDC

    • DefaultAuthenticator

    • DefaultIdentityAsserter

15. Click OK.

16. In the Change Center, click Activate Changes.

To perform SAML 2.0 general configurations:

1. Log in to PDC WebLogic Server Administration Console.

2. In the Domain Structure section, click Environment, Servers, and then AdminServer.

   The Settings for AdminServer page appears.

3. Select Configuration, Federation Services, and then SAML 2.0 General.

4. In the Site Info section, enter the following information about your SAML 2.0 site:

   • Published Site URL: Enter http://pdc_hostname:port/saml2, where pdc_hostname is the PDC application host and port is the port on which PDC is listening on.

   • Entity ID: Enter samlPDC.

5. Click Save.

6. Activate your changes and then restart WebLogic Server.

To configure the SAML service provider:

1. Log in to PDC WebLogic Server Administration Console.

2. In the Domain Structure section, click Environment, Servers, and then AdminServer.

   The Settings for AdminServer page appears.

3. Select Configuration, Federation Services, and then SAML 2.0 Service Provider.

4. Select the Enabled checkbox.

5. From the Preferred Binding list, select POST.

6. In the Default URL field, enter http://pdc_hostname:port/pdc/faces/oracle/communications/brm/pdc/ui/pages/login.jspx, where pdc_hostname is the PDC application host and port is the port on which PDC is listening on.

7. Activate your changes and then restart WebLogic Server.

To publish the service provider metadata:

1. Log in to WebLogic Server Administration Console.

2. In the Domain Structure section, click Environment, Servers, and then AdminServer.

   The Settings for AdminServer page appears.

3. Click Configuration, Federation Services, and then SAML 2.0 General.

4. Click Publish Meta Data.

   The Publish SAML 2.0 Meta Data page appears.

5. In the Path field, enter the full path and name of the spmeta.xml file.

6. Click OK.

To update your deployment plan for PDC:

1. Create a new plan.xml file with the PDC deployment plan, or edit your existing plan.xml file.

2. In the file, add a logoutURL variable set to your identity provider (IDP) logout URL:

   <variable-definition>    
      <variable>      
         <name>logoutUrl</name>      
         <value>IDP_LOGOUT_URL</value>    
      </variable>  
   </variable-definition>

3. Add the following module-override element:

   <module-override>    
      <module-name>BPA.war</module-name>    
      <module-type>war</module-type>    
      <module-descriptor external="false">      
         <root-element>web-app</root-element>      
         <uri>WEB-INF/web.xml</uri>      
         <variable-assignment>        
            <name>logoutUrl</name>
            <xpath>/web-app/context-param/[param-name="loginURL"]/param-value</xpath>        
            <operation>replace</operation>      
         </variable-assignment>    
      </module-descriptor>   
   </module-override>

4. Save and close your plan.xml file.

5. Redeploy the PDC application with your new plan.xml file.

For more information about updating and deploying your deployment plan, see the "Create and Use a Deployment Plan in Oracle WebLogic Server" tutorial.