1. Developing Applications with Oracle Security Developer Tools
  2. Oracle SAML

8 Oracle SAML

Oracle SAML allows Java developers to develop cross-domain single sign-on and federated access control solutions that conform to the SAML 1.0/1.1 and SAML 2.0 specifications.

This chapter contains the following topics:

8.1 Oracle SAML Features and Benefits

The Oracle SAML SDK provides a Java API with supporting tools, documentation, and sample programs to assist developers of SAML-compliant Java security services. Oracle SAML can be integrated into existing Java solutions, including applets, applications, EJBs, servlets, and JSPs.

Oracle SAML provides the following features:

  • Support for the SAML 1.0/1.1 and 2.0 specifications

  • Support for SAML-based single sign-on (SSO), Attribute, Metadata, Enhanced Client Proxy, and federated identity profiles

See Also:

For more information and links to these specifications and related documents, see References.

8.2 Oracle SAML 1.0/1.1

Oracle SAML 1.0/1.1 conforms to the SAML 1.0/1.1 specifications. You can set up your environment for Oracle SAML 1.0/1.1 toolkit, and use its classes and interfaces.

It contains the following topics:

8.2.1 Oracle SAML 1.0/1.1 Packages

The Oracle SAML Java API contains the following packages for creating SAML 1.0/1.1-compliant Java applications: oracle.security.xmlsec.saml and oracle.security.xmlsec.samlp

oracle.security.xmlsec.saml

This package contains classes that support SAML assertions.

oracle.security.xmlsec.samlp

This package contains classes that support the SAML request and response protocol (SAMLP).

8.2.2 Setting Up Your Oracle SAML 1.0/1.1 Environment

You can setup Oracle SAML environment by installing Oracle Security Developer Tools and Java Development Kit (JDK), and setting the CLASSPATH variable to all of the required jar and class files.

The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME.

In order to use Oracle SAML, your system must have the Java Development Kit (JDK) version 17 or higher.

Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:

  • osdt_core.jar

  • osdt_cert.jar

  • osdt_xmlsec.jar

  • osdt_saml.jar

  • The org.jaxen_1.1.1.jar file (Jaxen XPath engine, included with your Oracle XML Security distribution)

See Setting the CLASSPATH Environment Variable for configuration details.

8.2.3 Classes and Interfaces of Oracle SAML 1.x

Oracle SAML 1.0/1/1 contains multiple core classes to create SAML assertions, requests, and responses. It contains supporting interfaces which define URI string constants for algorithms, namespaces, and objects. It also contains a supporting class that is base class for all the SAML and SAML extension messages.

This section provides information and code samples for using the classes and interfaces of Oracle SAML 1.0/1.1. It contains these topics:

8.2.3.1 Core Classes of Oracle SAML 1.x

SAML assertions, requests, and responses are created with the Oracle SAML API.

This section provides a brief overview of the core SAML and SAMLP 1.0/1.1 classes with some brief code examples.

Topics include:

8.2.3.1.1 Using the oracle.security.xmlsec.saml.SAMLInitializer Class

This class initializes the Oracle SAML toolkit. By default Oracle SAML is automatically initialized for SAML v1.0. You can also initialize Oracle SAML for a specific version of the SAML specification. When the initialize method is called for a specific version, previously initialized versions will remain initialized.

This example shows how to initialize the SAML toolkit for SAML v1.0 and SAML v1.1.

// initializes for SAML v1.1
SAMLInitializer.initialize(1, 1); 
// initializes for SAML v1.0, done by default
SAMLInitializer.initialize(1, 0);
8.2.3.1.2 Using the oracle.security.xmlsec.saml.Assertion Class

This class represents the Assertion element of the SAML Assertion schema.

This example shows how to create a new Assertion element and append it to an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;
Assertion assertion = new Assertion(doc);
doc.getDocumentElement().appendChild(assertion);

This example shows how to obtain Assertion elements from an XML document. 

Document doc = Instance of org.w3c.dom.Document;

// Get a list of all Assertion elements in the document

NodeList assrtList = 
    doc.getElementsByTagNameNS(SAMLURI.ns_saml, "Assertion");
if (assrtList.getLength() == 0)
    System.err.println("No Assertion elements found.");

// Convert each org.w3c.dom.Node object to a 
// oracle.security.xmlsec.saml.Assertion object and process

for (int s = 0, n = assrtList.getLength(); s < n; ++s)
{
    Assertion assertion = new Assertion((Element)assrtList.item(s));
    // Process Assertion element
    ...
}
8.2.3.1.3 Using the oracle.security.xmlsec.samlp.Request Class

This class represents the Request element of the SAML Protocol schema.

This example shows how to create a new Request element and append it to an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;
Request request = new Request(doc);
doc.getDocumentElement().appendChild(request);

This example shows how to obtain Request elements from an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;

// Get a list of all Request elements in the document

NodeList reqList = 
    doc.getElementsByTagNameNS(SAMLURI.ns_samlp, "Request");
if (reqList.getLength() == 0)
    System.err.println("No Request elements found.");

// Convert each org.w3c.dom.Node object to a 
// oracle.security.xmlsec.samlp.Request object and process

for (int s = 0, n = reqList.getLength(); s < n; ++s)
{
    Request request = new Request((Element)reqList.item(s));
    // Process Request element
    ...
}
8.2.3.1.4 Using the oracle.security.xmlsec.samlp.Response Class

This class represents the Response element of the SAML Protocol schema.

This example shows how to create a Response element and append it to an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;
Response response = new Response(doc);
doc.getDocumentElement().appendChild(response);

This example shows how to obtain Response elements from an existing XML document.

Document doc = Instance of org.w3c.dom.Document;

// Get a list of all Response elements in the document

NodeList respList = 
    doc.getElementsByTagNameNS(SAMLURI.ns_samlp, "Response");
if (respList.getLength() == 0)
    System.err.println("No Response elements found.");

// Convert each org.w3c.dom.Node object to a 
// oracle.security.xmlsec.samlp.Response object and process

for (int s = 0, n = respList.getLength(); s < n; ++s)
{
    Response response = new Response((Element)respList.item(s));
    // Process Response element
    ...
}
8.2.3.2 Supporting Classes and Interfaces

This section provides an overview of the supporting classes and interfaces of Oracle SAML 1.0/1.1:

8.2.3.2.1 Using the oracle.security.xmlsec.saml.SAMLURI Interface

This interface defines URI string constants for algorithms, namespaces, and objects. The following naming conventions are used:

  • Action Namespace URIs defined in the SAML 1.0 specifications begin with action_ .

  • Authentication Method Namespace URIs defined in the SAML 1.0 specifications begin with authentication_method_ .

  • Confirmation Method Namespace URIs defined in the SAML 1.0 specifications begin with confirmation_method_ .

  • Namespace URIs begin with ns_ .

8.2.3.2.2 Using the oracle.security.xmlsec.saml.SAMLMessage Class

This is the base class for all the SAML and SAML extension messages that may be signed and contain an XML-DSIG (digital signature) structure.

8.2.4 The Oracle SAML 1.0/1.1 Java API Reference

The Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools guide explains the classes, interfaces, and methods available in Oracle SAML 1.0/1.1 API.

You can access this guide at:

Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools

8.3 Oracle SAML 2.0

Oracle SAML 2.0 conforms to the SAML 2.0 specifications. You can set up your environment for Oracle SAML 2.0 toolkit, and use its classes and interfaces.

It contains the following topics:

8.3.1 Oracle SAML 2.0 Packages

Oracle SAML 2.0 API contains multiple packages with classes to support SAML assertions, SAML request and response protocol (SAMLP), and SAML authentication.

The Oracle SAML Java API contains the following packages for creating SAML 2.0-compliant Java applications:

oracle.security.xmlsec.saml2.core

This package contains classes that support SAML assertions.

oracle.security.xmlsec.saml2.protocol

This package contains classes that support the SAML request and response protocol (SAMLP).

oracle.security.xmlsec.saml2.ac

This package contains classes that support the SAML authentication context basic types.

oracle.security.xmlsec.saml2.ac.classes

This package contains classes that support various SAML authentication context classes.

oracle.security.xmlsec.saml2.metadata

This package contains classes that support the SAML metadata.

oracle.security.xmlsec.saml2.profiles.attributes

This package contains classes that support various SAML attribute profiles.

oracle.security.xmlsec.saml2.profiles.sso.ecp

This package contains classes that support the SAML ECP SSO profile.

8.3.2 Setting Up Your Oracle SAML 2.0 Environment

You can setup Oracle SAML environment by installing Oracle Security Developer Tools and Java Development Kit (JDK), and setting the CLASSPATH variable to all of the required jar and class files.

The Oracle Security Developer Tools are installed with Oracle WebLogic Server in ORACLE_HOME.

In order to use Oracle SAML, your system must have the Java Development Kit (JDK) version 17 or higher.

Your CLASSPATH environment variable must contain the full path and file names to all of the required jar and class files. Make sure the following items are included in your CLASSPATH:

  • osdt_core.jar

  • osdt_cert.jar

  • osdt_xmlsec.jar

  • osdt_saml.jar

  • The org.jaxen_1.1.1.jar file (Jaxen XPath engine, included with your Oracle XML Security distribution)

For example, your CLASSPATH might look like this: 

%CLASSPATH%;%ORACLE_HOME%\modules\oracle.osdt\osdt_core.jar;
%ORACLE_HOME%\modules\oracle.osdt\osdt_cert.jar;
%ORACLE_HOME%\modules\oracle.osdt\osdt_xmlsec.jar;
%ORACLE_HOME%\modules\oracle.osdt\osdt_saml.jar;
%ORACLE_HOME%\modules\oracle.osdt\osdt_saml2.jar;
%ORACLE_HOME%\modules\org.jaxen_1.1.1.jar;

See Setting the CLASSPATH Environment Variable for configuration details.

8.3.3 Classes and Interfaces of Oracle SAML 2.0

Oracle SAML 2.0 contains multiple core classes to create SAML assertions, requests, and responses. It contains supporting interfaces which define URI string constants for algorithms, namespaces, and objects.

This section provides information and code samples for using the classes and interfaces of Oracle SAML 2.0. It contains these sections:

8.3.3.1 Core Classes of Oracle SAML 2.0

Core classes of the Oracle SAML 2.0 API enable you to create assertions, requests, and responses.

This section provides an overview of the core SAML and SAMLP classes with some brief code examples. Topics are:

8.3.3.1.1 Using the oracle.security.xmlsec.saml2.core.Assertion Class

This class represents the Assertion element of the SAML Assertion schema.

This example shows how to create a new Assertion element and append it to an existing XML document.

Document doc = Instance of org.w3c.dom.Document;
Assertion assertion = new Assertion(doc);
doc.getDocumentElement().appendChild(assertion);

This example shows how to obtain Assertion elements from an XML document.

// Get a list of all Assertion elements in the document
 
NodeList assrtList = 
    doc.getElementsByTagNameNS(SAML2URI.ns_saml, "Assertion");
if (assrtList.getLength() == 0)
    System.err.println("No Assertion elements found.");
 
// Convert each org.w3c.dom.Node object to a 
// oracle.security.xmlsec.saml2.core.Assertion object and process
 
for (int s = 0, n = assrtList.getLength(); s < n; ++s)
{
    Assertion assertion = new Assertion((Element)assrtList.item(s));
    // Process Assertion element
    ...
}
8.3.3.1.2 Using the oracle.security.xmlsec.saml2.protocol.AuthnRequest Class

This class represents the AuthnRequest element of the SAML Protocol schema.

This example shows how to create a new AuthnRequest element and append it to an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;
AuthnRequest request = new AuthnRequest(doc);
doc.getDocumentElement().appendChild(response);

This example shows how to obtain AuthnRequest elements from an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;

// Get a list of all AuthnRequest elements in the document
 
NodeList reqList = 
    doc.getElementsByTagNameNS(SAML2URI.ns_samlp, "AuthnRequest");
if (reqList.getLength() == 0)
    System.err.println("No Request elements found.");
 
// Convert each org.w3c.dom.Node object to a 
// oracle.security.xmlsec.saml2.protocol.AuthnRequest 
// object and process
 
for (int s = 0, n = reqList.getLength(); s < n; ++s)
{
    AuthnRequest request = new AuthnRequest((Element)reqList.item(s));
    // Process Request element
    ...
}
8.3.3.1.3 Using the oracle.security.xmlsec.saml2.protocol.StatusResponseType Class

This class represents the Response element of the SAML Protocol schema.

The samlp:StatusResponseType element is a base type representing an extension point for the SAML 2.0 protocols. The various protocols defined in the SAML 2.0 specification use sub-types such as samlp:Response or samlp:LogoutResponse.

This example shows how to create a Response element and append it to an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;
Response response = new Response(doc);
doc.getDocumentElement().appendChild(response);

This example shows how to obtain Response elements from an existing XML document. 

Document doc = Instance of org.w3c.dom.Document;

// Get a list of all Response elements in the document
 
NodeList respList = 
    doc.getElementsByTagNameNS(SAML2URI.ns_samlp, "Response");
if (respList.getLength() == 0)
    System.err.println("No Response elements found.");
 
// Convert each org.w3c.dom.Node object to a 
// oracle.security.xmlsec.saml2.protocol.Response object and process
 
for (int s = 0, n = respList.getLength(); s < n; ++s)
{
    Response response = new Response((Element)respList.item(s));
    // Process Response element
    ...
}
8.3.3.2 Supporting Classes and Interfaces

This section provides an overview of the supporting classes and interfaces of Oracle SAML 2.0. It includes:

8.3.3.2.1 Using the oracle.security.xmlsec.saml2.util.SAML2URI Interface

This interface defines URI string constants for algorithms, namespaces, and objects. The interface uses these naming conventions:

  • Action namespace URIs defined in the SAML 1.0/1.1/2.0 specifications begin with action_ .

  • Authentication method namespace URIs defined in the SAML 1.0/1.1/2.0 specifications begin with authentication_method_.

  • Confirmation method namespace URIs defined in the SAML 1.0/1.1/2.0 specifications begin with confirmation_method_ .

  • Namespace URIs begin with ns_.

8.3.4 The Oracle SAML 2.0 Java API Reference

The Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools guide explains the classes, interfaces, and methods available in Oracle SAML 2.0 API.

The Oracle SAML Java API reference (Javadoc) is available at:

Oracle Fusion Middleware Java API Reference for Oracle Security Developer Tools