Previous Topic: Configure Required General InformationNext Topic: Determine Digital Signing Options


Set a Password for SAML Artifact Back Channel Authentication

If you use the HTTP-Artifact binding for SAML 2.0 single sign-on, the assertion is sent from the Identity Provider, across a secure back channel, to the Service Provider. You need to configure a password for the Service Provider to be granted access to the Artifact Resolution Service, which will resolve the artifact and retrieve the assertion.

Note: The password is only relevant if you use Basic or Basic over SSL as the authentication method across the back channel; however, you must configure a password regardless of which authentication method you plan to use.

To configure a password for HTTP-Artifact binding:

  1. Open the SAML Service Provider Properties dialog.
  2. On the General tab, click Configure Backchannel Authentication.

    The Backchannel Properties dialog opens.

    Note: The Configure Backchannel Authentication button is only active if you select HTTP-Artifact on the SSO tab.

  3. Enter a value for the following fields:
  4. Click OK.

    You return to the SAML Service Provider Properties dialog.

WebLogic Configuration Required for Back Channel Authentication

At the Identity Provider, the Web Agent Option Pack can be installed on a WebLogic 9.2.x application server. For basic authentication across the back channel to work with this server, modify the WebLogic config.xml file.

In the WebLogic config.xml file for the application domain, set the <enforce-valid-basic-auth-credentials> within the <security-configuration> element as follows:

<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>