2 Replies Latest reply: Aug 30, 2012 5:01 AM by Luis RSS

    Is it possible to export the SAML 2.0 server properties with WLST?

    Luis
      Hi everybody,

      In order to automate my SAML2 configuration I am wondering is it would be possible to export the SAML 2.0 server properties using a WLST script? I would like to get the same file as when I use "Publish Meta Data" button in the "SAML 2.0 General" tab (servers-->serverX-->Configuration-->Federation Services-->SAML 2.0 General)

      Thanks in advance,

      Luis
        • 1. Re: Is it possible to export the SAML 2.0 server properties with WLST?
          Luis
          Hi everybody,

          In the meantime I have developed a jython script that create the WebSSOSPPartner and added to the credential mapper:

          from com.bea.security.saml2.providers.registry import *

          #######################################################
          # Connect
          # Declare wls admin user and password
          wlsUserID='weblogic'
          wlsPassword='welcome1'
          # We have to manage from taken these vars encripted like in the startManagedWeblogic.sh (taken from security/boot.properties)
          connect(wlsUserID, wlsPassword, url='t3://localhost:7001', adminServerName='AdminServer')

          serverConfig()

          #######################################################
          # Create and setup the Service Provider Partner ("relying party")

          # Get our security default realm ("myrealm")
          cd('SecurityConfiguration')
          cd('mydomain')
          rlm=cmo.findDefaultRealm()

          # Get the CredentialMapper (com.bea.security.saml2.providers.SAML2CredentialMapper)
          cm=rlm.lookupCredentialMapper('testForJython3')

          # Create a new WebSSOSPPartner (com.bea.security.saml2.providers.registry.WebSSOSPPartner)
          webSSOspPartner=cm.newWebSSOSPPartner()

          # Set properties. Note: find out how to use import...
          webSSOspPartner.setName('webSSOspPartnerTestForJython')
          webSSOspPartner.setDescription('setting through jython')
          webSSOspPartner.setEntityID('https://myhost.mydomain.com/myhost_mydomain_com_sample_weblogic_app_2/')
          # Set the X509 certificate
          fileCert=java.io.FileInputStream('/home/luis/DEVELOPING/TEMP/demoidentityFromSPxml')
          cf=java.security.cert.CertificateFactory.getInstance('X.509')
          cert=cf.generateCertificate(fileCert)
          webSSOspPartner.setSSOSigningCert(cert)
          fileCert.close()
          # Artifact Resolution Service
          #ars=com.bea.security.saml2.providers.registry.IndexedEndpointImpl()
          ars=IndexedEndpointImpl()
          ars.setLocation('https://myhost.mydomain.com/saml2/sp/ars/soap')
          ars.setBinding(Endpoint.SOAP_BINDING)
          ars.setDefault(true)
          ars.setIndex(0)
          webSSOspPartner.setArtifactResolutionService([ars])
          # Assertion Consumer Service
          #acs1=com.bea.security.saml2.providers.registry.IndexedEndpointImpl()
          acs1=IndexedEndpointImpl()
          acs1.setLocation('https://myhost.mydomain.com/saml2/sp/acs/artifact')
          acs1.setBinding(Endpoint.HTTP_ARTIFACT_BINDING)
          acs1.setDefault(false)
          acs1.setIndex(0)
          #acs2=com.bea.security.saml2.providers.registry.IndexedEndpointImpl()
          acs2=IndexedEndpointImpl()
          acs2.setLocation('https://myhost.mydomain.com/saml2/sp/acs/post')
          acs2.setBinding(Endpoint.HTTP_POST_BINDING)
          acs2.setDefault(false)
          acs2.setIndex(1)
          webSSOspPartner.setAssertionConsumerService([acs1,acs2])
          # Other properties
          webSSOspPartner.setOrganizationName('IT')
          webSSOspPartner.setOrganizationURL('http://mydomain.com')
          webSSOspPartner.setContactPersonType('technical')
          webSSOspPartner.setContactPersonCompany('mydomain')
          webSSOspPartner.setContactPersonGivenName('MyName')
          webSSOspPartner.setContactPersonSurName('Surname')
          webSSOspPartner.setContactPersonEmailAddress('myname@mydomain.ch')
          webSSOspPartner.setContactPersonTelephoneNumber('000')
          # Enable
          webSSOspPartner.setEnabled(true)
          cm.addSPPartner(webSSOspPartner)

          But I am still interested in the export functionality.

          Thanks in advance,

          Luis
          • 2. Re: Is it possible to export the SAML 2.0 server properties with WLST?
            Luis
            Hello there,

            Just do this:

            #######################################################
            # Navigates to the last MBean to which you navigated in the configuration MBean hierarchy or to the root of the hierarch
            serverRuntime()

            # Cding to your SSO runtime server configuration MBEAN
            cd('/SingleSignOnServicesRuntime/' + serverName)

            # Just export the metadata to the file. WLS must be allowed to write in that location
            cmo.publish(originalMetadataPath)

            Hope it helps,

            Luis