posted 15 years ago
We have a Weblogic server 9.2.2 and grant access to protected web pages using javax.servlet.Filter. The only login to the Security Realm is the console.
That works fine.
But now we want to provide SAML assertions so users can access other systems with SSO. In the past we've used a variety of techniques like posting, custom web services, etc. Now we'd like to use SAML. Weblogic only wants to assert users who are in the active realm (our users aren't in any realm at all - the Filter uses a cookie and the session).
I've read all sorts of Weblogic docs about custom mappers, custom login, etc., but can't seem to figure a workaround. Oracle support responded with "that sounds like a development issue and we only help with server errors".
So, this is my stab in the dark with my arcane Weblogic SAML question.
'Any ideas on how to get Weblogic Server to provide SAML assertions for users not in their realm? Perhaps some way to get it to see them as in the active realm without them having to log in (again)?
Thanks for any thoughts,
Mark
