Typically by default, the SAML response wont have the IDP certificate in it.
if you encounter an issue saying that the Service provider is expecting a tag called <dsig:KeyInfo> in the SAML response, it means they are expecting IDP signing certificate to be sent in the SAML response.
Make the below changes on the OAM side to facilitate this.
1. SSH to OAM server
if you encounter an issue saying that the Service provider is expecting a tag called <dsig:KeyInfo> in the SAML response, it means they are expecting IDP signing certificate to be sent in the SAML response.
Make the below changes on the OAM side to facilitate this.
1. SSH to OAM server
2. Run the below commands
Ø $ORACLE_HOME/common/bin/wlst.sh
Ø
connect()
Ø
domainRuntime()
Ø
updatePartnerProperty(partnerName="<partner name>",
partnerType="sp",propName="includecertinsignature",propValue="true",type="boolean")
Make sure you replace <partner name> with the exact SP name you configured in OAM.
Test and it will now send the IDP certificate in the SAML assertion
No comments:
Post a Comment