SSO configuration in Agile 934 with SAML authentication

Is SAML integration feasible in Agile 934version? Looking for SAML authentication. SAML core services are enabled in 934, but how to use this in SSO setup.

Agile User Asked on January 27, 2016 in Others,   Tools.
Add Comment
7 Answer(s)

As I understand you need to customize the weblogic authenticator to use your authentication mechanisms.

Agile Angel Answered on January 28, 2016.
Add Comment

Thanks Sankar. But any idea is this implemented anywhere?

Agile User Answered on January 29, 2016.
Add Comment

https://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#SECMG220

Here you can find a step by step for SAML 1

Hoe that it is helpful

Agile Angel Answered on February 1, 2016.
Add Comment

Thanks Antonio.This link is really helpful. Now I got an idea of Service Provider Configuration and publishing SP metadata. Along with this, do we need to write any webservice for redirecting URL to SAML service when user invoked Agile URL? Or it can work with just configuration?

Agile User Answered on February 3, 2016.
Add Comment

It should be done automatically by Weblogic.
Configuring Weblogic, when user tries to call Agile (that is inside Weblogic) with the standard link, the WebLogic Web Services Security (using the bean SAML2IdentityAsserter) will be able to complete the SSO and go ahead with Agile request

Agile Angel Answered on February 3, 2016.
Add Comment

Thanks a lot Antonio. We are in the process of installing and deploying latest version of weblogic as well as Agile PLM. With your answer I am confident that, we can configure SSO with SAML authentication.

I appreciate, this is really great help 🙂

Agile User Answered on February 3, 2016.

You are welcome. 
Just to be sure, what I mentioned is was an old test that we did in our development environment with weblogic 12.1.1 and Agile 9.3.2 successfully but never used in production.
To be really sure before deploying any configuration in production system I suggest you to have a double check with Oracle Support to confirm that 🙂

on February 3, 2016.
Add Comment

Sure Antonio. We already contacted Oracle Support and confirmed that latest version of Agile supports SAML but there is no out of the box configuration is designed like OAM and Webgate authentication.

I need your help in understanding below questions. Please help

1. We tried initiation from IDP side instead of SP and what is assertion consumer service? Do we need to host any custom service to authorise users?

Please let me know.

Agile User Answered on February 9, 2016.

Hi Antonio,

Thanks a lot for the suggestion on configuring SSO on SAML based authentication. I am able to configure successfully and able to login to web client as well.But not able to login to Java client. I did password reset of user in agile db and tried with that password, still no luck. Please let me know how to login to java client. Getting below error in java client console when tried to login:

javax.naming.AuthenticationException: User: mhegde, failed to be authenticated. [Root exception is java.lang.SecurityException: User: mhegde, failed to be authenticated.]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
    at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:808)
    at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:697)
    at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:485)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
    at weblogic.jndi.Environment.getContext(Environment.java:319)
    at weblogic.jndi.Environment.getContext(Environment.java:288)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at com.agile.ui.java.security.weblogic.WeblogicSecurityAdapter.login(WeblogicSecurityAdapter.java:69)
    at com.agile.ui.java.data.pc.PCEJBUtil.<init>(PCEJBUtil.java:276)
    at com.agile.ui.java.data.pc.PCEJBUtil.createInstance(PCEJBUtil.java:238)
    at com.agile.ui.java.data.pc.PCEJBConnection.login(PCEJBConnection.java:905)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at com.agile.ui.java.data.pc.PCInterfaceFactory$1.invoke(PCInterfaceFactory.java:27)
    at com.sun.proxy.$Proxy1.login(Unknown Source)
    at com.agile.ui.pcclient.CommandLogin.doExecute(CommandLogin.java:118)
    at com.agile.ui.java.command.CommandManager$4.run(CommandManager.java:301)
    at foxtrot.AbstractWorkerThread$2.run(AbstractWorkerThread.java:49)
    at java.security.AccessController.doPrivileged(Native Method)
    at foxtrot.AbstractWorkerThread.runTask(AbstractWorkerThread.java:45)
    at foxtrot.workers.DefaultWorkerThread.run(DefaultWorkerThread.java:153)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.SecurityException: User: mhegde, failed to be authenticated.
    at weblogic.utils.StackTraceDisabled.unknownMethod()

on April 8, 2016.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.