SAML Web Single Sign-On

This feature enables web applications to use SAML web single sign-on version 2.0 function.

Enabling this feature

To enable the SAML Web Single Sign-On 2.0 feature, add the following element declaration into your server.xml file, inside the featureManager element:



Default configuration

Open Liberty provides a default configuration of the SAML Web Single Sign-on feature after the feature is enabled. The SAML Web Single Sign-on feature activates the following two endpoints:

  • https://<hostname>:<sslport>/ibm/saml20/defaultSP/acs

    The AssertionConsumerService URL endpoint on the service provider point of contact server receives assertions from the identity provider.

  • https://<hostname>:<sslport>/ibm/saml20/defaultSP/samlmetadata

    The service provider metadata URL endpoint provides configuration information for the service provider. You can download the metadata for the service provider on a browser with the service provider metadata URL. Further, you can provide the service provider metadata URL to the SAML identity provider to establish a federation between the service provider and identity provider.

Custom configuration

You can disable the default service provider instance when you add the following code to the server.xml file:

<samlWebSso20 id="defaultSP" enabled="false"/>

<samlWebSso20 id="newSP" allowCustomCacheKey="false"/>

Thus, you can disable the default defaultSP service provider instance, and configure the new newSP service provider instance.

Features that this feature enables

Supported Java versions

  • JavaSE-1.8

  • JavaSE-11.0

  • JavaSE-17.0

Features that enable this feature

Developing a feature that depends on this feature

If you are developing a feature that depends on this feature, include the following item in the Subsystem-Content header in your feature manifest file.; type="osgi.subsystem.feature"