saml on authentication

HI,

Let me know how to implement SSO using SAML 2.0. is it a free ware.
I have a web application, but i want to integrate with facebook and Oracle application,
when i  login to facebook, i could able to login to my web application also and also to
my oracle application, Let me the steps to do that

Thanks
roy_sanuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Likely you are looking at Oracle's Internet Identity Services. Mainly your Oracle appl becomes a relying party (RP) to support for Internet-based identity providers (IdP), in this case Facebook. You likely to have two use case namely

a) a Mobile and Social server and pls see the use case stated "37.6.1 Authenticating a Returning User With a Local Account" and "37.6.3 Using OAuth For Access Token Retrieval"

b) via a Webgate and Access Manager and pls see "37.6.4 Authenticating a User With Access Manager and Internet Identity Services"

But note that from the article, it stated the support for Facebook is OAuth2.0 instead of SAML. So having SSO using Oauth with Facebook is the part that is not known as SSO is mostly via SAML. Probably it is good to confirm with Oracle  support. The above is not so called free unless you are already subscribing those identity suite packages.
https://docs.oracle.com/cd/E27559_01/admin.1112/e27239/oicunderstandingoic.htm#AIAAG8548

This is a quick summary (see the diagram) to differentiate SAML and OAuth - http://developers.axiomatics.com/blog/index/entry/authentication-vs-authorization-part-2-saml-and-oauth.html

Just to share SAML is mostly for Enterprise SSO and OAuth is used delegated authorization of internet resources like via RESTful API required by an application making a call (on behalf of someone or something else) to likely a native app on a mobile device etc.

There is still SAML2 with SSO for Weblogic (assuming not getting Facebook) as shared in http://biemond.blogspot.sg/2009/09/sso-with-weblogic-1031-and-saml2.html

More SAML supported soln in http://en.wikipedia.org/wiki/SAML-based_products_and_services
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.