Preparing Weblogic for the Shibboleth Identity Provider
These instructions were contributed via the user's mailing list. Subsequent attempts to use them have not resulted in a functional configuration. Therefore this doc should be taken only as a starting point. If you successfully manage to configure Weblogic please update these docs as needed and remove this warning.
Version Requirements/Recommendations
- Weblogic 10.0MP1 or greater (earlier versions may work as well)
- Java 5 or greater (recommended the Java JDK provided with the Weblogic)
Required Configuration Changes
- Endorse Xerces and Xalan:
- Copy the .jar files included in the IdP source
endorsed
directory into$JAVA_HOME/jre/lib/ext
directory. The XML libraries provided with Weblogic are not compatible with Shibboleth, but there is no harm endorsing the Shibboleth libraries by the JDK. - Create an XML Registry in Weblogic as defined below
- Copy the .jar files included in the IdP source
- Add the following parameters to the JAVA_OPTS environment variable (all ### is the amount of memory in megabytes to allow for the option):
- -Xmx###m - this is the maximum amount of memory that Weblogic may use, at least 512M is recommended
- -XX:MaxPermSize=###m - (Sun JVM specific option) the maximum amount of memory allowed for the permanent generation object space. Set this to half of the maximum memory (specified above).
- Enable SSL on Weblogic; this is required as some operations require the use of SSL
- Edit the Server settings using Weblogic administration console for the Weblogic server running the IDP
- Enable SSL on the desired port (by default 7002) and make sure the Keystores contains the correct information; by default this is the Demo Identity and Trust store
Create XML Registry
In the Weblogic administration console, under Services/XML Registries,
- Lock & Edit the configuration and create a new Registry using the following information:
- Name: Apache Xerces/Xalan Registry
- SAX Parser Factory: org.apache.xerces.jaxp.SAXParserFactoryImpl
- Transformer Factory: org.apache.xalan.processor.TransformerFactoryImpl
- Enable the Registry for the Weblogic server you want to deploy the IDP, by specifying it in the Target deployment tab
- Apply the changes and restart the Weblogic server (in order to take those changes into account)
- Redeploy the idp.war using the administration console under Deployments
If the above have been completed successfully, the server should reply with the typical OK message on the address https://server:SSLport/idp/profile/Status