Preparing Weblogic for the Shibboleth Identity Provider

These instructions were contributed via the user's mailing list. Subsequent attempts to use them have not resulted in a functional configuration. Therefore this doc should be taken only as a starting point. If you successfully manage to configure Weblogic please update these docs as needed and remove this warning.

Version Requirements/Recommendations

  • Weblogic 10.0MP1 or greater (earlier versions may work as well)
  • Java 5 or greater (recommended the Java JDK provided with the Weblogic)

Required Configuration Changes

  1. Modify the idp.war file.
    Extract the war file (<shibboleth_home/war/idp.war) to a directory (i.e. (<shibboleth_home>/war/idp). And open the directory <shibboleth_home>/war/idp/WEB-INF. In this directory you will need to create a file named "weblogic.xml". The content of this file is:
    <?xml version="1.0" encoding="UTF-8"?>
  2. Endorse Xerces and Xalan:
    1. Copy the .jar files included in the IdP source endorsed directory into $JAVA_HOME/jre/lib/ext directory. The XML libraries provided with Weblogic are not compatible with Shibboleth, but there is no harm endorsing the Shibboleth libraries by the JDK.
    2. Create an XML Registry in Weblogic as defined below
  3. Add the following parameters to the JAVA_OPTS environment variable (all ### is the amount of memory in megabytes to allow for the option):
    • -Xmx###m - this is the maximum amount of memory that Weblogic may use, at least 512M is recommended
    • -XX:MaxPermSize=###m - (Sun JVM specific option) the maximum amount of memory allowed for the permanent generation object space. Set this to half of the maximum memory (specified above).
  4. Enable SSL on Weblogic; this is required as some operations require the use of SSL
    1. Edit the Server settings using Weblogic administration console for the Weblogic server running the IDP
    2. Enable SSL on the desired port (by default 7002) and make sure the Keystores contains the correct information; by default this is the Demo Identity and Trust store

Create XML Registry

In the Weblogic administration console, under Services/XML Registries,

  1. Lock & Edit the configuration and create a new Registry using the following information:
    • Name: Apache Xerces/Xalan Registry
    • SAX Parser Factory: org.apache.xerces.jaxp.SAXParserFactoryImpl
    • Transformer Factory: org.apache.xalan.processor.TransformerFactoryImpl
  2. Enable the Registry for the Weblogic server you want to deploy the IDP, by specifying it in the Target deployment tab
  3. Apply the changes and restart the Weblogic server (in order to take those changes into account)
  4. Redeploy the idp.war using the administration console under Deployments

If the above have been completed successfully, the server should reply with the typical OK message on the address https://server:SSLport/idp/status