Open AM, and WebLogic Application Server - Single Sign On

Summary
Since OpenAM(previously OpenSSO), and WebLogic Application Server 10.x support SAML2.0, Single Sign On can be implemented using SAML 2.0.  A simple prototype was developed, and Single Sign On was implemented relatively easily.
Architecture

Open AM was deployed on Tomcat 6.0.20.  A basic secured J2EE application using form login, and role based authorization was deployed in WebLogic Application Server.  Circle of Trust was configured in Open AM with OpenAM on Tomcat as Identity Asserter, WebLogic Application Server as Service Provider.  SAML2Identity Asserter was configured in the realm->security->providers tab for authentication.
SAML2IdentityAsserterNameMapper
Name Mapper is required to decrypt the userid received from the Identity Asserter, and delegate the authorization to WebLogic Application Server.  While Open AM documentation is limited to Open AM implementation of Circle Of Trust, there was no mention of WebLogic Application Server, WebLogic documentation is spread across multiple documents, and is a little challenging to figure out the relevant parts of information.  Configuring the Name Mapper was challenging, as the debug messages, and error messages were at best clueless.
WebLogic requires that the Name Mapper class should implement the interface SAML2IdentityAsserterNameMapper.  Accordingly created a single class implementing the required interface, SAML2IdentityAsserterNameMapper.  The interface consists of single method, and the implementation is shown below:

    @Override
    public String mapNameInfo(SAML2NameMapperInfo saml2NameMapperInfo, ContextHandler arg1) {
        String user = saml2NameMapperInfo.getName();
        System.out.println(user);
        return user;
    }

That provided the userid, inplain text, and was usable by WebLogic Application Server for authorization.
Jar File Location
While developing code was no brainer with clear documentation, deploying the jar file in the correct location was a little challenging.  Tried copying the jar file into various locations with clueless error messages.  After digging deep into WebLogic documentation, finally found that the jar file should be placed in WebLogic's system classpath and accordingly modified the file <WL_HOME>\common\bin\commEnv.cmd and included the location of the jar file as part of the environment.  This enabled WebLogic to find the Name Mapper class, and specify the Name Mapper while configuring the Identity Asserter.
Incorrect Location of Jar File, and Error Messages
For any other location, the error messages in the console and log files were:

An error occurred during activation of changes, please see the log for details.

[Management:141191]The prepare phase of the configuration update failed with an exception:

SAMLBeanUpdateListener SAML2IdentityAsserter: prepareUpdate() failed with exception: [Security:096628]The value configured for NameMapper attribute: com.security.test.TesterImpl1 is not valid.

Go and figure out the meaning of the error messages.

Benefits of the Implementation

With this simple approach, secured J2EE application was accessible through SSO login, and also the form login without modifications to the existing war/ear.  Compared to OpenAM's Fedlet, and Agent Based approaches SAML2.0 provides a clean approach for Single Sign On without making any changes to existing applications, and enable Single Sign On.