To Configure OpenSSO Enterprise to Use Liberty ID-WSF 1.1 Profiles (Sun OpenSSO Enterprise 8.0 Developer's Guide)

Sun OpenSSO Enterprise 8.0 Developer's Guide

To Configure OpenSSO Enterprise to Use Liberty ID-WSF 1.1 Profiles

Don't use the Liberty ID-FF sample as it does not configure a signing key.
If both machines are in the same domain, change the cookie name on one of them to avoid cookie conflict.

Install OpenSSO Enterprise on two different machines.

Test the installations by logging in to the console at http://server:port/opensso/UI/Login.

Configure one instance of OpenSSO Enterprise as a Liberty ID-FF identity provider.
1. Login to the OpenSSO Enterprise console.
2. Click the Federation tab.
3. Click New under Entity Providers.
  
  The Create IDFF Entity Provider page is displayed.
4. Enter a value for the Entity Identifier attribute on the Create IDFF Entity Provider page.
5. Under Identity Provider, enter values for Meta Alias, Signing Certificate Alias, and Encryption Certificate Alias and click Create to create the identity provider metadata.
6. Using ssoadm.jsp, export the identity provider metadata.

Configure the second instance of OpenSSO Enterprise as a Liberty ID-FF service provider.
1. Login to the OpenSSO Enterprise console.
2. Click the Federation tab.
3. Click New under Entity Providers.
  
  The Create IDFF Entity Provider page is displayed.
4. Enter a value for the Entity Identifier attribute on the Create IDFF Entity Provider page.
5. Under Service Provider, enter values for Meta Alias, Signing Certificate Alias, and Encryption Certificate Alias and click Create to create the service provider metadata.
6. Using ssoadm.jsp, export the service provider metadata.

Exchange the standard metadata files and import the identity provider metadata onto the service provider machine and the service provider metadata onto the identity provider machine.

Create a circle of trust that includes the Entity Identifier for both providers on each machine.

Login to the instance of OpenSSO Enterprise acting as the identity provider.
1. Click the Web Services tab.
2. Click the Discovery Service tab.
3. Scroll down to Resource Offerings for Bootstrapping.
4. Click urn:liberty:disco:2003-08.
  
  The Edit Resource Offerings page is displayed.
5. Remove the default value of Service Type.
6. Add urn:liberty:security:2005-02:null:X509.
7. Change the value of the Provider ID attribute to the entity identifier of the identity provider.
8. Click Save.
  
  The Discovery Service page is displayed.
9. Scroll down to the Classes for ResourceID Mapper Plug-in attribute.
10. Click the link that is the value of the Provider ID.
  
  The Edit Resource ID Mapping page is displayed.
11. Change the value of the Provider ID attribute to the entity identifier of the identity provider.
12. Click Save.
  
  The Discovery Service page is displayed.
13. Click the Configuration tab.
14. Click the Global tab.
15. Click the Liberty ID-WSF Security Service link.
  
  The Liberty ID-WSF Security Service page is displayed.
16. Enter test as the value for the following attributes and click Save.
  - Default WSC Certificate alias
  - Trusted Authority signing certificate alias
  - Trusted CA signing certificate aliases
  Note –
  test is the default self-signed certificate shipped with OpenSSO Enterprise. Use your own key and CA name for your customized deployment.
17. Log out of the console and restart the identity provider instance to allow the changes to take effect.

Login to the instance of OpenSSO Enterprise acting as the service provider.
1. Click the Web Services tab.
2. Under the Personal Profile tab, change the value of the Provider ID attribute to the entity identifier of the service provider and click Save.
3. Click the SOAP Binding Service tab.
4. Scroll down, enable 1.1 as the value of the Liberty Identity Web Services Version attribute and click Save.
5. Click the Configuration tab.
6. Click the Global tab.
7. Click the Liberty ID-WSF Security Service link.
  
  The Liberty ID-WSF Security Service page is displayed.
8. Enter test as the value for the following attributes and click Save.
  - Default WSC Certificate alias
  - Trusted Authority signing certificate alias
  - Trusted CA signing certificate aliases
  Note –
  test is the default self-signed certificate shipped with OpenSSO Enterprise. Use your own key and CA name for your customized deployment.
9. Log out of the console and restart the service provider instance to allow the changes to take effect.