To Enable Load Balancer Support

1. Install OpenSSO Enterprise and follow the documentation to set up a load balancer.

   Load balancing information for OpenSSO Enterprise can be found in Configuring the Directory Server Load Balancer in Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0.

2. Create an identity provider or a service provider through the OpenSSO Enterprise Console or with the ssoadm CLI.

   • Use the load balancer URL, not the server URL, to access the console. For information on creating an entity provider, see To Create a SAMLv2 Entity Provider.

   • To create the provider through the command line, see Managing Federation Using ssoadm.

3. On any service provider machines, copy the metadata configuration files into the same directory and rename as follows:

   • spMeta.xml to spMeta.xml.lb

   • spExtended.xml to spExtended.xml.lb

4. Edit the new service provider load balancer metadata configuration files as follows:

   • Change the host name of the service provider to that of the load balancer on the service provider side.

   • Change the protocol on the service provider side.

   • Change the port of the service provider to that of the load balancer on the service provider side.

   • Change the metaAlias of the service provider to any new metaAlias, for example, /splb.

5. On any identity provider machines, copy the metadata configuration files into the same directory and rename as follows:

   • idpMeta.xml to idpMeta.xml.lb

   • idpExtended.xml to idpExtended.xml.lb

6. Edit the new identity provider load balancer metadata configuration files as follows:

   • Change the host name of the identity provider to that of the load balancer on the identity provider side.

   • Change the protocol on the identity provider side.

   • Change the port of the identity provider to that of the load balancer on the identity provider side.

   • Change the metaAlias of the identity provider to any new metaAlias, for example, /idplb.

7. Import the new hosted metadata onto the service provider machines.

8. Import the new remote identity provider metadata onto the service provider machines.

9. Import the new hosted metadata onto the identity provider machines.

10. Import the new remote service provider metadata onto the identity provider machines.

11. Restart the web containers.