test

Sun OpenSSO Enterprise 8.0 Administration Guide

SAMLv2 Entity

The SAMLv2 entity type is based on the SAML v2 specification. This entity supports various profiles (including single sign-on and single logout) and allows you to assign and configure the following roles:

ProcedureTo Create a SAMLv2 Entity Provider

Use these steps to create a hosted entity provider based on the SAMLv2 protocol. You can assign one, more than one, or all of the provider roles to the entity, but all of the roles that you define will belong to the same entity provider.

  1. Log in as an administrator.

  2. Go to the Federation tab in the console and click New in the Entity Provider table.

  3. When prompted, select SAMLv2 as the entity provider.

  4. Select the Realm to which the entity provider will belong.

  5. Type a name in the Entity Identifier field.

  6. Enter values for the following attributes under the role category to which the entity provider will be assigned.

    Entering data in the Meta Alias field will automatically create and assign the entity provider role to the entity provider upon completion.

    Meta Alias

    Specifies a metaAlias for the provider role being configured. The metaAlias is used to locate the provider's entity identifier and the organization in which it is located. The value is a string equal to the realm or organization name coupled with a forward slash and the provider name. For example, /suncorp/travelprovider.

    Caution – Caution –

    The names used in the metaAlias must not contain a /.

    Signing Certificate Alias

    Specifies the provider certificate alias used to find the correct signing certificate in the keystore.

    Encryption Certificate alias

    Specifies the provider certificate alias used to find the correct encryption certificate in the keystore.

    Owner ID (Hosted Affiliation only)

    An identifier for the owner of the affiliation.

    Affiliation Members (Hosted Affiliation only)

    A provider must be a member of a circle of trust, or it cannot participate in SAMLv2-based communications. The provider can belong to one or more affiliations. The selected provider must have the Affiliation Federation attribute enabled. Enter the meta alias of the provider in the New Value field and click Add.

  7. Click Create.

    The entity provider, its assigned provider roles, and location will be displayed in the Entity Providers table. To customize the entity providers' roles behavior, click the name of the entity provider from the list and choose the tab that corresponds to the role you wish to customize. See Chapter 6, Federation Attributes for Entity Providers, in Sun OpenSSO Enterprise 8.0 Administration Reference for definitions attributes for provider customization.