Create and load the metadata for the service provider.
Create the metadata for the identity provider using ssoadm and define these additional options for it's role as an authentication authority.
Defines the meta Alias for the hosted authentication authority to be created. The format must be realm name/identifier.
Defines the authentication authority signing certificate alias.
Defines the authentication authority encryption certificate alias.
For example:
ssoadm create-metadata-templ -u amadmin -f /tmp/pw -m /home/user1/tmp/mm -x /home/usr1/tmp/xx -s /idp -a test -r test -C /authna -D test2 -E test2 -y example.com
Add the following attribute to the identity provider metadata file just created.
This allows the identity provider to store assertions generated during the SAMLv2 Single Sign-on process.
<IDPSSOConfig metaAlias="/idp"> <Attribute name="assertionCacheEnabled"> <Value>true</Value> </Attribute> </IDPSSOConfig>
Configure for SAMLv2 single sign-on as documented in Configuring SAMLv2 Single Sign-on without Service Provider User Accounts.
Do either of the following:
To send an authentication query from the service provider use the method of com.sun.identity.saml2.profile.AuthnQueryUtil.
public static Response sendAuthnQuery(AuthnQuery authnQuery, String authnAuthorityEntityID, String realm, String binding) throws SAML2Exception;
To construct an AuthnQuery object, use com.sun.identity.saml2.assertion.* and com.sun.identity.saml2.protocol.*.