Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

Chapter 3 Before You Begin

This chapter contains information you need to know before beginning the documented installation and configuration procedures. It contains the following sections:

3.1 Technical Reference

See Chapter 2, Technical Overview for a quick reference of host machines, port numbers, operating systems, naming conventions, and component names used in this deployment example. See Part V, Appendices for more detailed information.

3.2 Setting Up the Load Balancers

The load balancer hardware and software used in this deployment environment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information. This document assumes that you have already installed the required load balancers. The following identity provider sections require load-balancing hardware and software.

The following service provider sections require load-balancing hardware and software.

3.3 Obtaining Secure Socket Layer Certificates

In order to enable secure communications using the Secure Sockets Layer (SSL) protocol you need to obtain root certificates and server certificates from a certificate authority (CA). A CA root certificate proves that the particular CA issued a particular server certificate. CA root certificates are publicly available. The root certificate used in this deployment is a self-signed certificate issued by OpenSSL for testing purposes only; it is named ca.cer. You can obtain a root certificate from any commercial certificate issuer such as VeriSign, Thawte, Entrust, or GoDaddy.

The server certificates are requested from, and issued by, OpenSSL within each procedure. You should know how to request server certificates from your CA of choice before beginning this deployment. The following identity provider sections are related to requesting, installing, and importing root and server certificates.

The following service provider sections are related to requesting, installing, and importing root and server certificates.

3.4 Resolving Host Names

There are many ways to resolve the host names used in this deployment. You may use a DNS naming service, or you can map IP addresses to host names in the local host file on all UNIX® hosts. The same entries must also be added to equivalent files on Windows hosts, and on client machines where browsers are used. For example:

1xx.xx.xx.x1		ds1
1xx.xx.xx.x2		ds2
1xx.xx.xx.x3		osso1
1xx.xx.xx.x4		osso2

3.5 Known Issues and Limitations

See Appendix G, Known Issues and Limitations for descriptions of problems you may encounter when implementing the deployment example. This list will be updated as new information becomes available.

Although the instructions and procedures documented in this book incorporate many best practices, and may be suitable in many different scenarios, this is not the only way to achieve the same results. If you plan to deviate from the task sequence or details described, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.