test

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

Part V Appendices

This final part of Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0 contains technical configurations and other information regarding this deployment.

Note –

The BIG-IP load balancer login page and configuration console for all load balancers in this deployment example is accessed from the URL, is-f5.example.com.

Login

username

Password

password

Appendix A Identity Provider Directory Server Host Machines, Load Balancer and Test User

This appendix collects the information regarding the Directory Server instances. It contains the following tables:

Table A–1 Sun Java System Directory Server 1 Host Machine

Components 

Description 

 

Host Name 

ds1.idp-example.com 

Installation Directory 

/var/opt/mps/serverroot/ 

Administrator User 

cn=Directory Manager 

Administrator Password 

dsmanager 

User Data Instance 

Instance Name 

idp-users 
 

Instance Directory 

/var/opt/mps/idp-users 
 

Port Number 

1489 (LDAP) 

1736 (LDAPS) 
 

Base Suffix 

dc=company,dc=com 
 

Users Suffix 

ou=users,dc=company,dc=com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

dsmanager 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replmanager 

Table A–2 Sun Java System Directory Server 2 Host Machine

Component  

Description 

 

Host Name 

ds2.idp-example.com 

Installation Directory 

/var/opt/mps/serverroot/ 

Administrator User 

cn=Directory Manager 

Administrator Password 

dsmanager 

User Data Instance 

Instance Name 

idp-users 
 

Instance Directory 

/var/opt/mps/idp-users 
 

Port Number 

1489 (LDAP) 

1736 (LDAPS) 
 

Base Suffix 

dc=company,dc=com 
 

Users Suffix 

ou=users,dc=company,dc=com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

dsmanager 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replmanager 

Table A–3 Load Balancer for Directory Server Host Machines

Component 

Description 

 

URL 

lb1.idp-example.com 

Method 

Round Robin 

Protected Servers 

ds1.idp-example.com:1736 

ds2.idp-example.com:1736 

Virtual Servers 

lb1.idp-example.com:489 

Monitors 

ds1.idp-example.com:1736 

ds2.idp-example.com:1736 

Table A–4 Test User Entry

UserID 

Description 

 

idpuser 

Password 

idpuser 
 

DN 

uid=idpuser1,ou=users,dc=company,dc=com 

Appendix B Service Provider Directory Server Host Machines, Load Balancer and Test User

This appendix collects the information regarding the Directory Server instances. It contains the following tables:

Table B–1 Sun Java System Directory Server 1 Host Machine

Components 

Description 

 

Host Name 

ds1.sp-example.com 

Installation Directory 

/var/opt/mps/serverroot/ 

Administrator User 

cn=Directory Manager 

Administrator Password 

dsmanager 

User Data Instance 

Instance Name 

sp-users 
 

Instance Directory 

/var/opt/mps/sp-users 
 

Port Number 

1489 (LDAP) 

1736 (LDAPS) 
 

Base Suffix 

o=spusers.com 
 

Users Suffix 

ou=users,o=spusers.com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

dsmanager 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replmanager 

Table B–2 Sun Java System Directory Server 2 Host Machine

Component  

Description 

 

Host Name 

ds2.sp-example.com 

Installation Directory 

/var/opt/mps/serverroot/ 

Administrator User 

cn=Directory Manager 

Administrator Password 

dsmanager 

User Data Instance 

Instance Name 

sp-users 
 

Instance Directory 

/var/opt/mps/sp-users 
 

Port Number 

1489 (LDAP) 

1736 (LDAPS) 
 

Base Suffix 

o=spusers.com 
 

Users Suffix 

ou=users,o=spusers.com 
 

Administrative User 

cn=Directory Manager 
 

Administrative User Password 

dsmanager 
 

Replication Manager 

cn=replication manager,cn=replication,cn=config 
 

Replication Manager Password 

replmanager 

Table B–3 Load Balancer for Directory Server Host Machines

Component 

Description 

 

URL 

lb3.sp-example.com 

Method 

Round Robin 

Protected Servers 

ds1.sp-example.com:1736 

ds2.sp-example.com:1736 

Virtual Servers 

lb3.sp-example.com:489 

Monitors 

ds1.sp-example.com:1736 

ds2.sp-example.com:1736 

Table B–4 Test User Entry

UserID 

Description 

 

spuser 

Password 

spuser 
 

DN 

uid=spuser1,ou=users,o=spusers.com 

Appendix C Identity Provider OpenSSO Enterprise Host Machines and Load Balancers

This appendix collects the information regarding the identity provider OpenSSO Enterprise host machines.

Table C–1 OpenSSO Enterprise 1 Host Machine

Component  

Description 

 

Host Name 

osso1.idp-example.com 

 

Non-Root User 

osso80adm 

 

Non-Root User Password 

nonroot1pwd 

 

Sun Java System Application Server Administrative Server 

Installation Directory 

/opt/SUNWappserver91 
 

Administrative User 

admin 
 

Administrative User Password 

domain1pwd 
 

Ports 

4848 (administration) 

8080 (HTTP) 

8181 (HTTPS) 
 

Default Domain Name 

domain1 
 

Administrative Console URL 

http://osso1.idp-example.com:4848 

Sun Java System Application Server Non-Root User Domain 

Name 

ossodomain 
 

Directory 

/export/osso80adm/domains/ 
 

Administrative User 

domain2adm 
 

Administrative User Password 

domain2pwd 
 

Master Password 

domain2master 
 

Ports 

8989 (administration) 

1080 (HTTP) 

1081 (HTTPS) 
 

Administrative Console URL 

http://osso2.idp-example.com:8989 

OpenSSO Enterprise 

Administrative User 

amadmin 
 

Administrative User Password 

ossoadmin 
 

Configuration Data Store 

Embedded 
 

User Data Store 

lb2.idp-example.com:489 
 

Agent User 

agentuser 
 

Agent User Password 

agentuser 
 

Administrative Console URL 

https://osso2.idp-example.com:1081/opensso/console 

Table C–2 OpenSSO Enterprise 2 Host Machine

Component  

Description 

 

Host Name 

osso2.idp-example.com 

 

Non-Root User 

osso80adm 

 

Non-Root User Password 

nonroot2pwd 

 

Sun Java System Application Server Administrative Server 

Installation Directory 

/opt/SUNWappserver91 
 

Administrative User 

admin 
 

Administrative User Password 

domain1pwd 
 

Ports 

4848 (administration) 

8080 (HTTP) 

8181 (HTTPS) 
 

Default Domain Name 

domain1 
 

Administrative Console URL 

http://osso2.idp-example.com:4848 

Sun Java System Application Server Non-Root User Domain 

Name 

ossodomain 
 

Directory 

/export/osso80adm/domains/ 
 

Administrative User 

domain2adm 
 

Administrative User Password 

domain2pwd 
 

Master Password 

domain2master 
 

Ports 

8989 (administration) 

1080 (HTTP) 

1081 (HTTPS) 
 

Administrative Console URL 

http://osso2.idp-example.com:8989 

OpenSSO Enterprise 

Administrative User 

amadmin 
 

Administrative User Password 

ossoadmin 
 

Configuration Data Store 

Embedded 
 

User Data Store 

lb2.idp-example.com:489 
 

Agent User 

agentuser 
 

Agent User Password 

agentuser 
 

Administrative Console URL 

https://osso2.idp-example.com:1081/opensso/console 

Table C–3 Load Balancer for OpenSSO Enterprise Host Machines

Component 

Description 

 

URL 

lb2.idp-.example.com 

Method 

Round Robin 

Protected Servers 

osso1.idp-example.com:1081 

osso2.idp-example.com:1081 

Virtual Servers 

lb2.idp-example.com:489 

Monitors 

osso1.idp-example.com:1081 

osso2.idp-example.com:1081 

Cookie Name 

amlbcookie 

Appendix D Service Provider OpenSSO Enterprise Host Machines and Load Balancers

This appendix collects the information regarding the service provider OpenSSO Enterprise host machines.

Table D–1 OpenSSO Enterprise 1 Host Machine

Component  

Description 

 

Host Name 

osso1.sp-example.com 

 

Non-Root User 

osso80adm 

 

Non-Root User Password 

nonroot1pwd 

 

Sun Java System Application Server Administrative Server 

Installation Directory 

/opt/SUNWappserver91 
 

Administrative User 

admin 
 

Administrative User Password 

domain1pwd 
 

Ports 

4848 (administration) 

8080 (HTTP) 

8181 (HTTPS) 
 

Default Domain Name 

domain1 
 

Administrative Console URL 

http://osso1.sp-example.com:4848 

Sun Java System Application Server Non-Root User Domain 

Name 

ossodomain 
 

Directory 

/export/osso80adm/domains/ 
 

Administrative User 

domain2adm 
 

Administrative User Password 

domain2pwd 
 

Master Password 

domain2master 
 

Ports 

8989 (administration) 

1080 (HTTP) 

1081 (HTTPS) 
 

Administrative Console URL 

http://osso2.sp-example.com:8989 

OpenSSO Enterprise 

Administrative User 

amadmin 
 

Administrative User Password 

ossoadmin 
 

Configuration Data Store 

Embedded 
 

User Data Store 

lb2.isp-example.com:489 
 

Agent User 

agentuser 
 

Agent User Password 

agentuser 
 

Administrative Console URL 

https://osso2.sp-example.com:1081/opensso/console 

Table D–2 OpenSSO Enterprise 2 Host Machine

Component  

Description 

 

Host Name 

osso2.sp-example.com 

 

Non-Root User 

osso80adm 

 

Non-Root User Password 

nonroot2pwd 

 

Sun Java System Application Server Administrative Server 

Installation Directory 

/opt/SUNWappserver91 
 

Administrative User 

admin 
 

Administrative User Password 

domain1pwd 
 

Ports 

4848 (administration) 

8080 (HTTP) 

8181 (HTTPS) 
 

Default Domain Name 

domain1 
 

Administrative Console URL 

http://osso2.sp-example.com:4848 

Sun Java System Application Server Non-Root User Domain 

Name 

ossodomain 
 

Directory 

/export/osso80adm/domains/ 
 

Administrative User 

domain2adm 
 

Administrative User Password 

domain2pwd 
 

Master Password 

domain2master 
 

Ports 

8989 (administration) 

1080 (HTTP) 

1081 (HTTPS) 
 

Administrative Console URL 

http://osso2.sp-example.com:8989 

OpenSSO Enterprise 

Administrative User 

amadmin 
 

Administrative User Password 

ossoadmin 
 

Configuration Data Store 

Embedded 
 

User Data Store 

lb2.sp-example.com:489 
 

Agent User 

agentuser 
 

Agent User Password 

agentuser 
 

Administrative Console URL 

https://osso2.sp-example.com:1081/opensso/console 

Table D–3 Load Balancer for OpenSSO Enterprise Host Machines

Component 

Description 

 

URL 

lb4.sp-.example.com 

Method 

Round Robin 

Protected Servers 

osso1.sp-example.com:1081 

osso2.sp-example.com:1081 

Virtual Servers 

lb2.sp-example.com:489 

Monitors 

osso1.sp-example.com:1081 

osso2.sp-example.com:1081 

Cookie Name 

amlbcookie 

Appendix E Service Provider Protected Resource Host Machine Web Containers and Policy Agents

This appendix collects the information regarding the web containers and policy agents installed on the Protected Resource host machine.

Table E–1 Protected Resource 1 Host Machine

Component 

Description 

 

Host Name 

pr1.sp-example.com 

BEA WebLogic Server Administration Server 

Home Directory 

/usr/local/bea 
 

Installation Directory 

/usr/local/bea/weblogic10 
 

Domain Directory 

/usr/local/bea/user_projects/domains/pr1 
 

Administration Server Directory 

/usr/local/bea/user_projects/domains/pr1/servers/AdminServer 
 

Administrator 

weblogic 
 

Administrator Password 

bea10admin 
 

Port 

7001 
 

Administration Console URL 

http://pr1.sp-example.com:7001/console 

BEA WebLogic Server Managed Server 

Managed Server Directory 

/usr/local/bea/user_projects/domains/pr1/servers/ApplicationServer-1 
 

Port 

1081 
 

OpenSSO Enterprise URL 

https://lb4.sp-example.com:1081/opensso 

J2EE Policy Agent for BEA WebLogic Server 

J2EE Agent Profile Name 

j2eeagent–1 
 

J2EE Agent Profile Password 

j2eeagent1 
 

J2EE Agent URL 

http://pr1.sp-example.com:1081/agentapp 

Sun Java System Web Server Administration Server 

Installation Directory 

/opt/SUNWwbsvr/ 
 

Default Administration Directory 

/opt/SUNWwbsvr/admin-server 
 

Default Administrator 

admin 
 

Default Administrator Password 

web4dmin 
 

Runtime User ID 

root 
 

Ports 

8989 (SSL) 

1080 (HTTP) 

Sun Java System Web Server Instance 

Instance Name 

pr1.sp-example.com 
 

Instance Directory 

/opt/SUNWwbsvr/https-pr-1.example.com 
 

Port 

1080 
 

Service URL 

http://pr1.sp-example.com:1080 

Web Policy Agent for Sun Java System Web Server 

Web Agent Profile Name 

webagent-1 
 

Web Agent Profile Password 

webagent1 

Appendix F The snoop.jsp File

This appendix contains the snoop.jsp file used in .


<HTML>
<HEAD>
<TITLE>JSP snoop page</TITLE>
<%@ page import="javax.servlet.http.
HttpUtils,java.util.Enumeration" %>
</HEAD>
<BODY>
<H1>JSP Snoop page</H1>
FIGURE 16?1 Output from snoop.jsp
Example 16?1
16.1 Mapping User Attributes fromthe Identity Provider to 
a Single User on the Service Provider
284 Deployment Example 2: Federation Using SAML v2 ? April 2007
<H2>Request information</H2>
<TABLE>
<TR>
<TH align=right>Requested URL:</TH>
<TD><%= HttpUtils.getRequestURL(request) %></TD>
</TR>
<TR>
<TH align=right>Request method:</TH>
<TD><%= request.getMethod() %></TD>
</TR>
<TR>
<TH align=right>Request URI:</TH>
<TD><%= request.getRequestURI() %></TD>
</TR>
<TR>
<TH align=right>Request protocol:</TH>
<TD><%= request.getProtocol() %></TD>
</TR>
<TR>
<TH align=right>Servlet path:</TH>
<TD><%= request.getServletPath() %></TD>
</TR>
<TR>
<TH align=right>Path info:</TH>
<TD><%= request.getPathInfo() %></TD>
</TR>
<TR>
<TH align=right>Path translated:</TH>
<TD><%= request.getPathTranslated() %></TD>
</TR>
<TR>
<TH align=right>Query string:</TH>
<TD><%= request.getQueryString() %></TD>
</TR>
<TR>
<TH align=right>Content length:</TH>
<TD><%= request.getContentLength() %></TD>
</TR>
<TR>
<TH align=right>Content type:</TH>
<TD><%= request.getContentType() %></TD>
<TR>
<TR>
<TH align=right>Server name:</TH>
<TD><%= request.getServerName() %></TD>
16.1 Mapping User Attributes fromthe Identity Provider 
to a Single User on the Service Provider
Chapter 16 ? Use Case 2: User AttributeMapping 285
<TR>
<TR>
<TH align=right>Server port:</TH>
<TD><%= request.getServerPort() %></TD>
<TR>
<TR>
<TH align=right>Remote user:</TH>
<TD><%= request.getRemoteUser() %></TD>
<TR>
<TR>
<TH align=right>Remote address:</TH>
<TD><%= request.getRemoteAddr() %></TD>
<TR>
<TR>
<TH align=right>Remote host:</TH>
<TD><%= request.getRemoteHost() %></TD>
<TR>
<TR>
<TH align=right>Authorization scheme:</TH>
<TD><%= request.getAuthType() %></TD>
<TR>
</TABLE>
<%
Enumeration e = request.getHeaderNames();
if(e != null && e.hasMoreElements()) {
%>
<H2>Request headers</H2>
<TABLE>
<TR>
<TH align=left>Header:</TH>
<TH align=left>Value:</TH>
</TR>
<%
while(e.hasMoreElements()) {
String k = (String) e.nextElement();
%>
<TR>
<TD><%= k %></TD>
<TD><%= request.getHeader(k) %></TD>
</TR>
<%
}
%>
</TABLE>
<%
16.1 Mapping User Attributes fromthe Identity Provider 
to a Single User on the Service Provider
286 Deployment Example 2: Federation Using SAML v2 ? April 2007
}
%>
<%
e = request.getParameterNames();
if(e != null && e.hasMoreElements()) {
%>
<H2>Request parameters</H2>
<TABLE>
<TR valign=top>
<TH align=left>Parameter:</TH>
<TH align=left>Value:</TH>
<TH align=left>Multiple values:</TH>
</TR>
<%
while(e.hasMoreElements()) {
String k = (String) e.nextElement();
String val = request.getParameter(k);
String vals[] = request.getParameterValues(k);
%>
<TR valign=top>
<TD><%= k %></TD>
<TD><%= val %></TD>
<TD><%
for(int i = 0; i < vals.length; i++) {
if(i > 0)
out.print("<BR>");
out.print(vals[i]);
}
%></TD>
</TR>
<%
}
%>
</TABLE>
<%
}
%>
<%
e = getServletConfig().getInitParameterNames();
if(e != null && e.hasMoreElements()) {
%>
<H2>Init parameters</H2>
<TABLE>
<TR valign=top>
16.1 Mapping User Attributes fromthe Identity Provider 
to a Single User on the Service Provider
Chapter 16 ? Use Case 2: User AttributeMapping 287
<TH align=left>Parameter:</TH>
<TH align=left>Value:</TH>
</TR>
<%
while(e.hasMoreElements()) {
String k = (String) e.nextElement();
String val = getServletConfig().getInitParameter(k);
%>
<TR valign=top>
<TD><%= k %></TD>
<TD><%= val %></TD>
</TR>
<%
}
%>
</TABLE>
<%
}
%>
</BODY>
</HTML>

Appendix G Known Issues and Limitations

The issues in this appendix will be updated as more information becomes available.

Table G–1 Known Issues and Limitations

Reference Number 

Description 

4510 

Creating a non-root domain Shows a FileNotFoundException

For more information, see Issue 4510 on https://glassfish.dev.java.net/.