test

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Configure the Web Policy Agent for SAML v2 Communication

  1. Access https://lb4.sp-example.com:1081/opensso/console from a web browser.

  2. Log in to the OpenSSO Enterprise console as the administrator.

    User Name:

    amadmin

    Password:

    ossoadmin

  3. Under the Access Control tab, click / (Top Level Realm).

  4. Click the Agents tab.

  5. Click the Web tab.

    webagent-1 is displayed under the Agent table.

  6. Click webagent-1.

    The webagent-1 properties page is displayed.

  7. Click the OpenSSO Services tab.

    The Edit webagent-1 page is displayed.

  8. Click the Login URL link on the Edit webagent-1 page.

  9. Remove the existing value of the OpenSSO Login URL property.

    This value is displayed in the Selected box.

  10. Enter https://lb4.sp-example.com:1081/opensso/spssoinit?metaAlias=/sp&idpEntityID=https://lb2.idp-example.com:1181/opensso in the text box and click Add.

    This URL redirects the agent to the identity provider for authentication.

  11. Select the existing value of the OpenSSO Logout URL attribute and click Delete.

  12. Enter https://lb4.sp-example.com:1081/opensso/saml2/jsp/spSingleLogoutInit.jsp?metaAlias=/sp&idpEntityID=https://lb2.idp-example.com:1181/opensso in the text box and click Add.

  13. Enter http://www.sun.com as a value of the Logout Redirect URL attribute and click Add.

  14. Enter http://pr1.sp-example.com:1080/logout.html as a value of the Agent Logout URL List attribute and click Add.

  15. Click Save.

  16. Log out of the OpenSSO Enterprise console and close the browser.

  17. Log in to the pr1.sp-example.com host machine.

  18. Create the logout.html file using the following sub procedure.


    # cd /opt/SUNWwbsvr/https-pr1.sp-example.com/docs
# vi logout.html

    This creates an empty file.

  19. Restart the Web Server.


    # cd /opt/SUNWwbsvr/https-pr1.sp-example.com/bin
# ./stopserv
# ./startserv

  20. Log out of the pr1.sp-example.com host machine.

  21. Verify the configurations with the following sub procedure.

    1. Access http://pr1.sp-example.com:1080/index.html from a web browser.

      The OpenSSO Enterprise login page on the identity provider side is displayed. The browser is then redirected to the identity provider for authentication.

    2. Log in to the OpenSSO Enterprise console using the following credentials.

      User Name:

      idpuser

      Password:

      idpuser

      The default Web Server page is displayed.

    3. Access http://pr1.sp-example.com:1080/logout.html from a web browser.

      This will log out the user from the service provider and the identity provider using the SAML v2 single logout protocol.

    4. Close the browser.