Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Establish Trust Between OpenSSO Enterprise and the Application on the Identity Provider Side

Set up a trust relationship between saeIDPApp.jsp, the identity provider application, and OpenSSO Enterprise on the identity provider side.

Before You Begin

Choose a shared secret for use between the identity provider application and the instance of OpenSSO Enterprise on the identity provider side; in this procedure, secret12.

  1. Make the following modifications to saeIDPApp.jsp and save the file.

    saeIDPApp.jsp is found in the OpenSSO-Deploy-Base/samples/saml2/sae directory.

    • Change the value of saeServiceURL to

    • Change the value of secret to secret12.

      Note –

      In a real deployment the application would store this shared secret in an encrypted file.

    • Change the value of spapp to

  2. Log in to the OpenSSO Enterprise console at as the administrator.

    User Name:




  3. Access in a different browser window.

    This JSP encodes the shared secret.

  4. Enter secret12 in the test field and click Encode.

    A string representing the identity provider's encoded password is displayed.

  5. Save the string for later use and close the browser window.

    In this case, AQICrLO+CuXkZFna8uAS0/GiUUtwyQltVdw2.

  6. From the OpenSSO Enterprise console, click the Federation tab.

  7. Under Entity Providers, click, the hosted identity provider.

  8. Click the Advanced tab.

  9. Under SAE Configuration, type the following in the New Value text box of the Per Application Security Configuration property and click Add.

  10. Click Save to save the profile.

  11. Click the Assertion Processing tab.

  12. Click the Attribute Mapper link.

  13. Under the Attribute Map property, type the following New Values and click Add.

    • mail=mail

    • branch=branch

    These attributes will be sent as part of the SAML v2 assertion.

  14. Click Save to save the profile.

  15. Click Back to return to the Federation tab.

  16. Under Entity Providers, click, the remote service provider.

  17. Click the Advanced tab.

  18. Under SAE Configuration, enter in the SP URL field.

  19. Under SAE Configuration again, enter in the SP Logout URL field.

  20. Click Save to save the profile.

  21. Click Back to return to the Federation tab.

  22. Click the Access Control tab.

  23. Under the Access Control tab, click / (Top Level Realm).

  24. Click the Authentication tab.

  25. Under General, click Advanced Properties.

    The Core profile page is displayed.

  26. Under User Profile, select the Ignored radio button and click Save.

    Note –

    This modification is specific to this deployment example only.

  27. Click Save to save the profile.

  28. Click Back to Authentication.

  29. Log out of the OpenSSO Enterprise console.