Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Establish Trust Between OpenSSO Enterprise and the Application on the Service Provider Side

Set up a trust relationship between OpenSSO Enterprise on the service provider side and saeSPApp.jsp, the service provider application.

Before You Begin

Choose a shared secret for use between the service provider application and the instance of OpenSSO Enterprise on the service provider side; in this procedure, secret12.

  1. Log in to the OpenSSO Enterprise console at as the administrator.

    User Name:




  2. Access in a different browser window.

    This JSP encodes the shared secret.

  3. Enter secret12 and click Encode.

    A string representing the identity provider's encoded password is displayed.

  4. Save the string for later use and close the browser window.

    In this case, AQICIbz4afzilWzbmo6QD9lQ9U4kEBrMlvZy.

  5. From the OpenSSO Enterprise console, click the Federation tab.

  6. Under Entity Providers, click, the hosted service provider.

  7. Click the Assertion Processing tab.

  8. Under Attribute Mapper, add the following new values to the Attribute Map property.

    • mail=mail

    • branch=branch

  9. Under Auto-Federation, check the Enabled box.

  10. Also under Auto-Federation, enter mail in the Attribute field.

    The value of the Attribute property is the attribute previously mapped between the identity provider and the service provider allowing Auto-Federation to work.

  11. Click Save.

  12. Click the Advanced tab.

  13. Under SAE Configuration, type as the value for the SP URL.

  14. Type as the value for the SP Logout URL.

  15. Type the following in the New Value field of the Per Application Security Configuration property and click Add.

  16. Click Save to save the profile.

  17. Click Back to return to the Federation tab.

  18. Click the Access Control tab.

  19. Under the Access Control tab, click / (Top Level Realm).

  20. Click the Authentication tab.

  21. Under General, click Advanced Properties.

    The Core profile page is displayed.

  22. Under User Profile, select the Ignored radio button and click Save.

    Note –

    This modification is specific to this deployment example only.

  23. Click Save to save the profile.

  24. Click Back to Authentication.

  25. Log out of the OpenSSO Enterprise console.