Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Modify the Top-Level Realm for User Authentication

  1. Access in a web browser.

  2. Log in to the OpenSSO Enterprise console as the administrator.

    User Name:




  3. Click the Access Control tab.

  4. Click / (Top Level Realm), the root realm, under the Access Control tab.

  5. Click the Data Stores tab.

    The embedded data store link is displayed.

  6. Click embedded.

    The Generic LDAPv3 properties page is displayed.

  7. On the Generic LDAPv3 properties page, set the following attribute values and click Save.

    LDAP People Container Naming Attribute

    Enter ou.

    LDAP Groups Container Value

    Enter Groups.

    LDAP Groups Container Naming Attribute

    Enter ou.

    LDAP People Container Value

    Enter users.

    Note –

    If this field is empty, the search for user entries will start from the root suffix.

  8. Click Back to Data Stores.

  9. (Optional) Click the Subjects tab to verify that the test users are now displayed.

    spuser is displayed under Users (as well as others created during OpenSSO Enterprise configuration).

  10. Click the Authentication tab.

  11. Click the Advanced Properties link under General.

    The Core Realm Attributes page is displayed.

  12. Change the value of User Profile to Ignored.

    This new value specifies that a user profile is not required by the Authentication Service in order to issue a token after successful authentication. This modification is specific to this deployment example because the OpenSSO Enterprise schema and the Directory Server schema have not been mapped.

  13. Click Save.

  14. Click Back to Authentication.

  15. Click Back to Access Control.

  16. Log out of the OpenSSO Enterprise console.