test

Sun Java System Access Manager 7.1 Federation and SAML Administration Guide

Federation Framework Samples

Access Manager 7.1 supports the Liberty Alliance Identity Federation Framework 1.2 Specifications. The Federation Framework samples are located in /AccessManager-base/SUNWam/samples/liberty. To demonstrate the different Liberty-based federation protocols featured in Access Manager, three sample applications are included. They are located in the following subdirectories:

sample1 Directory

The sample1 directory provides a collection of files to configure a basic environment for creating and managing a federation. The sample demonstrates the basic use of various Liberty-based federation protocols, including account federation, SSO, single logout, and federation termination. The scenario includes a service provider (SP), an identity provider (IDP), and configuration information for the two required servers. Each server must be deployed and configured on different installations of Access Manager.

Table A–1 Configuration Information for sample1 Servers

Variable Placeholder 

Host Name 

Components Deployed on This Host 

machine1

www.sp1.com

  • Service Provider

  • Web Service Consumer

machine2

www.idp1.com

  • Identity Provider

  • Discovery Service

  • Liberty Alliance Project

The Readme.html file in the sample1 directory provides detailed steps on how to deploy and configure this sample. sample1 also contains instructions for configuring a common domain. For information on common domains, see Chapter 4, Common Domain Services for Federation Management.

sample2 Directory

The sample2 directory also provides a collection of files to configure a basic environment for creating and managing a federation. However, in this sample, the resources of the SP are deployed on a Sun Java System Web Server that is protected by a Sun Java System Policy Agent. As in sample1 Directory, the SP and IDP are deployed and configured on different Access Manager installations. Besides demonstrating account federation, SSO, single logout, and federation termination, this sample also shows how different authentication contexts can be configured by associating different authentication levels with different protected pages. This association is made by creating policies for the protected resources. The Readme.html file in the sample2 directory provides detailed steps on how to deploy and configure this sample.

sample3 Directory

The sample3 directory provides a collection of files to configure an environment for creating and managing a federation that includes two SPs and two IDPs. In this case, though, all hosted providers are deployed on a single installation of Access Manager. You need to host the same IP address (the one on which Access Manager is installed) in four different DNS domains. Thus, four virtual server instances are created on a Sun Java System Web Server, one for each of the providers.

Note –

Virtual server instances can be simulated by adding entries in the /etc/hosts file for the fully qualified host names of the virtual servers.

Because this scenario involves multiple IPs, you also need to install a common domain. You can install the Common Domain Services for Federation Management on the same machine as the Access Manager software or on a different machine. The Readme.html file in the sample3 directory provides detailed steps on how to deploy and configure this sample. You can also find information about common domains in Chapter 4, Common Domain Services for Federation Management.