test

Sun OpenSSO Enterprise 8.0 Administration Guide

Configuring ID-FF Single Sign-on

To setup single sign-on between two OpenSSO Enterprise instances for ID-FF protocol, one as an identity provider and one as a service provider, follow these steps:

ProcedureTo Configure ID-FF Single Sign-on

  1. Create an ID-FF identity provider. For instructions, see To Create an ID-FF Entity Provider.

  2. Export the standard identity provider metadata into an XML file using the ssoadm command's export-entity subcommand. The example filename for these instructions is IDP.xml.

  3. Create an ID-FF service provider. For instructions, see To Create an ID-FF Entity Provider

    Note –

    If the identity provider and service provider reside in the same domain, you need to modify the cookie name of one instance to be different from the other. To do so, log in to the OpenSSO Enterprise and go to Configuration>Servers and Sites, then choose the server instance. Click the Security>Inheritance Settings, and uncheck the Cookie Name field. Click Save.

    Click Back to Server Profile, go to the Cookie section, and modify the value for Cookie Name. Click Save. Restart the web container.

  4. Export the standard identity provider metadata into an XML file using the ssoadm command's export-entity subcommand. The example filename for these instructions is SP.xml.

  5. Load the remote service provider metadata to the OpenSSO Enterprise instance of the identity provider. To do so:

    1. Copy the SP.xml file to the identity provider instance.

    2. Log in to the console on the identity provider instance and click on the Federation tab.

    3. Click the Import Entity button.

    4. Choose the realm to which the identity provider resides.

    5. Select the File option and click upload to locate the SP.xml file. You can leave the extended metadata field blank.

  6. In the Federation tab, create a circle of trust and add the identity provider and service provider. For instructions, see To Create a New Circle of Trust.

  7. Load the identity provider metadata to the OpenSSO Enterprise instance of the service provider. To do so:

    1. Copy the IDP.xml file to the identity provider instance.

    2. Log in to the console on the identity provider instance and click on the Federation tab.

    3. Click the Import Entity button.

    4. Choose the realm to which the identity provider resides.

    5. Select the File option and click upload to locate the IDP.xml file. You can leave the extended metadata field blank.

  8. In the Federation tab, create a circle of trust and add the identity provider and service provider. For instructions, see To Create a New Circle of Trust.

    Single Sign-on is now established between the OpenSSO Enterprise instances.