Appendix A Liberty-based and SAML Samples
Sun Java System Access Manager contains a number of samples that make use of the Access Manager implementation of the Liberty Alliance Project specifications. This appendix contains information about the samples. The samples are located in /AccessManager-base/SUNWam/samples. This directory includes samples for the entire Access Manager product as well as two directories specific to the Liberty-based features: liberty and phase2.
This appendix covers the following samples:
Federation Framework Samples
Access Manager 2005Q4 supports the Liberty Alliance Identity Federation Framework 1.2 Specifications. The Federation Framework samples are located in /AccessManager-base/SUNWam/samples/liberty. To demonstrate the different Liberty-based federation protocols featured in Access Manager, three sample applications are included. They are located in the following subdirectories:
sample1 Directory
The sample1 directory provides a collection of files to configure a basic environment for creating and managing a federation. The sample demonstrates the basic use of various Liberty-based federation protocols, including account federation, SSO, single logout, and federation termination. The scenario includes a service provider (SP), an identity provider (IDP), and configuration information for the two required servers. Each server must be deployed and configured on different installations of Access Manager.
Table A–1 Configuration Information for sample1 Servers
The Readme.html file in the sample1 directory provides detailed steps on how to deploy and configure this sample. sample1 also contains instructions for configuring a common domain. For information on common domains, see Chapter 4, Common Domain Services.
sample2 Directory
The sample2 directory also provides a collection of files to configure a basic environment for creating and managing a federation. However, in this sample, the resources of the SP are deployed on a Sun Java System Web Server that is protected by a Sun Java System Policy Agent. As in sample1 Directory, the SP and IDP are deployed and configured on different Access Manager installations. Besides demonstrating account federation, SSO, single logout, and federation termination, this sample also shows how different authentication contexts can be configured by associating different authentication levels with different protected pages. This association is made by creating policies for the protected resources. The Readme.html file in the sample2 directory provides detailed steps on how to deploy and configure this sample.
sample3 Directory
The sample3 directory provides a collection of files to configure an environment for creating and managing a federation that includes two SPs and two IDPs. In this case, though, all hosted providers are deployed on a single installation of Access Manager. You need to host the same IP address (the one on which Access Manager is installed) in four different DNS domains. Thus, four virtual server instances are created on a Sun Java System Web Server, one for each of the providers.
Note –
Virtual server instances can be simulated by adding entries in the /etc/hosts file for the fully qualified host names of the virtual servers.
Because this scenario involves multiple IPs, you also need to install a common domain. You can install the Common Domain Services on the same machine as the Access Manager software or on a different machine. The Readme.html file in the sample3 directory provides detailed steps on how to deploy and configure this sample. You can also find information about common domains in Chapter 4, Common Domain Services.
Web Services Framework Samples
Access Manager 2005Q4 supports both the Liberty Alliance Identity Web Services Framework 1.0 Specifications and the Liberty Alliance Identity Services Interface Specifications 1.0. The web services samples are located in /AccessManager-base/SUNWam/samples/phase2. To demonstrate the different Liberty-based web services protocols featured in Access Manager, four sample applications are included. They are located in the following sub-directories:
wsc Directory
The wsc directory contains a collection of files to deploy and run a web service consumer (WSC).
Note –
Before implementing this sample, you must have two instances of Access Manager installed, and running, and Liberty-enabled. Completing the procedure in sample1 Directory will accomplish this.
In addition, this sample illustrates how to use the Discovery Service and Data Services Template client APIs to allow the WSC to communicate with a web service provider (WSP). This sample describes the flow of the Liberty-based Web Service Framework (ID-WSF) and how the security mechanisms and interaction service are integrated. The Readme.html file in the wsc directory provides detailed steps on how to deploy and configure this sample. For more information, see also Chapter 6, Data Services and Chapter 7, Discovery Service.
sis-ep Directory
The sis-ep directory contains a collection of files to develop, deploy, and invoke a new Liberty-based web service to Access Manager. The sample implements the Liberty Employee Profile Service.
Note –
Before implementing this sample, you must have two instances of Access Manager installed, and running, and Liberty-enabled. Completing the procedure in sample1 Directory will accomplish this.
The Liberty Employee Profile Service is a deployment of the Liberty ID-SIS Employee Profile Service Specification (ID-SIS-EP), which is one of the Liberty Alliance ID-SIS 1.0 Specifications. The Readme.html file in the sample directory provides detailed steps on how to deploy and configure this sample. For more information, see also Chapter 6, Data Services
paos Directory
The paos directory contains a
collection of files that demonstrate how to set up and invoke a PAOS Service
interaction between a client and server. The sample is based on the following
scenario: a cell phone user subscribes to a news service offered by the cell
phone’s manufacturer. The news service automatically provides stocks
and weather information to the user’s cell phone at regular intervals.
In this scenario, the manufacturer is the news service provider, and the individual
cell phone user is the consumer. After running the sample, you will see the
output from the PAOSServer program.
You can also see the output from PAOSClientServlet program in the log file of the Web Server. For example, when using Sun Java System Web Server,
look in the log subdirectory for the
errors file.
The Readme.html file in the sample directory provides detailed steps on how to deploy and configure this sample. In addition, see PAOS Binding Sample.
Note –
In an actual deployment, the server-side code would be developed by a service provider.
authnsvc Directory
The authnsvc directory contains a collection of files to illustrate the use of the Access Manager Authentication Web Service. This sample program authenticates against the service and extracts the resource offering of a discovery bootstrap. The Readme.html file in the sample directory provides detailed steps on how to deploy and configure this sample. In addition, see Chapter 5, Authentication Web Service
SAML Samples
For information on the samples related to the SAML component of Access Manager, see SAML Samples.
- © 2010, Oracle Corporation and/or its affiliates