Configure the Instance of OpenSSO Enterprise Local to the Identity Provider

The following procedure illustrates how to configure the instance of OpenSSO Enterprise local to the identity provider.

1. Update the identity provider standard metadata.

   • If you have existing identity provider standard metadata, export it using ssoadm and make your modifications. After updating, delete the original file and reload the modified metadata using ssoadm.

   • If you have not yet configured identity provider standard metadata, use ssoadm to generate an identity provider metadata template. After updating the template, import the modified metadata also using ssoadm.

2. Set up the keystore.

   If using the asymmetric cryptotype, add the public and private keys to the application's keystore. Additionally, populate the identity provider's keystore with the application's public key.

3. Update the identity provider configuration.

   1. Setup the application's security configuration as symmetric or asymmetric by defining the Per Application Security Configuration attribute under the Advanced tab of the identity provider configuration.

      ---

      Note –

      Use ampassword to encrypt the shared secret used for a symmetric configuration.

      ---

   2. OPTIONAL: Modify the IDP URL attribute (if you want to use an alternative or custom SAE landing URL) under the local identity provider's Advanced tab with a value specific to your identity provider instance of OpenSSO Enterprise.