Customizing SAMLv2 the Identity Provider Discovery Service and the ID-FF Identity Provider Introduction Service

There are two ways to obtain the SAMLv2 IDP Discovery Service/ID-FF IDP Introduction service:

1. Create and deploy a specialized WAR file used for the SAMLv2 Identity Provider Discovery Service and ID-FF Identity Provider Introduction Service only. See To Create a Specialized WAR file for the Identity Provider Services.

2. Customize the SAMLv2 Identity Provider Discovery Service and ID-FF Identity Provider Introduction Service through the console. See To Customize the Identity Provider Services Through the Console.

To Create a Specialized WAR file for the Identity Provider Services

OpenSSO Enterprise provides a mechanism to create a specialized WAR file for the SAMLv2 Identity Provider Discovery Service and the ID-FF Identity Provider Introduction Service. The WAR file can be deployed as standalone application, independent of Identity Provider and Service Provider domains. See Creating and Deploying Specialized OpenSSO Enterprise WAR Files in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.

1. After you deploy and run the Configurator for the specialized WAR file, locate the configuration property file named libIDPDiscoveryConfig.properties.

   This file is created under the web container user's home directory. This file is the same for both the SAMLv2 IDP Discovery service and the ID-FF IDP Introduction service.

2. Customize the following properties to meet your specific deployment needs:

   com.sun.identity.federation.services.introduction.cookiedomain

   The value of this property is the name of the common domain.

   com.sun.identity.federation.services.introduction.cookietype

   This property takes a value of either PERSISTENT or SESSION. PERSISTENT defines the cookie as one that will be stored and reused after a web browser is closed and reopened. SESSION defines the cookie as one that will not be stored after the web browser has been closed.

   com.iplanet.am.cookie.secure

   This property takes a value of either false or true. It defines whether the cookie needs to be secured or not.

   com.iplanet.am.cookie.encode

   This property takes a value of either false or true. It defines whether the cookie will be URL encoded or not. This property is useful if, for example, the web container that reads or writes the cookie decrypts or encrypts it by default.

To Customize the Identity Provider Services Through the Console

1. Login to the console as top level administrator.

2. Click the Configuration tab.

3. Click the Global sub-configuration tab.

4. Select the SAMLv2 Service Configuration service.

5. Customize the following attributes. These attributes are applicable for both the SAMLv2 Identity Provider Discovery Service and ID-FF Identity Provider Introduction Service:

   Cookie Domain for IDP Discovery Service

   Specifies the cookie domain for the SAMLv2 IDP discovery cookie.

   Cookie Type for IDP Discovery Service

   Specifies cookie type used in SAMLv2 IDP Discovery Service, either Persistent or Session. Default is Session.

   URL Scheme for IDP Discovery Service

   Specifies URL scheme used in SAMLv2 IDP Discovery Service.