test

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

Chapter 2 Technical Overview

This chapter contains technical information regarding the machines, software, and other components used in this deployment example. It contains the following sections:

2.1 Host Machines

The following table lists the attributes of the host machines used for this deployment example.

Table 2–1 Host Machines and Operating Systems

Host Machine 

Architecture 

Operating System 

ds1.idp-example.com

x86 

Solaris 10 

ds2.idp-example.com

x86 

Solaris 10 

osso1.idp-example.com

SPARC 

Solaris 10 

osso2.idp-example.com

SPARC 

Solaris 10 

lb1.idp-example.com

SPARC 

Solaris 10 

lb2.idp-example.com

SPARC 

Solaris 10 

ds1.sp-example.com

SPARC 

Solaris 10 

ds2.sp-example.com

SPARC 

Solaris 10 

osso1.sp-example.com

SPARC 

Solaris 10 

osso2.sp-example.com

SPARC 

Solaris 10 

lb3.sp-example.com

SPARC 

Solaris 10 

lb4.sp-example.com

SPARC 

Solaris 10 

pr1.sp-example.com

SPARC 

Solaris 10 

2.2 Software

The following table lists the software used in this deployment example.

Table 2–2 Software and Download Locations

Product 

Version 

Download Location 

Sun OpenSSO Enterprise 

8.0 

http://www.sun.com/download/

Sun Java System Web Server 

7.0 Update 3 

http://www.sun.com/download/

Sun Java System Directory Server Enterprise Edition 

6.3 Update 3 

http://www.sun.com/download/

BEA Weblogic Server 

10 

http://www.bea.com

Web Policy Agent 

(for Sun Java System Web Server) 

3.0 

http://www.sun.com/download/

J2EE Policy Agent 

(for BEA Weblogic Server) 

3.0 

http://www.sun.com/download/

Java 

(for OpenSSO Enterprise and policy agents) 

1.5.0_09 

http://www.java.com/en/

BIG-IP Load Balancer 

 

http://www.f5.com

2.3 Main Service URLs

The following sections summarize the main service URLs for the components used in this deployment example. For detailed configuration information, see Part V, Appendices.

2.3.1 Identity Provider Main Service URLs

The following tables summarize the main service URLs for the identity provider components.

Table 2–3 Identity Provider Components and Main Service URLs
 

Components 

Main Service URL 

Directory Server Host Machines and Load Balancer 
 

Directory Server 1 

ds1.idp-example.com:1736 (for monitor node)

ldaps://ds1.idp-example.com:1736 (for user data)
     
 

Directory Server 2 

ds2.idp-example.com:1736 (for monitor node)

ldaps://ds2.idp-example.com:1736 (for user data)
     
 

Load Balancer 1 

ldaps://lb1.idp-example.com:489 (for Directory Server access)
     

OpenSSO Enterprise Host Machines and Load Balancer 
 

Application Server 1 

Default Domain

http://osso1.idp-example.com:4848 (for console)

http://osso1.idp-example.com:8080 (for HTTP)

https://osso1.idp-example.com:8181 (for HTTPS)
   

Non—Root User Domain

http://osso1.idp-example.com:8989 (for console)

http://osso1.idp-example.com:1080 (for HTTP)

https://osso1.idp-example.com:1081 (for HTTPS)
     
 

OpenSSO Enterprise 1 

https://osso1.idp-example.com:1081/opensso/console

     
 

Application Server 2 

Default Domain

http://osso2.idp-example.com:4848 (for console)

http://osso2.idp-example.com:8080 (for HTTP)

https://osso2.idp-example.com:8181 (for HTTPS)
   

Non—Root User Domain

http://osso2.idp-example.com:8989 (for console)

http://osso2.idp-example.com:1080 (for HTTP)

https://osso2.idp-example.com:1081 (for HTTPS)
     
 

OpenSSO Enterprise 2 

https://osso2.idp-example.com:1081/opensso/console

     
 

Load Balancer 2 

https://lb2.idp-example.com:1081/opensso (for OpenSSO Enterprise access)

http://lb2.idp-example.com:1082 (for virtual server proxy)
     

2.3.2 Service Provider Main Service URLs

The following tables summarize the main service URLs for the service provider components.

Table 2–4 Service Provider Components and Main Service URLs
 

Components 

Main Service URL 

Directory Server Host Machines and Load Balancers 
 

Directory Server 1 

ds1.sp-example.com:1736 (for monitor node)

ldaps://ds1.sp-example.com:1736 (for user data)
     
 

Directory Server 2 

ds2.sp-example.com:1736 (for monitor node)

ldaps://ds2.sp-example.com:1736 (for user data)
     
 

Load Balancer 3 

ldaps://lb3.sp-example.com:489 (for user data)
     

OpenSSO Enterprise Host Machines and Load Balancer 
 

Application Server 1 

Default Domain

http://osso1.sp-example.com:4848 (for console)

http://osso1.sp-example.com:8080 (for HTTP)

https://osso1.sp-example.com:8181 (for HTTPS)
   

Non—Root User Domain

http://osso1.sp-example.com:8989 (for console)

http://osso1.sp-example.com:1080 (for HTTP)

https://osso1.sp-example.com:1081 (for HTTPS)
     
 

OpenSSO Enterprise 1 

https://osso1.sp-example.com:1081/opensso/console

     
 

Application Server 1 

Default Domain

http://osso2.sp-example.com:4848 (for console)

http://osso2.sp-example.com:8080 (for HTTP)

https://osso2.sp-example.com:8181 (for HTTPS)
   

Non—Root User Domain

http://osso2.sp-example.com:8989 (for console)

http://osso2.sp-example.com:1080 (for HTTP)

https://osso2.sp-example.com:1081 (for HTTPS)
     
 

OpenSSO Enterprise 2 

https://osso2.sp-example.com:1081/opensso/console

     
 

Load Balancer 4 

https://lb4.sp-example.com:1081/opensso (for OpenSSO Enterprise access)

http://lb4.sp-example.com:1082 (for virtual server proxy)
     

Protected Resource 1 Host Machine Web Containers and Policy Agents 
 

Web Server 

https://pr1.sp-example.com:8989 (for Sun Java System Web Server administration console)

http://pr1.sp-example.com:1080 (for Sun Java System Web Server managed instance)
     
 

Web Policy Agent 

http://pr1.sp-example.com:1080

     
 

WebLogic Server 

http://pr1.sp-example.com:7001/console (for BEA Weblogic administration server)

http://pr1.sp-example.com:1081 (for BEA Weblogic managed server)
     
 

J2EE Policy Agent 

http://pr1.sp-example.com:1081/agentapp

     

2.4 Viewing Replicated Entries

Throughout this deployment example, we use ldapsearch to view replicated entries. An alternative would be to enable the Directory Server audit log and run tail -f. Enabling the audit log will also help to track changes and updates made during OpenSSO Enterprise configuration.