test

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Establish Trust Between OpenSSO Enterprise and the Application on the Identity Provider Side

Set up a trust relationship between saeIDPApp.jsp, the identity provider application, and OpenSSO Enterprise on the identity provider side.

Before You Begin

Choose a shared secret for use between the identity provider application and the instance of OpenSSO Enterprise on the identity provider side; in this procedure, secret12.

  1. Make the following modifications to saeIDPApp.jsp and save the file.

    saeIDPApp.jsp is found in the OpenSSO-Deploy-Base/samples/saml2/sae directory.

    • Change the value of saeServiceURL to https://lb2.idp-example.com:1081/opensso/idpsaehandler/metaAlias/idp.

    • Change the value of secret to secret12.

      Note –

      In a real deployment the application would store this shared secret in an encrypted file.

    • Change the value of spapp to https://sae.sp-example.com:8181/opensso/saml2/sae/saeSPApp.jsp.

  2. Log in to the OpenSSO Enterprise console at https://lb2.idp-example.com:1081/opensso as the administrator.

    User Name:

    amadmin

    Password:

    ossoadmin

  3. Access https://lb2.idp-example.com:1081/opensso/encode.jsp in a different browser window.

    This JSP encodes the shared secret.

  4. Enter secret12 in the test field and click Encode.

    A string representing the identity provider's encoded password is displayed.

  5. Save the string for later use and close the browser window.

    In this case, AQICrLO+CuXkZFna8uAS0/GiUUtwyQltVdw2.

  6. From the OpenSSO Enterprise console, click the Federation tab.

  7. Under Entity Providers, click https://lb2.idp-example.com:1081/opensso, the hosted identity provider.

  8. Click the Advanced tab.

  9. Under SAE Configuration, type the following in the New Value text box of the Per Application Security Configuration property and click Add.

    url=https://sae.idp-example.com:8181/opensso/saml2/sae/
saeIDPApp.jsp|type=symmetric|secret=AQICrLO+CuXkZFna8uAS0/GiUUtwyQltVdw2

  10. Click Save to save the profile.

  11. Click the Assertion Processing tab.

  12. Click the Attribute Mapper link.

  13. Under the Attribute Map property, type the following New Values and click Add.

    • mail=mail

    • branch=branch

    These attributes will be sent as part of the SAML v2 assertion.

  14. Click Save to save the profile.

  15. Click Back to return to the Federation tab.

  16. Under Entity Providers, click https://lb4.sp-example.com:1081/opensso, the remote service provider.

  17. Click the Advanced tab.

  18. Under SAE Configuration, enter https://lb4.sp-example.com:1081/opensso/spsaehandler/metaAlias/sp in the SP URL field.

  19. Under SAE Configuration again, enter https://sae.sp-example.com:8181/opensso/saml2/sae/saeSPApp.jsp in the SP Logout URL field.

  20. Click Save to save the profile.

  21. Click Back to return to the Federation tab.

  22. Click the Access Control tab.

  23. Under the Access Control tab, click / (Top Level Realm).

  24. Click the Authentication tab.

  25. Under General, click Advanced Properties.

    The Core profile page is displayed.

  26. Under User Profile, select the Ignored radio button and click Save.

    Note –

    This modification is specific to this deployment example only.

  27. Click Save to save the profile.

  28. Click Back to Authentication.

  29. Log out of the OpenSSO Enterprise console.