2. OpenSSO 8.0 Update 2 Patch Releases
3. Installing OpenSSO 8.0 Update 2
4. Using the Security Token Service
5. Using the Oracle OpenSSO Fedlet
About the Oracle OpenSSO Fedlet
Requirements for the Oracle OpenSSO Fedlet
New Features for the Fedlet in OpenSSO 8.0 Update 2
Fedlet Version Information (CR 6941387)
Java Fedlet Password Encryption and Decryption (CR 6930477)
Java Fedlet Support for Signing and Encryption
To Configure the Java Fedlet for Signing and Encryption
Java Fedlet Support for Attribute Query (CR 6930476)
To Configure the Java Fedlet for Attribute Query
.NET Fedlet Encryption and Decryption of Requests and Responses (CR 6939005)
To Configure the .NET Fedlet for Encryption and Decryption of Requests and Responses
.NET Fedlet Signing of Requests and Responses (CR 6928530)
To Configure the .NET Fedlet for Signing of Requests and Responses:
.NET Fedlet Single Logout (CR 6928528 and CR 6930472)
To Configure a .NET Fedlet Service Provider Application for Single Logout:
.NET Fedlet Service Provider Initiated Single Sign-on (CR 6928525)
.NET Fedlet Support for Multiple Identity Providers and Discovery Service (CR 6928524)
To Configure the .NET Fedlet for Multiple Identity Providers
.NET Fedlet Support for the Identity Provider Discovery Service (CR 6928524)
To Configure the .NET Fedlet to Use the Identity Provider Discovery Service:
6. Integrating the OpenSSO 8.0 Update 2 with Oracle Access Manager
The Oracle OpenSSO Fedlet is a lightweight service provider (SP) implementation that can be deployed with a Java or .NET service provider application, enabling the application to communicate with an identity provider (IDP) such as Oracle OpenSSO 8.0 Update 2 using the SAMLv2 protocol. The Fedlet has two versions, depending on your platform:
The Java Fedlet was first released in OpenSSO 8.0. For information, see Chapter 5, Using the OpenSSO Enterprise Fedlet to Enable Identity Federation, in Sun OpenSSO Enterprise 8.0 Deployment Planning Guide.
The .NET Fedlet was released in OpenSSO 8.0 Update 1. For information, see Chapter 10, Using the ASP.NET Fedlet with OpenSSO Enterprise 8.0 Update 1, in Sun OpenSSO Enterprise 8.0 Update 1 Release Notes.
In Oracle OpenSSO 8.0 Update 2, the Fedlet is available as follows:
After you unzip the OpenSSO 8.0 Update 2 ZIP file, both the Java Fedlet and .NET Fedlet are available in the following file:
zip-root/opensso/fedlet/fedlet-unconfigured.zip, where zip-root is where you unzipped the Oracle OpenSSO 8.0 Update 2 ZIP file.
After you install Oracle OpenSSO 8.0 Update 2, you can create the Java Fedlet in the OpenSSO 8.0 Administration Console using the Create Fedlet work flow under Common Tasks.
The Fedlet has the following requirements:
Oracle OpenSSO 8.0 Update 2 supported web container, if you plan to deploy the fedlet.war, or a Java service provider application that is integrated with the Fedlet. See the Hardware and Software Requirements For OpenSSO 8.0 Update 2.
Microsoft Internet Information Server (IIS) 7.0 and later, if you plan to deploy the .NET Fedlet
JDK 1.6.x and later
This section describes how to initially configure the Fedlet with a service provider application:
After you finish the initial configuration for the Fedlet, continue with any additional configuration you want to perform. Several considerations are:
If you modify the Fedlet sp.xml file, you must re-import this file into your identity provider.
If you make other Fedlet configuration changes on the service provider side, convey this information to the identity provider administrator, so that the required configuration changes can be made on the identity provider side.
For Oracle OpenSSO 8.0 Update 2, use exportmetadata.jsp. For example:
http://opensso-idp.example.com:8080/opensso/saml2/jsp/exportmetadata.jsp
The default location is the fedlet subdirectory under the home directory of the user running the Fedlet web container (indicated by the user.home JVM property). For example, if this home directory is /home/webservd, the Fedlet home directory is:
/home/webservd/fedlet
To change the Fedlet default home directory, set the value of the JVM run-time com.sun.identity.fedlet.home property to the desired location. For example:
-Dcom.sun.identity.fedlet.home=/export/fedlet/conf
The Fedlet then reads its metadata, circle of trust, and configuration files from the /export/fedlet/conf directory.
sp.xml-template
sp-extended.xml-template
idp-extended.xml-template
fedlet.cot-template
|
For Oracle OpenSSO 8.0 Update 2, use the Register Remote Service Provider work flow under Common Tasks in the OpenSSO 8.0 Administration Console to import the Java Fedlet service provider metadata and to add the Java Fedlet service provider to a circle of trust.
Next Steps
Depending on your requirements, continue with any additional configuration for the Java Fedlet.
For Oracle OpenSSO 8.0 Update 2, use exportmetadata.jsp. For example:
http://opensso-idp.example.com:8080/opensso/saml2/jsp/exportmetadata.jsp
sp.xml-template
sp-extended.xml-template
idp-extended.xml-template
fedlet.cot-template
|
For Oracle OpenSSO 8.0 Update 2, use the Register Remote Service Provider work flow under Common Tasks in the OpenSSO 8.0 Administration Console to import the .NET Fedlet service provider metadata and to add the .NET Fedlet service provider to a circle of trust.
Next Steps
Depending on your requirements, continue with any additional configuration for the .NET Fedlet.