Documentation Home
> Sun Java System Federation Manager 7.0 User's Guide
Sun Java System Federation Manager 7.0 User's Guide
Book Information
Index
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
R
S
T
U
W
Preface
Chapter 1 Introducing Federation Manager
Sun Java System Federation Manager
Key Features
Federated Models
Federation Manager and Sun Java System Access Manager
Supported Standards and Components
Supported Standards
The Liberty Alliance Project Specifications
Identity Federation
Provider Federation
The OASIS Security Services and SAML
Data Stores
Platforms and Operating Systems
Shared Components
Supported Web Containers
Supported Policy Agents
Federation Manager Architecture
Chapter 2 Installing and Deploying Federation Manager
Preparing for Installation
Installation Requirements
Selecting and Installing a Web Container
Default Installation Directories
Staging Directory
Installation Sequence
The Silent Installation File
Federation Manager Installation Options
Self-Extracting Installation
To Add Federation Manager Packages and Create a WAR
Standard Installation
To Add Federation Manager Packages
To Archive the Federation Manager Packages
Deploying Your Federation Manager WAR
Deploying Federation Manager in Sun Java System Web Server
To Deploy an Instance of Federation Manager in Web Server
To View the Federation Manager Java API Specifications
To Delete an Instance of Federation Manager from Web Server
Deploying Federation Manager in Sun Java System Application Server
To Deploy an Instance of Federation Manager in Application Server
To View the Federation Manager Java API Specifications
To Delete an Instance of Federation Manager from Application Server
Deploying Federation Manager in BEA WebLogic Server
To Deploy an Instance of Federation Manager in BEA WebLogic Server
To Delete an Instance of Federation Manager from BEA WebLogic Server
Deploying Federation Manager in WebSphere Application Server
To Deploy an Instance of Federation Manager in WebSphere Application Server
To Delete an Instance of Federation Manager from WebSphere Application Server
Accessing the Federation Manager Console
Installation Tools Reference
Detailing the fmsetup Syntax
Detailing the fmwar Syntax
Chapter 3 Customizing Federation Manager
General Customizations
Using an LDAPv3–compliant Directory
Changing the Default Data Store for Configuration Data to an LDAPv3–compliant Directory
Setting Up Your LDAPv3–Compliant Directory
To Set Up Sun Java System Directory Server as a Configuration Data Store
To Set Up Microsoft Active Directory as a Configuration Data Store
Modifying Federation Manager Configuration Data to Recognize an LDAPv3–compliant Directory
To Set Up Federation Manager for an LDAPv3–compliant Directory
To Add a Second Instance of Federation Manager to the Server List
Building and Loading LDIF Configuration Data Using fmff2ds
Changing the Default Data Store for User Data to an LDAPv3–compliant Directory
To Change the Default Data Store for User Data
The serverconfig.xml File
server-config.dtd Definition Type Document
iPlanetDataAccessLayer Element
ServerGroup Element
Server Element
User Element
DirDN Element
DirPassword Element
BaseDN Element
MiscConfig Element
serverconfig.xml Users
Proxy User
Admin User
Configuring Federation Manager for Sun Java System Policy Agents
Chapter 4 Getting Started
SAML Samples
SAML Client Sample
SAML Query Sample
Single Sign On Using SAML
SAML XMLSIG Sample
Liberty-based Samples
Federation SPI Sample
Liberty Protocol Sample
Web Service Sample
Chapter 5 System Administration
Organization Properties
Domain Name
Status
Aliases
DNS Alias Names
Console Properties
Globalization Settings
Charsets Supported by Each Locale
Charset Aliases
Auto Generated Common Name Format
To Add Supported Character Sets
To Edit Supported Character Sets
To Add New Character Set Aliases
To Edit Existing Character Set Aliases
System Properties
Logging
Maximum Log Size
Number of History Files
Log File Location
Logging Type
Database User Name
Database User Password
Database User Password (confirm)
Database Driver Name
Configurable Log Fields
Maximum Number of Records
Number of Files per Archive
Buffer Size
DB Failure Memory Buffer Size
Buffer Time
Enable Time Buffering
Naming
Profile Service URL
Session Service URL
Logging Service URL
Policy Service URL
Authentication Service URL
SAML Web Profile/Artifact Service URL
SAML SOAP Service URL
SAML Web Profile/POST Service URL
SAML Assertion Manager Service URL
Federation Assertion Manager Service URL
Security Token Manager URL
JAXRPC Endpoint URL
Platform
Server List
Platform Locale
Cookie Domains
Login Service URL
Logout Service URL
Available Locales
Client Character Sets
Session
Maximum Number of Search Results
Timeout For Search (Seconds)
Max Session Time (Minutes)
Max Idle Time (Minutes)
Max Caching Time (Minutes)
Chapter 6 Authentication
Customizing Authentication
Configuring an Authentication Module for an Organization
To Configure an Authentication Module for an Organization
Changing the Default Authentication Module from Flat File to LDAP
To Set LDAP as the Default Authentication Module for an Organization
To Enable an Organization to Use the LDAP Authentication Module
Changing the Default Authentication Module from Flat File to Active Directory
To Set Active Directory as the Default Authentication Module for an Organization
To Enable an Organization to Use the Active Directory Authentication Module
Changing the Default Administrator Authentication Module from a Flat File to LDAP
To Change the Default Administrator Authentication Module from Flat File to Sun Java System Directory Server
To Change the Default Administrator Authentication Module from Flat File to Microsoft Active Directory
Default Authentication Services
Access Control
Users with Write Permission
Users with Read Permission
Core
Pluggable Authentication Module Classes
Supported Authentication Module for Clients
LDAP Connection Pool Size
Default LDAP Connection Pool Size
Administrator Authentication Configuration
User Profile Dynamic Creation Default Roles
Enable Persistent Cookie Mode
Persistent Cookie Maximum Time
Alias Search Attribute Name
Default Authentication Locale
Organization Authentication Configuration
Enable Login Failure Lockout Mode
Login Failure Lockout Count
Login Failure Lockout Interval
Email Address to Send Lockout Notification
Warn User After N Failures
Login Failure Lockout Duration
Lockout Attribute Name
Lockout Attribute Value
Default Success URL
Default Failure Login URL
Authentication Post Processing Class
Enable Generate UserID Mode
Pluggable User Name Generator Class
Default Authentication Level
Flat File
Directory Location
Authentication Level
SAML
Authentication Level
Additional Authentication Services
Active Directory
Primary Active Directory Server
Secondary Active Directory Server
DN To Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
Enable SSL Access To Active Directory Server
Return User DN to Authenticate
Active Directory Server Check Interval
User Creation Attributes
Authentication Level
Anonymous
Valid Anonymous Users
Default Anonymous User Name
Enable Case Sensitive User IDs
Authentication Level
Certificate
Match Certificate in LDAP
Subject DN Attribute Used to Search LDAP for Certificates
Match Certificate to CRL
Issuer DN Attribute Used to Search LDAP for CRLs
HTTP Parameters for CRL Update
Enable OCSP Validation
LDAP Server Where Certificates are Stored
LDAP Start Search DN
LDAP Server Principal User
LDAP Server Principal Password
LDAP Server Principal Password (confirm)
LDAP Attribute for Profile ID
Use SSL for LDAP Access
Certificate Field Used to Access User Profile
Other Certificate Field Used to Access User Profile
Trusted Remote Hosts
SSL Port Number
Authentication Level
HTTP Basic
Authentication Level
JDBC
Connection Type
Connection Pool JNDI Name
JDBC Driver
JDBC URL
Connect This User to Database
Password for Connecting to Database
Password for Connecting to Database Confirm
Password Column String
Prepared Statement
Class to Transform Password Syntax
Authentication Level
LDAP
Primary LDAP Server
Secondary LDAP Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
Enable SSL to Access LDAP Server
Return User DN to Authenticate
LDAP Server Check Interval
User Creation Attribute List
Authentication Level
Membership
Minimum Password Length
Default User Roles
User Status After Registration
Primary LDAP Server
Secondary LDAP Server
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Password for Root User Bind (confirm)
Attribute Used to Retrieve User Profile
Attributes Used to Search for a User to be Authenticated
User Search Filter
Search Scope
Enable SSL to Access LDAP Server
Return User DN to Authenticate
Authentication Level
MSISDN
Trusted Gateway IP Address
MSISDN Number Argument
LDAP Server and Port
LDAP Start Search DN
Attribute To Use To Search LDAP
LDAP Server Principal User
LDAP Server Principal Password
LDAP Server Principal Password (confirm)
Enable SSL for LDAP Access
LDAP Attribute Used to Retrieve User Profile
Return User DN on Authentication
Authentication Level
RADIUS
Server 1
Server 2
Shared Secret
Shared Secret Confirm
Port Number
Timeout
Authentication Level
SafeWord
Server
Server Verification Files Directory
Logging Enable
Logging Level
Log File
Authentication Connection Timeout
Client Type
EASSP Version
Minimum Authenticator Strength
Authentication Level
SecurID
ACE/Server Configuration Path
Helper Configuration Port
Helper Authentication Port
Authentication Level
Windows Desktop SSO
Service Principal
Keytab File Name
Kerberos Realm
Kerberos Server Name
Return Principal with Domain Name
Authentication Level
Windows NT
Authentication Domain
Authentication Host
Samba Configuration File Name
Authentication Level
Chapter 7 Federation, Authentication Domains and Entities
Entities: Provider and Affiliate
To Create a New Provider Entity or Affiliate Entity
To Modify the General Attributes of a Provider Entity or an Affiliate Entity
To Add an Identity Provider to a Provider Entity
To Add a New Hosted Identity Provider to a Provider Entity
To Add a New Remote Identity Provider to a Provider Entity
To Add a Service Provider to a Provider Entity
To Add a New Hosted Service Provider to a Provider Entity
To Add a New Remote Service Provider to a Provider Entity
To Modify Hosted Identity Provider Attributes in a Provider Entity
To Modify Remote Identity Provider Attributes in a Provider Entity
To Modify Hosted Service Provider Attributes in a Provider Entity
To Modify Remote Service Provider Attributes in a Provider Entity
To Add a Contact Person to a Provider in a Provider Entity
To Modify a Contact Person Profile in a Provider Entity
To Create the Affiliation in an Affiliate Entity
Authentication Domains
To Create a New Authentication Domain
To Modify an Authentication Domain Profile
To Add Providers to an Authentication Domain
To Delete an Authentication Domain Profile
Auto-Federation
To Enable Auto-Federation
Bulk Federation
Chapter 8 SAML Administration
SAML Overview
SAML Service Attributes
Target Specifier
Site Identifiers
To Configure a Site Identifier
Trusted Partners
Trusted Partners: Selecting Partner Type and Profile
Trusted Partners: Configuring Trusted Partner Attributes
Target URLs
To Configure a Target URL
Assertion Timeout
Assertion Skew Factor for notBefore Time
Artifact Timeout
SAML Artifact Name
Sign SAML Assertion
Sign SAML Request
Sign SAML Response
Enabling SSL Communication between SAML Entities
Chapter 9 Web Services
Liberty Personal Profile Service
ResourceID Mapper
Authorizer
Attribute Mapper
Provider ID
Name Scheme
Namespace Prefix
Supported Containers
To Configure a Supported Container
PPLDAP Attribute Map List
To Configure an Attribute Mapping
Require Query PolicyEval
Require Modify PolicyEval
Extension Container Attributes
Extension Attributes Namespace Prefix
Is ServiceUpdate Enabled
Service Instance Update Class
Alternate Endpoint
Alternate Security Mechanisms
Discovery Service
Provider ID
Supported Authentication Mechanisms
Supported Directives
Enable Policy Evaluation for DiscoveryLookup
Enable Policy Evaluation for DiscoveryUpdate
Authorizer Plugin Class
Entry Handler Plugin Class
Classes for ResourceID Mapper Plugin
To Configure a ResourceID Mapper
Authenticate Response Message
Generate Session Context Statement for Bootstrapping
Encrypt NameIdentifier in Session Context for Bootstrapping
Use Implied Resource; don't generate ResourceID for Bootstrapping
Resource Offerings for Bootstrapping
To Configure a Resource Offering for Bootstrapping
To Configure a Service Description
SOAP Binding Service
Request Handler List
To Configure a Request Handler
Web Service Authenticator
Supported Authentication Mechanisms
Authentication Web Service (Authentication Service)
Mechanism Handlers List
To Configure a Mechanism Handler
Creating a New Web Service
© 2010, Oracle Corporation and/or its affiliates