2 Installing the Oracle OpenSSO Fedlet

This chapter explains how to install the Oracle OpenSSO Fedlet, including:

Downloading the Oracle OpenSSO Fedlet ZIP File
Extracting the Oracle OpenSSO Fedlet Files
Packaging the Oracle OpenSSO Fedlet for a Service Provider

2.1 Downloading the Oracle OpenSSO Fedlet ZIP File

The Oracle OpenSSO Fedlet can be downloaded as a separate ZIP file. The ZIP file includes all the files and components required to deploy the Fedlet with a Java or .NET service provider application.

You can download the Oracle-OpenSSO-Fedlet.zip file from the Oracle Fusion Middleware 11gR1 Software Downloads page:

http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.html

Create a directory to download and unzip the Oracle-OpenSSO-Fedlet.zip file. Usually, you should create this directory on the server where your service provider application exists. For example, on a UNIX system:

mkdir Fedlet-zip-dir

Note:

For some deployments, rather than downloading the Oracle OpenSSO Fedlet ZIP file, a service provider administrator can get a previously configured Oracle OpenSSO Fedlet package from the identity provider administrator. The service provider administrator then adds any application specific logic to the package and deploys the Fedlet service provider application.

For more information, see Section 2.3, "Packaging the Oracle OpenSSO Fedlet for a Service Provider."

2.2 Extracting the Oracle OpenSSO Fedlet Files

In the download directory, extract the files in the Oracle-OpenSSO-Fedlet.zip file. For example:

cd Fedlet-zip-dir
unzip Oracle-OpenSSO-Fedlet.zip

The following table shows the directory structure of the Oracle-OpenSSO-Fedlet.zip file after you unzip the file. There are unique directories (and subdirectories) for the Java Fedlet and the .NET Fedlet.

Table 2-1 Directory Structure of the Oracle-OpenSSO-Fedlet.zip File

Directory Description

Directory	Description
`java`	Files for integrating the Oracle OpenSSO Fedlet with a Java application: `/conf` contains the Java Fedlet XML metadata templates, circle of trust template, and other configuration files. The `FederationConfig.properties` file contains the version number for the Oracle OpenSSO Fedlet release. `fedlet.war` is a WAR file that you can deploy to show the Java Fedlet features. `/SampleApp` contains a Java sample application that shows the connectivity between the Java Fedlet and a remote identity provider. `/install` contains the `ConfigureFedlet` program to configure the Java Fedlet and optionally to create the Java Fedlet sample (`fedletsample.war`). `README` provides information about the Java Fedlet.
`asp.net`	Files for integrating the Oracle OpenSSO Fedlet Fedlet with a .NET application: `/bin` contains the `Fedlet.dll` and `Fedlet.dll.config` files. The `Fedlet.dll.config` file contains the version number for the Oracle OpenSSO Fedlet release. `/conf` contains the .NET Fedlet XML metadata templates and circle of trust template. `/SampleApp` contains a .NET sample application that shows the connectivity between the .NET Fedlet and a remote identity provider. `readme.txt` provides information about the .NET Fedlet.

java

Files for integrating the Oracle OpenSSO Fedlet with a Java application:

/conf contains the Java Fedlet XML metadata templates, circle of trust template, and other configuration files.

The FederationConfig.properties file contains the version number for the Oracle OpenSSO Fedlet release.
fedlet.war is a WAR file that you can deploy to show the Java Fedlet features.
/SampleApp contains a Java sample application that shows the connectivity between the Java Fedlet and a remote identity provider.
/install contains the ConfigureFedlet program to configure the Java Fedlet and optionally to create the Java Fedlet sample (fedletsample.war).
README provides information about the Java Fedlet.

asp.net

Files for integrating the Oracle OpenSSO Fedlet Fedlet with a .NET application:

/bin contains the Fedlet.dll and Fedlet.dll.config files.

The Fedlet.dll.config file contains the version number for the Oracle OpenSSO Fedlet release.
/conf contains the .NET Fedlet XML metadata templates and circle of trust template.
/SampleApp contains a .NET sample application that shows the connectivity between the .NET Fedlet and a remote identity provider.
readme.txt provides information about the .NET Fedlet.

You are now ready to configure the Oracle OpenSSO Fedlet, as described in the following chapters:

2.3 Packaging the Oracle OpenSSO Fedlet for a Service Provider

This section describes how an identity provider administrator can package the Oracle OpenSSO Fedlet with the identity provider metadata and send this package to a service provider administrator. The service provider administrator can then use this package to integrate a service provider Java or .NET application into the federated network environment.

To package the Oracle OpenSSO Fedlet with the identity provider metadata file, follow these steps:

On the identity provider side, download and unzip the Oracle OpenSSO Fedlet ZIP file, as described in Section 2.1, "Downloading the Oracle OpenSSO Fedlet ZIP File."
Get the Oracle OpenSSO Fedlet deployment URI from the service provider administrator.
Generate the identity provider metadata and save the metadata in a file named idp.xml.

If you are using an Oracle Identity Federation identity provider, see Section 3.4, "Configuring an Oracle Identity Federation Identity Provider for the Java Oracle OpenSSO Fedlet" or Section 4.3, "Configuring Oracle Identity Federation as an Identity Provider for the .NET Oracle OpenSSO Fedlet."
Configure the Oracle OpenSSO Fedlet, as described in Chapter 3, "Configuring the Java Oracle OpenSSO Fedlet" or Chapter 4, "Configuring the .NET Oracle OpenSSO Fedlet."

During this configuration, use the deployment URI from Step 2 and the idp.xml file from Step 3.
Package the following items and give the package to the service provider administrator:
- Java Fedlet: All files under the java directory and the output directory of your Java Fedlet configuration, including the fedletsample.war file if you generated this file during the configuration
- .NET Fedlet: All files under the asp.net folder and your .NET Fedlet configuration files if they are not under the asp.net folder
The service provider administrator (or developer) must add any necessary service provider application logic to the package and configure the service provider application for any additional features, such as using single logout or the identity provider discovery service.
Configure the identity provider by adding the Java Fedlet or .NET Fedlet as a trusted service provider and importing the service provider metadata (sp.xml file).

If you are using an Oracle Identity Federation identity provider, see Section 3.4, "Configuring an Oracle Identity Federation Identity Provider for the Java Oracle OpenSSO Fedlet" or Section 4.3, "Configuring Oracle Identity Federation as an Identity Provider for the .NET Oracle OpenSSO Fedlet."

Note:

The following additional configuration changes made to the Oracle OpenSSO Fedlet on the service provider side must be communicated to the identity provider administrator, so that the administrator can make the appropriate changes on the identity provider side:

Service provider metadata changes (sp.xml file) must be re-imported into the identity provider.
Service provider extended metadata changes (sp-extended.xml file) usually require configuration changes to the identity provider.