Sun OpenSSO Enterprise 8.0 Developer's Guide

Configure the Instance of OpenSSO Enterprise Local to the Service Provider

The following procedure shows how to configure the instance of OpenSSO Enterprise local to the service provider.

  1. Update the service provider standard metadata.

    • If you have existing service provider standard metadata, export it using ssoadm and make your modifications. After updating, delete the original file and reload the modified metadata also using ssoadm.

    • If you have not yet configured service provider standard metadata, use ssoadm to generate a service provider metadata template. After updating the template, import the modified metadata also using ssoadm.

  2. Set up the keystore.

    If using the asymmetric cryptotype, add the public and private keys to the application's keystore. Additionally, populate the identity provider's keystore with the application's public key.

  3. Update the service provider extended metadata.

    1. Enable auto-federation and specify the attribute that will identify the user's identity under the Assertion Processing tab of the service provider configuration.

    2. Specify attributes from the incoming SAML v2 assertion to be used to populate the local OpenSSO Enterprise session under the Assertion Processing tab of the service provider configuration.

    3. Setup the application's security configuration as symmetric or asymmetric by defining the Per Application Security Configuration attribute under the Advanced tab of the service provider configuration.

      Note –

      Use ampassword to encrypt the shared secret used for a symmetric configuration.

    4. OPTIONAL: Modify the SP URL attribute ( if you want to use an alternative or custom SAE landing URL) under the local service provider's Advanced tab with a value specific to your identity provider instance of OpenSSO Enterprise.

    5. Configure the value of the SP Logout URL attribute. The value of this attribute is the URL that will receive global logout requests

      Note –

      The configured URL must have a defined symmetric or asymmetric CryptoType with corresponding shared secret and certificates established.