Federated Single Sign-on Using OpenSSO Enterprise

In order to communicate identity attributes for the purpose of federated single sign-on, you need, at the least, two instances of OpenSSO Enterprise configured in one circle of trust. Circles of trust configured for real time interactions must have, at the least, one instance of OpenSSO Enterprise acting as the circle's identity provider and one instance of OpenSSO Enterprise acting as a service provider. To prepare your instances of OpenSSO Enterprise, you need to exchange and import the metadata for all participating identity and service providers, and assemble the providers into a circle of trust. The following steps are an overview of the process.

1. Decide whether the instance of OpenSSO Enterprise you are configuring will act as either an identity provider, a service provider, or both.

2. Create standard and extended metadata configuration files containing the appropriate metadata for your organization. See Chapter 1, ?ssoadm Command Line Interface Reference,? in Sun OpenSSO Enterprise 8.0 Administration Reference.

3. Create a circle of trust.

4. Import your organization's provider metadata into the circle of trust.

5. Determine which organizations will be added to the circle of trust as identity providers and service providers and import a standard and an extended metadata configuration file for each.

   ---

   Note –

   The values in these files will come from the providers themselves.

   ---

6. Import the provider metadata into the circle of trust

See Chapter 7, Configuring and Managing Federation, in Sun OpenSSO Enterprise 8.0 Administration Guide for more information.