To View the Hosted Identity Provider Metadata in XML Format (Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0)

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

To View the Hosted Identity Provider Metadata in XML Format

This optional procedure displays, in a browser window, the standard and extended metadata for the hosted identity provider in XML format. The XML can be viewed as displayed or copied into a text file and saved.

Before You Begin

This procedure assumes that you have just completed To Configure the Hosted Identity Provider and are still logged in to the OpenSSO Enterprise console.

Access https://lb2.idp-example.com:1081/opensso/ssoadm.jsp from the web browser.

ssoadm.jsp is a Java Server Page (JSP) version of the ssoadm command line interface. In this procedure it is used to display the hosted identity provider metadata.

Click export-entity.

The export-entity page is displayed.

Enter the following values for each option and click Submit.

entityid

The EntityID is the unique uniform resource identifier (URI) used to identify a particular provider. In this deployment, type https://lb2.idp-example.com:1081/opensso.

realm

The OpenSSO Enterprise realm in which the data resides. In this deployment as all data resides in the top-level realm, type /.

sign

Leave this unchecked.

meta-data-file

Set this flag to export the standard metadata for the provider.

extended-data-file

Set this flag to export the extended metadata for the provider.

spec

Type saml2.

View the XML-formatted metadata in the browser window.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityDescriptor entityID="https://lb2.idp-example.com:1081/opensso" 
 xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  <IDPSSODescriptor WantAuthnRequestsSigned="false" 
   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
  <KeyDescriptor use="signing">
   <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:X509Data>
    <ds:X509Certificate>
MIICQDCCAakCBEeNB0swDQYJKoZIhvcNAQEEBQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh
bGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQKEwNTdW4xEDAOBgNVBAsTB09w
ZW5TU08xDTALBgNVBAMTBHRlc3QwHhcNMDgwMTE1MTkxOTM5WhcNMTgwMTEyMTkxOTM5WjBnMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAK
BgNVBAoTA1N1bjEQMA4GA1UECxMHT3BlblNTTzENMAsGA1UEAxMEdGVzdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEArSQc/U75GB2AtKhbGS5piiLkmJzqEsp64rDxbMJ+xDrye0EN/q1U5Of+
RkDsaN/igkAvV1cuXEgTL6RlafFPcUX7QxDhZBhsYF9pbwtMzi4A4su9hnxIhURebGEmxKW9qJNY
Js0Vo5+IgjxuEWnjnnVgHTs1+mq5QYTA7E6ZyL8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB3Pw/U
QzPKTPTYi9upbFXlrAKMwtFf2OW4yvGWWvlcwcNSZJmTJ8ARvVYOMEVNbsT4OFcfu2/PeYoAdiDA
cGy/F2Zuj8XJJpuQRSE6PtQqBuDEHjjmOQJ0rV/r8mO1ZCtHRhpZ5zYRjhRC9eCbjx9VrFax0JDC
/FfwWigmrW0Y0Q==
    </ds:X509Certificate>
    </ds:X509Data>
    </ds:KeyInfo>
  </KeyDescriptor>
  <ArtifactResolutionService index="0" isDefault="true" Binding=
   "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=
   "https://lb2.idp-example.com:1081/opensso/ArtifactResolver/metaAlias/idp"/>
  <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:
   HTTP-Redirect" Location="https://lb2.idp-example.com:1081/opensso/
   IDPSloRedirect/metaAlias/idp" ResponseLocation="
   https://lb2.idp-example.com:1081/opensso/IDPSloRedirect/metaAlias/idp"/>
  <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:
   HTTP-POST" Location="https://lb2.idp-example.com:1081/opensso/IDPSloPOST/
   metaAlias/idp" ResponseLocation="https://lb2.idp-example.com:1081/opensso/
   IDPSloPOST/metaAlias/idp"/>
  <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
   Location="https://lb2.idp-example.com:1081/opensso/IDPSloSoap/metaAlias/idp"/>
  <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:
   HTTP-Redirect" Location="https://lb2.idp-example.com:1081/opensso/
   IDPMniRedirect/metaAlias/idp" ResponseLocation=
   "https://lb2.idp-example.com:1081/opensso/IDPMniRedirect/metaAlias/idp"/>
  <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
   Location="https://lb2.idp-example.com:1081/opensso/IDPMniPOST/metaAlias/idp" 
   ResponseLocation="https://lb2.idp-example.com:1081/opensso/
   IDPMniPOST/metaAlias/idp"/>
  <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
   Location="https://lb2.idp-example.com:1081/opensso/IDPMniSoap/metaAlias/idp"/>
  <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
  <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
  <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
  <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
  <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
   Location="https://lb2.idp-example.com:1081/opensso/SSORedirect/metaAlias/idp"/>
  <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
   Location="https://lb2.idp-example.com:1081/opensso/SSOPOST/metaAlias/idp"/>
  <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
   Location="https://lb2.idp-example.com:1081/opensso/SSOSoap/metaAlias/idp"/>
  <NameIDMappingService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
   Location="https://lb2.idp-example.com:1081/opensso/NIMSoap/metaAlias/idp"/>
   <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
    Location="https://lb2.idp-example.com:1081/opensso/AIDReqSoap/
    IDPRole/metaAlias/idp"/>
   <AssertionIDRequestService Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI" 
    Location="https://lb2.idp-example.com:1081/opensso/AIDReqUri/
    IDPRole/metaAlias/idp"/>
  </IDPSSODescriptor>
</EntityDescriptor>

Entity descriptor was exported to file, web.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<EntityConfig entityID="https://lb2.idp-example.com:1081/opensso" hosted="true" 
 xmlns="urn:sun:fm:SAML:2.0:entityconfig">
    <IDPSSOConfig metaAlias="/idp">
      <Attribute name="wantNameIDEncrypted">
          <Value/>
      </Attribute>
      <Attribute name="AuthUrl">
          <Value/>
      </Attribute>
      <Attribute name="nameIDFormatMap">
        <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=</Value>
        <Value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos=</Value>
        <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:
         WindowsDomainQualifiedName=</Value>
         <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:
          X509SubjectName=</Value>
         <Value>urn:oasis:names:tc:SAML:1.1:nameid-format:
          emailAddress=mail</Value>
       </Attribute>
       <Attribute name="cotlist">
         <Value>idpcot</Value>
       </Attribute>
       <Attribute name="saeIDPUrl">
         <Value>https://lb2.idp-example.com:1081/opensso/idpsaehandler/
          metaAlias/idp</Value>
       </Attribute>
       <Attribute name="idpAuthncontextClassrefMapping">
         <Value>urn:oasis:names:tc:SAML:2.0:ac:classes:
          PasswordProtectedTransport|0||default</Value>
       </Attribute>
       <Attribute name="appLogoutUrl">
         <Value/>
       </Attribute>
       <Attribute name="idpAccountMapper">
         <Value>com.sun.identity.saml2.plugins.
          DefaultIDPAccountMapper</Value>
       </Attribute>
       <Attribute name="autofedEnabled">
         <Value>false</Value>
       </Attribute>
        <Attribute name="signingCertAlias">
            <Value>test</Value>
        </Attribute>
        <Attribute name="assertionCacheEnabled">
            <Value>false</Value>
        </Attribute>
        <Attribute name="idpAuthncontextMapper">
            <Value>com.sun.identity.saml2.plugins.
             DefaultIDPAuthnContextMapper</Value>
        </Attribute>
        <Attribute name="assertionEffectiveTime">
            <Value>600</Value>
        </Attribute>
        <Attribute name="wantMNIResponseSigned">
            <Value/>
        </Attribute>
        <Attribute name="wantMNIRequestSigned">
            <Value/>
        </Attribute>
        <Attribute name="attributeMap">
            <Value>EmailAddress=mail</Value>
            <Value>Telephone=telephonenumber</Value>
        </Attribute>
        <Attribute name="discoveryBootstrappingEnabled">
            <Value>false</Value>
        </Attribute>
        <Attribute name="basicAuthUser">
            <Value/>
        </Attribute>
        <Attribute name="idpAttributeMapper">
            <Value>com.sun.identity.saml2.plugins.
             DefaultIDPAttributeMapper</Value>
        </Attribute>
        <Attribute name="idpECPSessionMapper">
            <Value>com.sun.identity.saml2.plugins.
             DefaultIDPECPSessionMapper</Value>
        </Attribute>
        <Attribute name="basicAuthPassword">
            <Value/>
        </Attribute>
        <Attribute name="basicAuthOn">
            <Value>false</Value>
        </Attribute>
        <Attribute name="wantLogoutResponseSigned">
            <Value/>
        </Attribute>
        <Attribute name="wantLogoutRequestSigned">
            <Value/>
        </Attribute>
        <Attribute name="encryptionCertAlias">
            <Value/>
        </Attribute>
        <Attribute name="wantArtifactResolveSigned">
            <Value/>
        </Attribute>
        <Attribute name="assertionNotBeforeTimeSkew">
            <Value>600</Value>
        </Attribute>
        <Attribute name="autofedAttribute">
            <Value/>
        </Attribute>
        <Attribute name="saeAppSecretList"/>
    </IDPSSOConfig>
</EntityConfig>

Entity configuration was exported to file, web.

Log out of the OpenSSO Enterprise console.