Access https://lb4.sp-example.com:1081/opensso/console from a web browser.
Log in to the OpenSSO Enterprise console as the administrator.
amadmin
ossoadmin
Under the Access Control tab, click / (Top Level Realm).
Click the Agents tab.
Click the J2EE tab.
j2eeagent-1 is displayed under the Agent table.
Click j2eeagent-1.
The j2eeagent-1 properties page is displayed.
Click the OpenSSO Services tab.
The Edit j2eeagent-1 page is displayed.
Click the Login URL link on the Edit j2eeagent-1 page.
Remove the existing value of the OpenSSO Login URL property.
This value is displayed in the Selected box.
Enter https://lb4.sp-example.com:1081/opensso/spssoinit? metaAlias=/sp&idpEntityID=https://lb2.idp-example.com:1181/opensso in the text box and click Add.
This URL redirects the agent to the identity provider for authentication.
Enter https://lb4.sp-example.com:1081/opensso/saml2/jsp/spSingleLogoutInit.jsp?idpEntityID=https://lb2.idp-example.com:1181/opensso as a value of the OpenSSO Logout URL attribute and click Add.
Click Save.
Click the Application tab.
Add the following values to the Application Logout URI text boxes and click Add.
agentsample
/agentsample/logout
Click Save.
Log out of the OpenSSO Enterprise console and close the browser.
Log in to the pr1.sp-example.com host machine.
Restart the WebLogic administration server and managed instance.
# cd /usr/local/bea/user_projects/domains/pr1/bin # ./stopManagedWebLogic.sh ApplicationServer-1 t3://localhost:7001 # ./stopWebLogic.sh # ./startWebLogic.sh # ./startManagedWebLogic.sh ApplicationServer-1 t3://localhost:7001 |
Log out of the pr1.sp-example.com host machine.
Verify the configurations with the following sub procedure.
Access http://pr1.sp-example.com:1081/agentsample from a web browser.
The user is redirected to the OpenSSO Enterprise login page on the identity provider side.
Log in to the OpenSSO Enterprise console as the administrator.
idpuser
idpuser
After successful authentication, single sign on is accomplished between the identity provider and the service provider.
Access http://pr1.sp-example.com:1081/agentsample/logout from a web browser.
The J2EE policy agent sample application welcome page is displayed. The user has successfully logged out of both the identity provider and the service provider.