.NET Fedlet Support for Multiple Identity Providers and Discovery Service (CR 6928524) (Oracle OpenSSO 8.0 Update 2 Release Notes)

Oracle OpenSSO 8.0 Update 2 Release Notes

Previous: .NET Fedlet Service Provider Initiated Single Sign-on (CR 6928525)
Next: .NET Fedlet Support for the Identity Provider Discovery Service (CR 6928524)

.NET Fedlet Support for Multiple Identity Providers and Discovery Service (CR 6928524)

The .NET Fedlet supports multiple identity providers and the identity provider discovery service.

In some deployments, you might want to configure the .NET Fedlet with multiple identity providers such as Oracle OpenSSO 8.0 Update 2. Perform the following task for each additional identity provider you wan to add.

To Configure the .NET Fedlet for Multiple Identity Providers

Get the XML metadata file from the additional identity provider.

Name the additional identity provider metadata file as idpn.xml, where n is the identity provider that you are adding. For example, name the second identity provider file as idp2.xml, the third as idp3.xml, and so on. This procedure uses idp2.xml as the file name.

Copy the idp2.xml file from Step 2 to your application's App_Data folder.

Add this new identity provider to the .NET Fedlet circle of trust.

To add the new identity provider to an existing circle of trust:

In the fedlet.cot file in your application's App_Data folder, append the new IDP entity ID (indicated by the entityID attribute in the idp2.xml metadata file) to the value of the sun-fm-trusted-providers attribute, using a comma (,) as a separator.

To add the new identity provider to a new circle of trust:
1. Create a new file named fedlet2.cot in your application's App_Data folder. Use the existing fedlet.cot as a template, but change the value of the cot-name attribute to the name of the new circle of trust (for example, cot2). Include both the new identity provider entity ID and the Fedlet entity ID as value for the sun-fm-trusted-providers attribute, with the two entity IDs separated by a comma (,).
2. In the sp-extended.xml file, add the new circle of trust name to the value of the cotlist attribute. For example, for a circle of trust named cot2:
```
<Attribute name="cotlist">
<Value>saml2cot</Value>
<Value>cot2</Value>
</Attribute>
```

In your application's App_Data folder, create a new idp2-extended.xml file as the extended metadata for the new identity provider. Use the existing idp-extended.xml file as a template, but change the entityID to the new identity provider entity ID. Change the value for the cotlist attribute to the circle of trust name, if a new circle of trust is created for the identity provider. Make sure that the additional identity provider is a remote identity.

Restart the Application Pool associated with your Fedlet .NET application.

The Fedlet metadata XML file (sp.xml) must be imported into the additional identity provider and added to the same circle of trust as the identity provider entity. Either import the sp.xml file into the identity provider, or give the file to your identity provider administrator to import.