Access Manager 2005Q4 supports the Liberty Alliance Identity Federation Framework 1.2 Specifications. The Federation Framework samples are located in /AccessManager-base/SUNWam/samples/liberty. To demonstrate the different Liberty-based federation protocols featured in Access Manager, three sample applications are included. They are located in the following subdirectories:
The sample1 directory provides a collection of files to configure a basic environment for creating and managing a federation. The sample demonstrates the basic use of various Liberty-based federation protocols, including account federation, SSO, single logout, and federation termination. The scenario includes a service provider (SP), an identity provider (IDP), and configuration information for the two required servers. Each server must be deployed and configured on different installations of Access Manager.
Table A–1 Configuration Information for sample1 Servers
The Readme.html file in the sample1 directory provides detailed steps on how to deploy and configure this sample. sample1 also contains instructions for configuring a common domain. For information on common domains, see Chapter 4, Common Domain Services.
The sample2 directory also provides a collection of files to configure a basic environment for creating and managing a federation. However, in this sample, the resources of the SP are deployed on a Sun Java System Web Server that is protected by a Sun Java System Policy Agent. As in sample1 Directory, the SP and IDP are deployed and configured on different Access Manager installations. Besides demonstrating account federation, SSO, single logout, and federation termination, this sample also shows how different authentication contexts can be configured by associating different authentication levels with different protected pages. This association is made by creating policies for the protected resources. The Readme.html file in the sample2 directory provides detailed steps on how to deploy and configure this sample.
The sample3 directory provides a collection of files to configure an environment for creating and managing a federation that includes two SPs and two IDPs. In this case, though, all hosted providers are deployed on a single installation of Access Manager. You need to host the same IP address (the one on which Access Manager is installed) in four different DNS domains. Thus, four virtual server instances are created on a Sun Java System Web Server, one for each of the providers.
Virtual server instances can be simulated by adding entries in the /etc/hosts file for the fully qualified host names of the virtual servers.
Because this scenario involves multiple IPs, you also need to install a common domain. You can install the Common Domain Services on the same machine as the Access Manager software or on a different machine. The Readme.html file in the sample3 directory provides detailed steps on how to deploy and configure this sample. You can also find information about common domains in Chapter 4, Common Domain Services.