Documentation Home
> Sun Java System Access Manager 7 2005Q4 Federation and SAML Administration Guide
Sun Java System Access Manager 7 2005Q4 Federation and SAML Administration Guide
Book Information
Index
A
B
C
D
E
F
G
I
L
M
N
O
P
R
S
T
U
W
X
Preface
Part I The Liberty Alliance Project Specifications and Access Manager
Chapter 1 Introduction to the Liberty Alliance Project
Overview of the Liberty Alliance Project
Members of the Liberty Alliance Project
Objectives of the Liberty Alliance Project Specifications
Concept of Identity
Concept of Federation
Identity Federation
Provider Federation
Liberty Alliance Project Concepts
Account Federation
Affiliation
Attribute Provider
Authentication Context
Authentication Domain
Circle of Trust
Client
Common Domain
Defederation
Federation
Federation Cookie
Federated Identity
Federation Termination
Identity
Identity Federation
Identity Provider
Identity Service
Liberty-Enabled Client
Liberty-Enabled Proxy
Name Identifier
Principal
Profile
Provider Federation
Pseudonym
Receiver
Resource Offering
Sender
Server
Service Provider
Single Logout
Single Sign-On
Trusted Provider
Web Service Consumer
Web Service Provider
Liberty Alliance Project Specifications
Liberty Identity Federation Framework
Liberty ID-FF Protocols and Schema
Single Sign-On and Federation Protocol
Name Registration Protocol
Federation Termination Notification Protocol
Single Logout Protocol
Name Identifier Mapping Protocol
Liberty ID-FF Bindings and Profiles
Additional Liberty ID-FF Documents
Liberty Identity Web Services Framework
Liberty ID-WSF Specifications
SOAP Binding Specification
Discovery Service Specification
Security Mechanisms Specification
Data Services Template Specification
Interaction Service Specification
Authentication Service Specification
Client Profiles Specification
Additional Liberty ID-WSF Documents
Liberty Identity Service Interface Specifications
Liberty ID-SIS Personal Profile Service Specification
Liberty ID-SIS Employee Profile Service Specification
Additional Liberty ID-SIS Service Specifications
Deploying a Liberty-based System
Assess the Qualifications of Your IT Staff
Clean Up Directory Data
Draft Business Agreements
Chapter 2 Implementation of the Liberty Alliance Project Specifications
Overview
Liberty Use Cases
Unified Access to Intranet Resources
Integrated Partner Networks
Sample Use Case Process
Liberty Alliance Project Architecture in Access Manager
Accessing the Liberty Alliance Project Features
Federation in Access Manager
Liberty-based Web Services in Access Manager
Liberty Personal Profile Service
Discovery Service
SOAP Binding Service
Authentication Web Service
Liberty-based Application Programming Interfaces
SAML Service
Liberty-Based Samples
Part II Federation Management
Chapter 3 Federation
Features of Federation
Identity Federation and Single Sign-On
Auto-Federation
Bulk Federation
Authentication and Authentication Context
Identifiers and Name Registration
Global Logout
Dynamic Identity Provider Proxying
Process of Federation
Pre-login Process
Federation and Single Sign-On
Federation Graphical User Interface
Entities and Authentication Domains
Entities
Creating Entities
To Create a Provider Entity or an Affiliate Entity
Configuring Provider Entities
To Configure a Provider Entity
To Configure General Attributes for a Provider Entity
To Configure Hosted or Remote Identity Provider Attributes for a Provider Entity
To Configure Hosted or Remote Service Provider Attributes for a Provider Entity
Configuring Affiliate Entities
To Configure an Affiliate Entity
To Configure General Attributes for an Affiliate Entity
To Configure Affiliate Attributes for an Affiliate Entity
Deleting Entities
To Delete a Provider or Affiliate Entity
Authentication Domains
To Create An Authentication Domain
To Configure or Modify an Authentication Domain
To Delete an Authentication Domain
Auto-Federation
To Enable Auto Federation
Bulk Federation
Dynamic Identity Provider Proxying
To Configure and Test Dynamic Identity Provider Proxying
The Pre-login URL
Federation API
Sample Federation Environment
Chapter 4 Common Domain Services
Common Domain
Common Domain Cookie
Configuring the Common Domain Services URLs
Writer Service URL
Reader Service URL
Configuring the Common Domain Services Properties
Installing the Common Domain Services for Federation
To Test a Common Domain Services Installation
Part III Supported Web Services
Chapter 5 Authentication Web Service
Authentication Web Service Overview
XML Service File
Authentication Web Service APIs
Which Authentication Service to Use?
Authentication Web Service Process
Authentication Web Service Attribute
Mechanism Handlers List
key Parameter
class Parameter
Authentication Web Service API
com.sun.identity.liberty.ws.authnsvc Package
com.sun.identity.liberty.ws.authnsvc.mechanism Package
com.sun.identity.liberty.ws.authnsvc.protocol Package
Authentication Web Service Sample
Chapter 6 Data Services
Data Services Overview
Liberty ID-WSF Data Services Template Specification
Liberty Personal Profile Service
XML Service File
XSD Schema Definition
Liberty Employee Profile Service
XML Service File
XSD Schema Definition
Data Services API
Liberty Personal Profile Service
Liberty Personal Profile Service Process
Liberty Personal Profile Service Attributes
ResourceID Mapper
Authorizer
Attribute Mapper
Provider ID
Name Scheme
Namespace Prefix
Supported Containers
PPLDAP Attribute Map List
Require Query PolicyEval
Require Modify PolicyEval
Extension Container Attributes
Extension Attributes Namespace Prefix
Is ServiceUpdate Enabled
Service Instance Update Class
Alternate Endpoint
Alternate Security Mechanisms
Liberty Employee Profile Service
Data Services Template API
com.sun.identity.liberty.ws.dst Package
com.sun.identity.liberty.ws.dst.service Package
Developing A New Data Service
Chapter 7 Discovery Service
Discovery Service Overview
Discovery Service Concepts
Discovery Entries
XML Service Files
Discovery Service APIs
com.sun.identity.liberty.ws.disco Package
com.sun.identity.liberty.ws.disco.plugins Package
com.sun.identity.liberty.ws.interfaces Package
Discovery Service Architecture
Discovery Service Process
Discovery Service Attributes
Provider ID
Supported Authentication Mechanisms
Supported Directives
Enable Policy Evaluation for DiscoveryLookup
Enable Policy Evaluation for DiscoveryUpdate
Authorizer Plugin Class
Entry Handler Plugin Class
Classes For ResourceIDMapper Plugin
Authenticate Response Message
Generate SessionContextStatement for Bootstrapping
Encrypt NameIdentifier in Session Context for Bootstrapping
Use Implied Resource; don’t generate ResourceID for Bootstrapping
Resource Offerings for Bootstrapping Resources
Discovery Entries and Resource Offerings
Storing Discovery Entries as User Attributes
To Access and Create a User's Resource Offerings
Storing Discovery Entries as Dynamic Attributes
To Store Discovery Entries as Dynamic Attributes in a Realm
To Store Discovery Entries as Dynamic Attributes in a Role
Storing Discovery Entries for Bootstrapping
To Store Discovery Entries for Bootstrapping
Discovery Service APIs
com.sun.identity.liberty.ws.interfaces.Authorizer Interface
To Configure Policy Definitions
com.sun.identity.liberty.ws.interfaces.ResourceIDMapper Interface
com.sun.identity.liberty.ws.disco.plugins.DiscoEntryHandler Interface
Client APIs in com.sun.identity.liberty.ws.disco
Discovery Service Sample
Chapter 8 SOAP Binding Service
SOAP Binding Service Overview
XML Service File
SOAP Binding Service APIs
SOAP Binding Process
SOAP Binding Service Attributes
Request Handler List
Key Parameter
Class Parameter
SOAP Action Parameter
Web Service Authenticator
Supported Authentication Mechanisms
SOAP Binding Service Package
Part IV SAML Administration and Application Programming Interfaces
Chapter 9 SAML Administration
SAML Overview
Comparison of SAML and Liberty Specifications
SAML Architecture in Access Manager
Using SAML
Elements of SAML
Assertion Types
Profile Types
Web Browser Artifact Profile
Web Browser POST Profile
Single-Use Policy With POST Profile
SAML SOAP Receiver
SOAP Messages
Protecting SAML SOAP Receiver
To Configure Access Manager for Basic Authentication
SAML Attributes
amSAML.xml Attributes
To Modify Attributes in the amSAML.xml File
Console Attributes
Properties Group
Target Specifier
Site Identifiers
To Configure a Site Identifier
Trusted Partners
To Configure a Trusted Partner
Target URLs
Assertion
Assertion Timeout
Assertion Skew Factor For notBefore Time
Artifact
Artifact Timeout
SAML Artifact Name
Signing
Sign SAML Assertion
Sign SAML Request
Sign SAML Response
SAML API
com.sun.identity.saml Package
AssertionManager Class
SAMLClient Class
com.sun.identity.saml.assertion Package
com.sun.identity.saml.common Package
com.sun.identity.saml.plugins Package
AccountMapper and PartnerAccountMapper Interfaces
SiteAttributeMapper and PartnerSiteAttributeMapper Interfaces
AttributeMapper Interface
ActionMapper Interface
com.sun.identity.saml.protocol Package
AuthenticationQuery Class
AttributeQuery Class
AuthorizationDecisionQuery Class
com.sun.identity.saml.xmlsig Package
SAML Samples
Chapter 10 Application Programming Interfaces
Public Interfaces
Common Service Interfaces
com.sun.identity.liberty.ws.common Package
com.sun.identity.liberty.ws.interfaces Package
com.sun.identity.liberty.ws.interfaces.Authorizer Interface
com.sun.identity.liberty.ws.interfaces.ResourceIDMapper Interface
Common Security API
com.sun.identity.liberty.ws.security Package
com.sun.identity.liberty.ws.common.wsse Package
Interaction Service
Configuring the Interaction Service
Interaction Service API
PAOS Binding
Comparison of PAOS and SOAP
PAOS Binding API
PAOS Binding Sample
Appendix A Liberty-based and SAML Samples
Federation Framework Samples
sample1 Directory
sample2 Directory
sample3 Directory
Web Services Framework Samples
wsc Directory
sis-ep Directory
paos Directory
authnsvc Directory
SAML Samples
Appendix B Service Schema Files
XSD Overview
SOAP Binding Schema
Personal Profile Schema
Employee Profile Schema
Authentication Web Service Schema
PAOS Binding Schema
Metadata Description Schema
© 2010, Oracle Corporation and/or its affiliates