The Sun Java System SAML v2 Plug-in for Federation Services delivers a solution that allows businesses to establish a framework for sharing trusted information across a distributed network of partners using the standards-based SAML v2. Towards this end, HTTP(S)-based service endpoints and SOAP service endpoints are supplied in support of the respective profiles defined in the specifications as well as assertion and protocol object manipulating classes.
After installing the SAML v2 Plug-in for Federation Services, a group of companies can exchange security assertions for single sign-on when they all participate in the same SAML v2–enabled circle of trust. A web browser can access all HTTP(S)-based service endpoints and an application can make use of the SOAP endpoints and classes as long as metadata for each participating business on BOTH sides of the interaction is exchanged beforehand.
The key features of the SAML v2 Plug-in for Federation Services include:
Interoperability with the following Sun Microsystems' server products:
Access Manager 7 2005Q4
Federation Manager 7.0
The SAML v2 Plug-in for Federation Services supports all web containers and platforms used by these products.
Single sign-on using the POST profile, the Artifact binding (also referred to as HTTP redirect), and unsolicited responses (initiated by the identity provider).
Single logout using HTTP redirect and SOAP binding.
Federation termination using HTTP redirect and SOAP binding.
Auto-federation (automatic linking of service provider and identity provider user accounts based on a common attribute).
Bulk federation.
Supports one-time federation (transient NameID format in SSO).
Service provider interfaces (SPI) for the following:
Account mapping (map between the account referred to in the incoming request and the local user account).
Attribute mapping (specifies which set of user attributes in an identity provider user account need to be included in an assertion AND maps the attributes included in an assertion by the identity provider to attributes in the user account defined by the service provider).
Authentication context mapping (map between Authentication Contexts defined in the SAML v2 specifications and authentication framework schemes defined in Access Manager and Federation Manager (user/module/service/role/level based authentication).
Supports Basic Authentication, SSL and SSL with client authentication for SOAP Binding.
SAML v2 authentication module.
Support for the identity provider Discovery Protocol as the SAML v2 IDP Discovery Service.
Supports SAML v2 Circle of Trust.
A SAML v2 software development kit (SDK).
XML verification, signing, encryption and decryption.
JavaServer Pages™ (JSP™) for profile initiation and processing.
Support for load balancing.
Pre-deployment of sample.
Protocol coexistence with the SAML v1.x and the Liberty Alliance Project's Identity Federation Framework (Liberty ID-FF).
Although the SAML v2 and SAML v1.x specifications can coexist, they are not interoperable.
You can install the SAML v2 Plug-in for Federation Services on the following products and platforms.
The SAML v2 Plug-in for Federation Services is supported on Sun Java System Access Manager 7 2005Q4 in both realm and legacy mode. It can be installed on versions of the Solaris™ Operating System (OS) or Red Hat™ Linux.
Table 1–1 Access Manager Requirements
The SAML v2 Plug-in for Federation Services is supported on Sun Java System Federation Manager 7 2005Q4. It can be installed on versions of the Solaris OS.
Table 1–2 Federation Manager Requirements
Hardware |
Operating System |
---|---|
SPARC |
Solaris OS 8 / 9 / 10 |
x86 |
Solaris OS 9 / 10 |