Installing the SAML v2 IDP Discovery Service

In deployments having more than one identity provider, the SAML v2 IDP Discovery Service allows service providers to determine which identity provider a principal uses with the Web Browser SSO profile. The SAML v2 IDP Discovery Service relies on a cookie written in a domain common to all identity providers and service providers in a circle of trust. The SAML v2 Plug-in for Federation Services can install a standalone instance of the SAML v2 IDP Discovery Service in this predetermined domain, also known as the common domain.

Information on configuring SAML v2 IDP Discovery Service is in The SAML v2 IDP Discovery Service.

To Install the SAML v2 IDP Discovery Service

Before You Begin

Download and unpack the SAML v2 Plug-in for Federation Services binaries as described in Installing the SAML v2 Plug-in for Federation Services.

1. Create an installation configuration properties file.

   Be sure to set the IDPDISCOVERY_ONLY, COMMON_COOKIE_DOMAIN, and COOKIE_ENCODE properties as described in Creating an Installation Configuration Properties File.

2. Run the saml2setup command.

   # saml2setup install -s installation-file-name

   where installation-file-name is the name of the installation configuration properties file described in Creating an Installation Configuration Properties File.

   The installer will create a SAML v2 IDP Discovery Service WAR named idpdiscovery.war in /AccessManager-base/product-directory/saml2/ or /FederationManager-base/SUNWam/saml2/.

3. Deploy idpdiscovery.war according to the instructions in Appendix A, Deploying the SAML v2 Plug-in for Federation Services Generated WAR.

4. Restart your web container.

Next Steps

See The SAML v2 IDP Discovery Service to configure the SAML v2 IDP Discovery Service.