test

Deployment Example 2: Federation Using SAML v2

15.1 Before You Begin

A sample JSP file is provided at the end of this chapter to help you run the four groups of test cases described in this chapter. Before you can begin running these test cases, you must complete the following tasks:

  1. Create an index.jsp file.

  2. Create a test user in the Identity Provider Site.

The following table summarizes the SAMLv2 profiles you can test in the Federation environment described in previous chapters of this document.

Table 15–1 SAMLv2 Profiles Illustrated in Use Case 1

Initiated by Service Provider 

Initiated by Identity Provider 

Use Case 1A 

1. Persistent Federation (Browser Artifact) 

2. Logout (SOAP) 

3. Single Sign-On (Browser Artifact) 

4. Federation Termination Browser (SOAP) 

Use Case 1C 

1. Persistent Federation (Browser Artifact) 

2. Logout (SOAP) 

3. Single Sign-On (Browser Artifact) 

4. Federation Termination Browser (SOAP) 

Use Case 1B 

1. Persistent Federation (Browser POST) 

2. Logout (HTTP) 

3. Single Sign-On (Browser POST) 

4. Federation (Termination HTTP) 

Use Case 1D 

1. Persistent Federation (Browser POST) 

2. Logout (HTTP) 

3. Single Sign-On (POST) 

4. Federation Termination (HTTP) 

ProcedureTo Create an index.jsp File

  1. As a root user, log into the Federation Manager 1 host.

  2. Create a text file named index.jsp based on the sample below.

  3. Copy the index.jsp file to the following directory:


    /opt/SUNWwbsver/https-FederationManager-1.siroe.com/webapps/
https-FederationManager-1.siroe.com/federation/saml2/jsp

  4. As a root user, log into the Federation Manager 2 host.

  5. Create a text file named index.jsp based on the sample below.

  6. Copy the index.jsp file to the following directory:


    /opt/SUNWwbsver/https-FederationManager-2.siroe.com/webapps/
https-FederationManager-1.siroe.com/federation/saml2/jsp

ProcedureTo Create a Test User in the Identity Provider Site

  1. Go to the Access Manager URL:


    https://Loadbalancer-3.example.com:9443/amserver/UI/Login

  2. Log in to the Access Manager console using the following information:

    User Name:

    amadmin

    Password:

    4m4dmin1

  3. On the Realms page, click the users realm name.

  4. On the users-Properties page, click the Subjects tab and then click New.

  5. On the New User page, provide the following information:

    ID:

    idp

    First Name:

    idp

    Last Name:

    idp

    Full Name:

    idp

    Password:

    idp

    Password (confirm):

    idp

    Click Save.