OpenSSO Enterprise provides proprietary attributes that are not a specific part of the Liberty ID-FF, WS-Federation, or SAMLv2 protocols. To load OpenSSO Enterprise proprietary metadata use the following command:
ssoadm import-entity --amadmin admin-ID --password-file password_filename [--realm realm-name] [--meta-data-file metadatafilename] [--extended-data-file extended_metadata_filename] [--cot circle_of-trust] [--spec]idff_or_saml2_or-wsfed] |
After loading the metadata, the ssoadm export-entity option can be used to export metadata. This file can then be exchanged with trusted partners. Here is an example of an identity provider metadata XML file for proprietary attributes.
<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE Requests PUBLIC "-//iPlanet//Sun Access Manager 2005Q4 Admin CLI DTD//EN" "jar://com/iplanet/am/admin/cli/amAdmin.dtd"> <Requests> <OrganizationRequests DN="dc=companyA,dc=com"> <CreateHostedProvider id="http://sp.companyA.com" role="SP" defaultUrlPrefix="http://sp.companyA.com:80"> <AttributeValuePair> <Attribute name="iplanet-am-provider-name"/> <Value>sp</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="iplanet-am-provider-alias"/> <Value>sp.companyA.com</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="iplanet-am-list-of-authenticationdomains"/> <Value>samplecot</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="iplanet-am-certificate-alias"/> <Value>cert_alias</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="iplanet-am-trusted-providers"/> <Value>http://idp.companyB.com</Value> <Value>http://idp.companyC.com</Value> </AttributeValuePair> <SPAuthContextInfo AuthContext="Password" AuthLevel="1"/> <AttributeValuePair> <Attribute name="iplanet-am-provider-homepage-url"/> <Value>http://sp.companyA.com:80/idff/index.jsp</Value> </AttributeValuePair> </CreateHostedProvider> </OrganizationRequests> </Requests> |