The following is a high-level overview of the sequence you must follow to enable SiteMinder with OpenSSO Enterprise in an Identity Provider Environment:
Configure the Identity Provider OpenSSO Enterprise to Use SAMLv2 Identity Provider Protocols.
Configure the SiteMinder Agent to Protect OpenSSO Enterprise URLs.
Install the OpenSSO Enterprise Policy Agent in the Service Provider.
The following are the principal components in this use case:
OpenSSO Enterprise in the Identity Provider container
SiteMinder Web Agent
SiteMinder custom authentication module
OpenSSO Enterprise in the Service Provider container
The Identity Provider and Service Provider should be in installed in different domains. If this is not possible, they should minimally use different cookie names or cookie domains.
You can defer the installation of OpenSSO Enterprise policy agent for protecting the OpenSSO Enterprise Service Provider until the end of the installation procedures. This gives you the opportunity to verify that the SAML2 setup is working before you proceed.
Before proceeding, be sure to read the general instructions in Installing SiteMinder and in Configuring SiteMinder After Installation. The following steps provide additional installation information specific only to this use case.
Install and configure OpenSSO Enterprise in the same container in which the Identity Provider is installed.
For detailed installation instructions, see the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.
Be sure that the Identity Provider container supports SiteMinder Web Agent installation.
Configure OpenSSO Enterprise to use the same user repository as the SiteMinder user repository. This enables both OpenSSO Enterprise and SiteMinder to provide a single session for the same user.
Install and configure the SiteMinder Web Agent on the OpenSSO Enterprise container.
For now, configure the SiteMinder Web Agent to protect an arbitrary URL on the container. In this example, the protected URL is /validation/index.html.
As in the previous section, create a context root /validation, or create a directory named validation under the docroot.
Be sure that the SiteMinder form authentication scheme is working for the protected URL.
Install the SiteMinder custom authentication module in OpenSSO Enterprise.
After you unzip the OpenSSO Enterprise binary, the SiteMinder custom authentication module is located under the directory unzip-directory/integrations/siteminder/. The README.html provides steps for building a custom authentication module. The following parameters must be set to enable the SiteMinder SDK to connect to the SiteMinder Policy Server:
SiteMinder cookie name. The default name is SMSESSION.
Unique policy agent configuration obtained from SiteMinder, and used by OpenSSO Enterprise to point to the SiteMinder SDK .
Indicates where the SiteMinder Policy Server is located.
This attribute should be enabled when the SiteMinder Web Agent is installed on the same host as OpenSSO Enterprise. The SiteMinder Web Agent performs session validation. When this attribute is enabled, the rest of the configuration is not needed.
Name of the SiteMinder SDK host name.
One of 3 TCP ports used by the SiteMinder Server to connect to the SiteMinder SDK.
One of 3 TCP ports used by the SiteMinder Server to connect to the SiteMinder SDK.
One of 3 TCP ports used by the SiteMinder Server to connect to the SiteMinder SDK.
In a connection pool implementation, the maximum number of concurrent connections that a can be opened.
In a connection pool implementation, the minimum number of concurrent connections that a can be opened.
In a connection pool implementation, the number of concurrent connections that can be opened.
Maximum time that the SiteMinder SDKwaits before it connects to SiteMinder Policy Server.
When configured, the SiteMinder Web Agent sets a header name for the remote user after successful authentication. This parameter is used only when the checkRemoteHeaderOnly flag is set. The SMAuth module uses this parameter to create an OpenSSO Enterprise session.
The following diagram shows an example of SiteMinder custom authentication module configuration.
Install and configure OpenSSO Enterprise in the container in which the Service Provider is installed.
For detailed installation instructions, see the OpenSSO Enterprise Installation and Configuration Guide.
Install the SiteMinder Web Agent in the OpenSSO Enterprise container.
See the SiteMinder product documentation.
Before you can enable the SAMLv2 Identity Provider protocols, you must generate, customize, and load each of the following:
Identity Provider metadata
Identity Provider extended metadata
Service Provider metadata
Service Provider extended metadata.
Read through the following instructions for the changes that you must make to the default metadata. The SAML2 samples contain instructions on how to setup SAML2.
You must import Identity Provider metadata and Identity Provider extended metadata as hosted metadata. You must import Service Provider metadata and Service Provider extended metadata as remote entity metadata. To change a configuration from the default hosted to remote, modify the extended metadata XML element <EntityConfig>. Change the default attribute hosted=true to hosted=false.
See the OpenSSO Enterprise product documentation for commands and syntax.
Generate the metadata templates in both Identity Provider and Service Provider environments.
Use thefamadm command. You can also use the browser-based interface at the following URL:
http:host:port/opensso/famadm.jsp
At Identity Provider :
famadm create-metadata-templ -y idp_entity_id -u amadmin -f admin_password_file_name -m idp_standard_metadata -x idp_extended_metadata -i idp_meta_alias |
where idp_meta_alias is /idp
At Service Provider:
famadm create-metadata-templ -y sp_entity_id -u amadmin -f admin_password_file_name -m sp_standard_metadata -x sp_extended_metadata -s sp_meta_alias |
where sp_meta_alias is /sp
Customize Identity Provider and Service Provider extended metadata.
The Identity Provider extended metadata should be added as an attribute named AuthUrl. This URL attribute is used by the SAML protocols to redirect for authentication purposes. In the following example, AuthUrlredirects to the SiteMinder authentication module.
<Attribute name="AuthUrl"> <Value>http://host:port/opensso/UI/Login?module=SMAuth</Value> </Attribute> |
Another option is to make the SiteMinder custom authentication module the default login module in OpenSSO Enterprise. The cost of using this option is that you must specify an LDAP login module for logging in as an administrator.
The Service Provider extended metadata uses the attribute named transientUser. Set this value to your anonymous user:
<Attribute name="transientUser"> <Value>anonymous</Value> </Attribute> |
Load the Identity Provider and Service Provider metadata.
First create a Circle of Trust as mentioned in the URL. The Circle of Trust should also be added in the extended metadata.
In your extended template files, you will see a sample Circle of Trust. Modify the sample to create your Circle of Trust.
<Attribute name="cotlist"> <Value>samplesaml2cot</Value> </Attribute> |
Load the hosted metadata in both the Identity Provider and the Service Provider using the famadm command or through OpenSSO Enterprise administration console.
Exchange the metadata Service Provider with the Identity Provider metadata.
Exchange the Identity Provider metadata with the Service Provider.
Load all metadata.
After successful metadata exchange, verify through the OpenSSO Enterprise administration console that SAMLv2 is working properly.
The following shows a sample UI for SAMLv2 configuration.
This configuration protects the SAML Single Sign-On Service URL so that the SiteMinder session must be established before the SAML assertion is generated.
In the SiteMinder administration console, create a new realm in unprotected mode.
In this example, the realm is named opensso.
Create a rule that protects only the SAML2 SSO URL.
Other URLs are unprotected for now.
The policy agent must be supported on the container where the enterprise application is deployed. For detailed installation information, see the policy agent documentation.
Change the policy agent login URL to the OpenSSO Enterprise SAML2 Service Provider-initiated Single Sign-on Service URL. Example:
http://<sphost>:<spport>/opensso/saml2/jsp/spSSOInit.jsp?metaAlias=<Service Provider MetaAlias> &idpEntityID=<Identity Provider Entity ID>&NameIDFormat=transient
Authenticate at the SiteMinder login page using user name and password.
Access the enterprise application in the Service Provider environment.
The enterprise application is protected by OpenSSO Enterprise Service Provider Agent. The agent should allow access to the application.
http://HostName.example.com:9898/validation/index.html GET /validation/index.html HTTP/1.1 Host: HostName.example.com:9898 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 302 Moved Temporarily Server: Netscape-Enterprise/6.0 Date: Fri, 01 Feb 2008 23:46:12 GMT Cache-Control: no-cache Location: http://HostName.example.com:9898/SiteMinderagent/forms/ login.fcc?TYPE=33554433&REALMOID=06-1716e557-15f3-100f-b9a4-835cc8200cb3&GUID= &SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4f9R%2bcSa0%2fEgnu6oUQQPMQnUg kU6Zvx5zWZpQ%3d&TARGET=$SM$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898% 2fvalidation%2findex%2ehtml Connection: close |
http://HostName.example.com:9898/SiteMinderagent/forms/login.fcc?TYPE= 33554433&REALMOID=06-1716e557-15f3-100f-b9a4-835cc8200cb3&GUID=&SMAUTHREASON= 0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4f9R%2bcSa0%2fEgnu6oUQQPMQnUgkU6Zvx5zWZpQ% 3d&TARGET=$SM$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898%2fvalidation% 2findex%2ehtml GET /SiteMinderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-1716e557-15f3- 100f-b9a4-835cc8200cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4 f9R%2bcSa0%2fEgnu6oUQQPMQnUgkU6Zvx5zWZpQ%3d&TARGET=$SM$http%3a%2f%2fshivalik%2 ered%2eiplanet%2ecom%3a9898%2fvalidation%2findex%2ehtml HTTP/1.1 Host: HostName.example.com:9898 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK Server: Netscape-Enterprise/6.0 Date: Fri, 01 Feb 2008 23:46:12 GMT Content-Type: text/html; charset=ISO-8859-1 Connection: close ---------------------------------------------------------- http://HostName.example.com:9898/SiteMinderagent/forms/login.fcc?TYPE= 33554433&REALMOID=06-1716e557-15f3-100f-b9a4-835cc8200cb3&GUID=&SMAUTHREASON= 0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4f9R%2bcSa0%2fEgnu6oUQQPMQnUgkU6Zvx5zWZpQ% 3d&TARGET=$SM$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898%2fvalidation% 2findex%2ehtml POST /SiteMinderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-1716e557-15f3- 100f-b9a4-835cc8200cb3&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4 f9R%2bcSa0%2fEgnu6oUQQPMQnUgkU6Zvx5zWZpQ%3d&TARGET=$SM$http%3a%2f%2fshivalik% 2ered%2eiplanet%2ecom%3a9898%2fvalidation%2findex%2ehtml HTTP/1.1 Host: HostName.example.com:9898 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://HostName.example.com:9898/SiteMinderagent/forms/ login.fcc?TYPE=33554433&REALMOID=06-1716e557-15f3-100f-b9a4-835cc8200cb3& GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4f9R%2bcSa0% 2fEgnu6oUQQPMQnUgkU6Zvx5zWZpQ%3d&TARGET=$SM$http%3a%2f%2fshivalik%2ered% 2eiplanet%2ecom%3a9898%2fvalidation%2findex%2ehtml Content-Type: application/x-www-form-urlencoded Content-Length: 233 SMENC=ISO-8859-1&SMLOCALE=US-EN&USER=test&PASSWORD=test&target=http% 3A%2F%2FHostName.example.com%3A9898%2Fvalidation% 2Findex.html&smauthreason=0&smagentname=sHjbzl4f9R%2BcSa0% 2FEgnu6oUQQPMQnUgkU6Zvx5zWZpQ%3D&postpreservationdata= HTTP/1.x 302 Moved Temporarily Server: Netscape-Enterprise/6.0 Date: Fri, 01 Feb 2008 23:46:18 GMT Content-Type: magnus-internal/fcc Set-Cookie: SMSESSION=2xm2Iw6fTMBcjA6rlK/YUY1CRBudYxwOCkfpCo95YKAp2b4ZzLOPT qi2S14CQ7nRja+fUq53Aj0pmTxDvPKTMcKD1Ql1hGx0gPK7xx2eqMP3IyTAK3qNahRgt7mQRTIB BDEE0rOJcpgrMRtsteC90yMdiJrrEeqfC38utU6mxO9BejwjRuGN2rmf9WM4Odl+4TE0iUOiP/k iCR6sn2r03GBsbBjOi12oSlh/4JAyfOwxsgBJCwDiZVlFXNiKNaKdY1UQr8OcKeO33eNn3w9RW9 ZrjRibQTQcxxmiR+gsvAuM8etEzP6GCFKjc1s8I3DNuSBbDqfyt81YUSYdEYa9UKfvvOJplZOIT BkQajcAEPOq+vTYxQ4BH2RmjdPMVcIxRm2bibM9QtuQD83C9QubTk1lq4j+ywPsvutiYEoGHV+7 6VXws5NsvhK2gH4ZTC0xsd76X2/1no8xMv9c3W4DcSp9cQQ74/7+a7gzT+hxQSpyQFf4mDTnq/D XS5V7tcLS0EyFcf8RwSbvDPnICiebR3vtZgHRL1kEZheEh9ToHmwqIO9cCqz9rJXR7/NL+o/AQr 7M4o+LyA7KxozAueUj0pg8GINteUGVxMLWmR7Xm/Lp0pI9DjM5mfbmP8Ka+w0T6H9LHNlQGaYZA PCkeABAXqLb8q8yJUzPdI0BVlp1awNCx579DereoCIzCZdQ99rVDSQUS77KCQATnYXrHqTxqbXxW beDf6gk9ZCf29XTzO8hBLdScqGOBX1OvDvzdghcjHnupQf1fYltt/3MrZ/Jrxonbpgxg4C5zVgSU PrNqb66RYWQOelZXooh7lTPoFHsMFodVnecsOZmEMXNI8DB08pyo5KhRZJk2Mr4o3rPNtiHPpnXc d+imapuosG3FwF5Sv6flh8jbiE9/MZdIQ06hgWEIiCnUEYdboli4TWgy0/QpCbdJ7OviU275VZiC W6hMTRyrxnEvoQ=; path=/; domain=.red.example.com Cache-Control: no-cache Location: http://HostName.example.com:9898/validation/index.html Connection: close ---------------------------------------------------------- http://HostName.example.com:9898/validation/index.html GET /validation/index.html HTTP/1.1 Host: HostName.example.com:9898 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://HostName.example.com:9898/SiteMinderagent/forms/ login.fcc?TYPE=33554433&REALMOID=06-1716e557-15f3-100f-b9a4-835cc8200cb3&GUID= &SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=$SM$sHjbzl4f9R%2bcSa0%2fEgnu6oUQQPMQnUg kU6Zvx5zWZpQ%3d&TARGET=$SM$http%3a%2f%2fshivalik%2ered%2eiplanet%2ecom%3a9898% 2fvalidation%2findex%2ehtml Cookie: SMSESSION=2xm2Iw6fTMBcjA6rlK/YUY1CRBudYxwOCkfpCo95YKAp2b4ZzLOPTqi2S14 CQ7nRja+fUq53Aj0pmTxDvPKTMcKD1Ql1hGx0gPK7xx2eqMP3IyTAK3qNahRgt7mQRTIBBDEE0rOJ cpgrMRtsteC90yMdiJrrEeqfC38utU6mxO9BejwjRuGN2rmf9WM4Odl+4TE0iUOiP/kiCR6sn2r03 GBsbBjOi12oSlh/4JAyfOwxsgBJCwDiZVlFXNiKNaKdY1UQr8OcKeO33eNn3w9RW9ZrjRibQTQcxx miR+gsvAuM8etEzP6GCFKjc1s8I3DNuSBbDqfyt81YUSYdEYa9UKfvvOJplZOITBkQajcAEPOq+vT YxQ4BH2RmjdPMVcIxRm2bibM9QtuQD83C9QubTk1lq4j+ywPsvutiYEoGHV+76VXws5NsvhK2gH4Z TC0xsd76X2/1no8xMv9c3W4DcSp9cQQ74/7+a7gzT+hxQSpyQFf4mDTnq/DXS5V7tcLS0EyFcf8Rw SbvDPnICiebR3vtZgHRL1kEZheEh9ToHmwqIO9cCqz9rJXR7/NL+o/AQr7M4o+LyA7KxozAueUj0p g8GINteUGVxMLWmR7Xm/Lp0pI9DjM5mfbmP8Ka+w0T6H9LHNlQGaYZAPCkeABAXqLb8q8yJUzPdI0 BVlp1awNCx579DereoCIzCZdQ99rVDSQUS77KCQATnYXrHqTxqbXxWbeDf6gk9ZCf29XTzO8hBLdS cqGOBX1OvDvzdghcjHnupQf1fYltt/3MrZ/Jrxonbpgxg4C5zVgSUPrNqb66RYWQOelZXooh7lTPo FHsMFodVnecsOZmEMXNI8DB08pyo5KhRZJk2Mr4o3rPNtiHPpnXcd+imapuosG3FwF5Sv6flh8jbi E9/MZdIQ06hgWEIiCnUEYdboli4TWgy0/QpCbdJ7OviU275VZiCW6hMTRyrxnEvoQ= HTTP/1.x 200 OK Server: Netscape-Enterprise/6.0 Date: Fri, 01 Feb 2008 23:46:18 GMT Set-Cookie: SMSESSION=jlO0TgMQfglpU+GHQCJqbnoE2Pevax6fdzPGU7ZAgJuPb/fxTjCbWX1 B1RO6QaLJn6VoVGNK8Sy6IeILAyv+LciS/OMK1E0tSXnL5Uvit3XIuWuiSMuklyDMIlOQ6n3ZSGGr 9sKBUch5YVfGcfGjHQFcBIlzegQxBRrgH/l2rc8aTEHdCrprvBiRHwQlxJbrcWMqfJw7h+HUEtiz9 bQCUkwMbpEW4eBfNyRlZTGov3K5hg4HK4tuoyvOeKdZaewlTB4Lm+QeGWo2qv2mPDP+eVtBiVtRVH HTHGfSthTJYQOOc4rPV2dnl8axpWppGByeUmfmeService Provider9x5hVxDi91iyobTybKpDz0 bltkvnHbqwbLfehUPtJFxS3Z54y9dmiuoQ+B5Kdrs7DNuvrnAI1ZQdDKQEVA4Pt+vA9KO18ah9V1I 7BZ9D/x60uWxfaA3Ty8lRgWhMYqdBulFMD1B29sxboNHWdJ2FaxQJGjMpSEZ5iHB50ovF4YFXRyPP 5Tl7eJxIebLKX02LFrG/osNZ9UKHrMY1MRK5WWHJlYB040ADVcTNrFkc39vcYIA1eGDYhC/NaOd41 2HP5S0UX0/59ADMLBsX/qBjcdODy3li+4eZnK1oHw/9yr3LCjewJ+H9w0k0/dQw99vgwEM2RPFgH5 Y7W6k6h1efp67VKXLBiJ1OZPJe2SCEDAOUla8qsC8fQ0VWTy/TfVhVtqJOaSLZrACX7uhPzbZE1EA Pd8x7UeJquFll3WpdnZYObd0DQLeoWZcF2rPIcfBn+8X8oig5KzvAgQ9R8MR+h7OkYfhmwwBDaQkb KPpIxjpeLNxKpkEVWJ9HoHOpZ/txCQUAHqPV41YjZ6CQfBfUqdOHbfje9O+0pJ1aHMntI4VYZOqdx sA+n9cgKjNQ8ruHOqSKhAQfEgipwcM2fMU3Uqmtr+0/+5bi7Cbs=; path=/; domain=.red.example.com Content-Type: text/html Etag: "dcea10a4-1-0-88" Last-Modified: Thu, 10 Jan 2008 01:42:07 GMT Content-Length: 136 Accept-Ranges: bytes ---------------------------------------------------------- |
http://ide-13.red.example.com:8080/opensso/saml2/jsp/spSSOInit.jsp? metaAlias=/sp&idpEntityID= http://HostName.example.com:8080/opensso&NameIDFormat=transient GET /opensso/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID= http://HostName.example.com:8080/opensso&NameIDFormat=transient HTTP/1.1 Host: ide-13.red.example.com:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: SMSESSION=jlO0TgMQfglpU+GHQCJqbnoE2Pevax6fdzPGU7ZAgJuPb/fxTj CbWX1B1RO6QaLJn6VoVGNK8Sy6IeILAyv+LciS/OMK1E0tSXnL5Uvit3XIuWuiSMukly DMIlOQ6n3ZSGGr9sKBUch5YVfGcfGjHQFcBIlzegQxBRrgH/l2rc8aTEHdCrprvBiRHw QlxJbrcWMqfJw7h+HUEtiz9bQCUkwMbpEW4eBfNyRlZTGov3K5hg4HK4tuoyvOeKdZae wlTB4Lm+QeGWo2qv2mPDP+eVtBiVtRVHHTHGfSthTJYQOOc4rPV2dnl8axpWppGByeUm fmeService Provider9x5hVxDi91iyobTybKpDz0bltkvnHbqwbLfehUPtJFxS3Z54y9 dmiuoQ+B5Kdrs7DNuvrnAI1ZQdDKQEVA4Pt+vA9KO18ah9V1I7BZ9D/x60uWxfaA3Ty8l RgWhMYqdBulFMD1B29sxboNHWdJ2FaxQJGjMpSEZ5iHB50ovF4YFXRyPP5Tl7eJxIebLK X02LFrG/osNZ9UKHrMY1MRK5WWHJlYB040ADVcTNrFkc39vcYIA1eGDYhC/NaOd412HP5 S0UX0/59ADMLBsX/qBjcdODy3li+4eZnK1oHw/9yr3LCjewJ+H9w0k0/dQw99vgwEM2RP FgH5Y7W6k6h1efp67VKXLBiJ1OZPJe2SCEDAOUla8qsC8fQ0VWTy/TfVhVtqJOaSLZrAC X7uhPzbZE1EAPd8x7UeJquFll3WpdnZYObd0DQLeoWZcF2rPIcfBn+8X8oig5KzvAgQ9R8 MR+h7OkYfhmwwBDaQkbKPpIxjpeLNxKpkEVWJ9HoHOpZ/txCQUAHqPV41YjZ6CQfBfUqd OHbfje9O+0pJ1aHMntI4VYZOqdxsA+n9cgKjNQ8ruHOqSKhAQfEgipwcM2fMU3Uqmtr+0 /+5bi7Cbs= HTTP/1.x 302 Moved Temporarily X-Powered-By: JService Provider/2.1 Server: Sun Java System Application Server 9.1 Set-Cookie: JSESSIONID=765d4c266461607b4b55811d34ca; Path=/opensso Location: http://HostName.example.com:8080/opensso/SSORedirect/ metaAlias/idp?SAMLRequest=nVTNjtowEL7vU0S%2BQ5ywXcACJAqqirRtKbA99Gac SbHq2KlnwtK3rx1YRNUV2nIdj2e%2BP3uEsjK1mDa0syv41QBSkhwqY1G0J2PWeCucRI 3CygpQkBLr6adHkXe5qL0jp5xhd4v5mGHeH%2BYPSvF8ONxu4aHkWZaDLPpl2Rts%2B8 PBu16ewZDfK5Z8A4%2Fa2TELY1iyQGxgYZGkpVDifNDheYdnm7wn7vuix7%2BzZB6gaS upvbUjqkWa4k7vpdE%2Fux6Krq6NtEBd5Sox4AOeuhosokvX6y8rKLQHRWkFJKdGS0x1 UbPkg%2FMKWvJjVkqDELEsJaLew7myPLF8r22h7Y%2FrkmyPTSg%2BbjbLztSTLqUilk wRwUfwM2exqcCvwe%2B1gqfV45mOLqCT9a6Tebl%2BwQRrNrkbRbtEK6S%2FMPA6WPkC ik3eDmGUXqw6La7F5zB8MV86o9XvWxIUragkXe%2BOFV10yrZVkJcWNdig7noZ939tQh hKDf5%2FFA3WGOOeZx4kBc%2FJN8AmR45%2FszpTPb0TKNrgBEMIDnQL5Zmrauk1xkTD IcZkcrTxcvDMBJdWUN5i6tU2JVQcHcox8M%2FOFzHo4ZFAsYnK1s7TyevX8Jw1elWOIF b679cy%2BQM%3D Content-Type: text/html;charset=ISO-8859-1 Content-Length: 0 Date: Fri, 01 Feb 2008 23:47:30 GMT ---------------------------------------------------------- http://HostName.example.com:8080/opensso/SSORedirect/metaAlias/ idp?SAMLRequest=nVTNjtowEL7vU0S%2BQ5ywXcACJAqqirRtKbA99GacSbHq2Klnw tK3rx1YRNUV2nIdj2e%2BP3uEsjK1mDa0syv41QBSkhwqY1G0J2PWeCucRI3CygpQkB Lr6adHkXe5qL0jp5xhd4v5mGHeH%2BYPSvF8ONxu4aHkWZaDLPpl2Rts%2B8PBu16ew ZDfK5Z8A4%2Fa2TELY1iyQGxgYZGkpVDifNDheYdnm7wn7vuix7%2BzZB6gaSupvbUj qkWa4k7vpdE%2Fux6Krq6NtEBd5Sox4AOeuhosokvX6y8rKLQHRWkFJKdGS0x1UbPkg %2FMKWvJjVkqDELEsJaLew7myPLF8r22h7Y%2FrkmyPTSg%2BbjbLztSTLqUilkwRwU fwM2exqcCvwe%2B1gqfV45mOLqCT9a6Tebl%2BwQRrNrkbRbtEK6S%2FMPA6WPkCik3 eDmGUXqw6La7F5zB8MV86o9XvWxIUragkXe%2BOFV10yrZVkJcWNdig7noZ939tQhhK Df5%2FFA3WGOOeZx4kBc%2FJN8AmR45%2FszpTPb0TKNrgBEMIDnQL5Zmrauk1xkTDI cZkcrTxcvDMBJdWUN5i6tU2JVQcHcox8M%2FOFzHo4ZFAsYnK1s7TyevX8Jw1elWOIF b679cy%2BQM%3D GET /opensso/SSORedirect/metaAlias/idp?SAMLRequest=nVTNjtowEL7vU0S%2 BQ5ywXcACJAqqirRtKbA99GacSbHq2KlnwtK3rx1YRNUV2nIdj2e%2BP3uEsjK1mDa0s yv41QBSkhwqY1G0J2PWeCucRI3CygpQkBLr6adHkXe5qL0jp5xhd4v5mGHeH%2BYPSvF 8ONxu4aHkWZaDLPpl2Rts%2B8PBu16ewZDfK5Z8A4%2Fa2TELY1iyQGxgYZGkpVDifND heYdnm7wn7vuix7%2BzZB6gaSupvbUjqkWa4k7vpdE%2Fux6Krq6NtEBd5Sox4AOeuho sokvX6y8rKLQHRWkFJKdGS0x1UbPkg%2FMKWvJjVkqDELEsJaLew7myPLF8r22h7Y%2F rkmyPTSg%2BbjbLztSTLqUilkwRwUfwM2exqcCvwe%2B1gqfV45mOLqCT9a6Tebl%2Bw QRrNrkbRbtEK6S%2FMPA6WPkCik3eDmGUXqw6La7F5zB8MV86o9XvWxIUragkXe%2BOF V10yrZVkJcWNdig7noZ939tQhhKDf5%2FFA3WGOOeZx4kBc%2FJN8AmR45%2FszpTPb0 TKNrgBEMIDnQL5Zmrauk1xkTDIcZkcrTxcvDMBJdWUN5i6tU2JVQcHcox8M%2FOFzHo4 ZFAsYnK1s7TyevX8Jw1elWOIFb679cy%2BQM%3D HTTP/1.1 Host: HostName.example.com:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: SMSESSION=jlO0TgMQfglpU+GHQCJqbnoE2Pevax6fdzPGU7ZAgJuPb/fxTjC bWX1B1RO6QaLJn6VoVGNK8Sy6IeILAyv+LciS/OMK1E0tSXnL5Uvit3XIuWuiSMuklyDM IlOQ6n3ZSGGr9sKBUch5YVfGcfGjHQFcBIlzegQxBRrgH/l2rc8aTEHdCrprvBiRHwQlx JbrcWMqfJw7h+HUEtiz9bQCUkwMbpEW4eBfNyRlZTGov3K5hg4HK4tuoyvOeKdZaewlTB 4Lm+QeGWo2qv2mPDP+eVtBiVtRVHHTHGfSthTJYQOOc4rPV2dnl8axpWppGByeUmfme Service Provider9x5hVxDi91iyobTybKpDz0bltkvnHbqwbLfehUPtJFxS3Z54y9dm iuoQ+B5Kdrs7DNuvrnAI1ZQdDKQEVA4Pt+vA9KO18ah9V1I7BZ9D/x60uWxfaA3Ty8lRg WhMYqdBulFMD1B29sxboNHWdJ2FaxQJGjMpSEZ5iHB50ovF4YFXRyPP5Tl7eJxIebLKX02 LFrG/osNZ9UKHrMY1MRK5WWHJlYB040ADVcTNrFkc39vcYIA1eGDYhC/NaOd412HP5S0UX 0/59ADMLBsX/qBjcdODy3li+4eZnK1oHw/9yr3LCjewJ+H9w0k0/dQw99vgwEM2RPFgH5Y 7W6k6h1efp67VKXLBiJ1OZPJe2SCEDAOUla8qsC8fQ0VWTy/TfVhVtqJOaSLZrACX7uhPz bZE1EAPd8x7UeJquFll3WpdnZYObd0DQLeoWZcF2rPIcfBn+8X8oig5KzvAgQ9R8MR+h7O kYfhmwwBDaQkbKPpIxjpeLNxKpkEVWJ9HoHOpZ/txCQUAHqPV41YjZ6CQfBfUqdOHbfje9 O+0pJ1aHMntI4VYZOqdxsA+n9cgKjNQ8ruHOqSKhAQfEgipwcM2fMU3Uqmtr+0/+5bi7Cbs= HTTP/1.x 302 Moved Temporarily X-Powered-By: JService Provider/2.1 Server: Sun Java System Application Server 9.1 Set-Cookie: JSESSIONID=766be1d1028d55badd1ed0fe34ac; Path=/opensso Location: http://HostName.example.com:8080/opensso/UI/Login?module= SMAuth&goto=http%3A%2F%2FHostName.example.com%3A8080%2Fopensso% 2FSSORedirect%2FmetaAlias%2Fidp%3FReqID%3Ds27926cc0299bbe6f0112ead7 ff38b7985321e904c Content-Type: text/html;charset=ISO-8859-1 Content-Length: 0 Date: Fri, 01 Feb 2008 23:48:30 GMT ---------------------------------------------------------- |
http://HostName.example.com:8080/opensso/UI/Login?module=SMAuth&goto= http%3A%2F%2FHostName.example.com%3A8080%2Fopensso%2FSSORedirect% 2FmetaAlias%2Fidp%3FReqID%3Ds27926cc0299bbe6f0112ead7ff38b7985321e904c GET /opensso/UI/Login?module=SMAuth&goto=http%3A%2F%2FHostName.example.com% 3A8080%2Fopensso%2FSSORedirect%2FmetaAlias%2Fidp%3FReqID%3Ds27926cc0299bbe6f0112 ead7ff38b7985321e904c HTTP/1.1 Host: HostName.example.com:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: JSESSIONID=766be1d1028d55badd1ed0fe34ac; SMSESSION=jlO0TgMQfglpU+GHQ CJqbnoE2Pevax6fdzPGU7ZAgJuPb/fxTjCbWX1B1RO6QaLJn6VoVGNK8Sy6IeILAyv+LciS/OMK1 E0tSXnL5Uvit3XIuWuiSMuklyDMIlOQ6n3ZSGGr9sKBUch5YVfGcfGjHQFcBIlzegQxBRrgH/l2r c8aTEHdCrprvBiRHwQlxJbrcWMqfJw7h+HUEtiz9bQCUkwMbpEW4eBfNyRlZTGov3K5hg4HK4tuo yvOeKdZaewlTB4Lm+QeGWo2qv2mPDP+eVtBiVtRVHHTHGfSthTJYQOOc4rPV2dnl8axpWppGByeU mfmeService Provider9x5hVxDi91iyobTybKpDz0bltkvnHbqwbLfehUPtJFxS3Z54y9dmiuoQ+ B5Kdrs7DNuvrnAI1ZQdDKQEVA4Pt+vA9KO18ah9V1I7BZ9D/x60uWxfaA3Ty8lRgWhMYqdBulFMD 1B29sxboNHWdJ2FaxQJGjMpSEZ5iHB50ovF4YFXRyPP5Tl7eJxIebLKX02LFrG/osNZ9UKHrMY1M RK5WWHJlYB040ADVcTNrFkc39vcYIA1eGDYhC/NaOd412HP5S0UX0/59ADMLBsX/qBjcdODy3li+ 4eZnK1oHw/9yr3LCjewJ+H9w0k0/dQw99vgwEM2RPFgH5Y7W6k6h1efp67VKXLBiJ1OZPJe2SCED AOUla8qsC8fQ0VWTy/TfVhVtqJOaSLZrACX7uhPzbZE1EAPd8x7UeJquFll3WpdnZYObd0DQLeoW ZcF2rPIcfBn+8X8oig5KzvAgQ9R8MR+h7OkYfhmwwBDaQkbKPpIxjpeLNxKpkEVWJ9HoHOpZ/txC QUAHqPV41YjZ6CQfBfUqdOHbfje9O+0pJ1aHMntI4VYZOqdxsA+n9cgKjNQ8ruHOqSKhAQfEgipw cM2fMU3Uqmtr+0/+5bi7Cbs= HTTP/1.x 302 Moved Temporarily X-Powered-By: Servlet/2.5 Server: Sun Java System Application Server 9.1 Cache-Control: private Pragma: no-cache Expires: 0 X-DSAMEVersion: 8.0 (2007-November-29 01:17) AM_CLIENT_TYPE: genericHTML Set-Cookie: AMAuthCookie=AQIC5wM2LY4SfczvfJJpn1IfT3pStks2VjzPMebgYVAxtyE= @AAJTSQACMDE=#; Domain=HostName.example.com; Path=/ Set-Cookie: amlbcookie=01; Domain=HostName.example.com; Path=/ Set-Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfczvfJJpn1IfT3pStks2VjzPMebgYVAxtyE= @AAJTSQACMDE=#; Domain=HostName.example.com; Path=/ Set-Cookie: AMAuthCookie=LOGOUT; Domain=HostName.example.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ X-AuthErrorCode: 0 Location: http://HostName.example.com:8080/opensso/SSORedirect/metaAlias/ idp?ReqID=s27926cc0299bbe6f0112ead7ff38b7985321e904c&iPlanetDirectoryPro= AQIC5wM2LY4SfczvfJJpn1IfT3pStks2VjzPMebgYVAxtyE%3D%40AAJTSQACMDE%3D%23 Content-Type: text/html; charset=iso-8859-1 Content-Length: 0 Date: Fri, 01 Feb 2008 23:48:30 GMT ---------------------------------------------------------- http://HostName.example.com:8080/opensso/SSORedirect/metaAlias/idp?ReqID= s27926cc0299bbe6f0112ead7ff38b7985321e904c&iPlanetDirectoryPro= AQIC5wM2LY4SfczvfJJpn1IfT3pStks2VjzPMebgYVAxtyE%3D%40AAJTSQACMDE%3D%23 GET /opensso/SSORedirect/metaAlias/idp?ReqID=s27926cc0299bbe6f0112ead7ff38b79 85321e904c&iPlanetDirectoryPro=AQIC5wM2LY4SfczvfJJpn1IfT3pStks2VjzPMebgYVAxtyE% 3D%40AAJTSQACMDE%3D%23 HTTP/1.1 Host: HostName.example.com:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: JSESSIONID=766be1d1028d55badd1ed0fe34ac; SMSESSION=jlO0TgMQfglpU+ GHQCJqbnoE2Pevax6fdzPGU7ZAgJuPb/fxTjCbWX1B1RO6QaLJn6VoVGNK8Sy6IeILAyv+Lci S/OMK1E0tSXnL5Uvit3XIuWuiSMuklyDMIlOQ6n3ZSGGr9sKBUch5YVfGcfGjHQFcBIlzegQx BRrgH/l2rc8aTEHdCrprvBiRHwQlxJbrcWMqfJw7h+HUEtiz9bQCUkwMbpEW4eBfNyRlZTGov 3K5hg4HK4tuoyvOeKdZaewlTB4Lm+QeGWo2qv2mPDP+eVtBiVtRVHHTHGfSthTJYQOOc4rPV2 dnl8axpWppGByeUmfmeService Provider9x5hVxDi91iyobTybKpDz0bltkvnHbqwbLfehUP tJFxS3Z54y9dmiuoQ+B5Kdrs7DNuvrnAI1ZQdDKQEVA4Pt+vA9KO18ah9V1I7BZ9D/x60uWxfa A3Ty8lRgWhMYqdBulFMD1B29sxboNHWdJ2FaxQJGjMpSEZ5iHB50ovF4YFXRyPP5Tl7eJxIebL KX02LFrG/osNZ9UKHrMY1MRK5WWHJlYB040ADVcTNrFkc39vcYIA1eGDYhC/NaOd412HP5S0UX 0/59ADMLBsX/qBjcdODy3li+4eZnK1oHw/9yr3LCjewJ+H9w0k0/dQw99vgwEM2RPFgH5Y7W6 k6h1efp67VKXLBiJ1OZPJe2SCEDAOUla8qsC8fQ0VWTy/TfVhVtqJOaSLZrACX7uhPzbZE1EAP d8x7UeJquFll3WpdnZYObd0DQLeoWZcF2rPIcfBn+8X8oig5KzvAgQ9R8MR+h7OkYfhmwwBDaQ kbKPpIxjpeLNxKpkEVWJ9HoHOpZ/txCQUAHqPV41YjZ6CQfBfUqdOHbfje9O+0pJ1aHMntI4VY ZOqdxsA+n9cgKjNQ8ruHOqSKhAQfEgipwcM2fMU3Uqmtr+0/+5bi7Cbs=; amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfczvfJJpn1IfT3pStks2VjzPMebgYVAxtyE=@AAJTS QACMDE=# HTTP/1.x 302 Moved Temporarily X-Powered-By: JService Provider/2.1 Server: Sun Java System Application Server 9.1 Location: http://ide-13.red.example.com:8080/opensso/Consumer/metaAlias/ sp?SAMLart=AAQAAE6JQxQxFQ72nsd5qDmVUTW5T3ieNSAqIADayEcXVxKAZQSjzCxJMDE%3D Content-Type: text/html;charset=ISO-8859-1 Content-Length: 0 Date: Fri, 01 Feb 2008 23:48:30 GMT ---------------------------------------------------------- |
http://ide-13.red.example.com:8080/opensso/Consumer/metaAlias/sp?SAMLart= AAQAAE6JQxQxFQ72nsd5qDmVUTW5T3ieNSAqIADayEcXVxKAZQSjzCxJMDE%3D GET /opensso/Consumer/metaAlias/sp?SAMLart=AAQAAE6JQxQxFQ72nsd5qDmVUTW5T 3ieNSAqIADayEcXVxKAZQSjzCxJMDE%3D HTTP/1.1 Host: ide-13.red.example.com:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q= 0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: JSESSIONID=765d4c266461607b4b55811d34ca; SMSESSION=jlO0TgMQfglpU+ GHQCJqbnoE2Pevax6fdzPGU7ZAgJuPb/fxTjCbWX1B1RO6QaLJn6VoVGNK8Sy6IeILAyv+Lci S/OMK1E0tSXnL5Uvit3XIuWuiSMuklyDMIlOQ6n3ZSGGr9sKBUch5YVfGcfGjHQFcBIlzegQx BRrgH/l2rc8aTEHdCrprvBiRHwQlxJbrcWMqfJw7h+HUEtiz9bQCUkwMbpEW4eBfNyRlZTGov 3K5hg4HK4tuoyvOeKdZaewlTB4Lm+QeGWo2qv2mPDP+eVtBiVtRVHHTHGfSthTJYQOOc4rPV2 dnl8axpWppGByeUmfmeService Provider9x5hVxDi91iyobTybKpDz0bltkvnHbqwbLfehU PtJFxS3Z54y9dmiuoQ+B5Kdrs7DNuvrnAI1ZQdDKQEVA4Pt+vA9KO18ah9V1I7BZ9D/x60uWx faA3Ty8lRgWhMYqdBulFMD1B29sxboNHWdJ2FaxQJGjMpSEZ5iHB50ovF4YFXRyPP5Tl7eJxI ebLKX02LFrG/osNZ9UKHrMY1MRK5WWHJlYB040ADVcTNrFkc39vcYIA1eGDYhC/NaOd412HP5 S0UX0/59ADMLBsX/qBjcdODy3li+4eZnK1oHw/9yr3LCjewJ+H9w0k0/dQw99vgwEM2RPFgH5Y 7W6k6h1efp67VKXLBiJ1OZPJe2SCEDAOUla8qsC8fQ0VWTy/TfVhVtqJOaSLZrACX7uhPzbZE1 EAPd8x7UeJquFll3WpdnZYObd0DQLeoWZcF2rPIcfBn+8X8oig5KzvAgQ9R8MR+h7OkYfhmwwB DaQkbKPpIxjpeLNxKpkEVWJ9HoHOpZ/txCQUAHqPV41YjZ6CQfBfUqdOHbfje9O+0pJ1aHMntI 4VYZOqdxsA+n9cgKjNQ8ruHOqSKhAQfEgipwcM2fMU3Uqmtr+0/+5bi7Cbs= HTTP/1.x 200 OK X-Powered-By: JService Provider/2.1 Server: Sun Java System Application Server 9.1 Set-Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcxHYS5DBuFiEDZVArdPot5Wt07zTqKO6+w= @AAJTSQACMDE=#; Domain=ide-13.red.example.com; Path=/ Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Fri, 01 Feb 2008 23:47:30 GMT |