The following tests are initiated on the identity provider side to test SAML v2 communications with the service provider.
Name identifiers are used by the identity provider and the service provider to communicate with each other regarding a user. In this test, a persistent identifier is used to federate the identity provider's user profile with the same user's profile on the service provider side.
To Test Persistent Federation Using the Browser Artifact Profile
To Test Persistent Federation Using the Browser POST Profile
Enter the persistent federation URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpSSOInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso.
The request is directed to OpenSSO Enterprise on the service provider side.
Log in to the OpenSSO Enterprise console as a test user.
spuser
spuser
The login request is redirected to OpenSSO Enterprise on the identity provider side.
Log in to the OpenSSO Enterprise console as a test user.
idpuser
idpuser
The browser message “Single Sign-On succeeded” is displayed confirming that federation has succeeded.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
Enter the persistent federation URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpSSOInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso&binding=HTTP-POST.
The request is directed to OpenSSO Enterprise on the service provider side.
Log in to the OpenSSO Enterprise console as a test user.
spuser
spuser
The login request is redirected to OpenSSO Enterprise on the identity provider side.
Log in to the OpenSSO Enterprise console as a test user.
idpuser
idpuser
The browser message “Single Sign-On succeeded” is displayed confirming that federation has succeeded.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
Single logout permits session termination of all participants in the session. The logout request can be initiated by any participant in the session.
Enter the single logout URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpSingleLogoutInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso&binding=urn:oasis:names:tc:SAML:2.0:bindings:SOAP
The browser message “IDP initiated single logout succeeded” is displayed.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
Enter the single logout URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpSingleLogoutInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso
The message “IDP initiated single logout succeeded” is displayed.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
In this test, the user accomplishes single sign on through the back channel.
Enter the single sign on URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpSSOInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso.
The request is directed to OpenSSO Enterprise on the service provider side.
Log in to the OpenSSO Enterprise console as a test user.
spuser
spuser
The browser message “Single Sign-On succeeded” is displayed.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
Enter the single sign on URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpSSOInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso&binding=HTTP-POST.
The login request is redirected to Access Manager.
Log in to the OpenSSO Enterprise console as a test user.
spuser
spuser
The browser message “Single Sign-On succeeded” is displayed.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
In this test, the federation previously authorized is terminated.
Enter the federation termination URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpMNIRequestInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso&binding=urn:oasis:names:tc:SAML:2.0:bindings:SOAP&requestType=Terminate.
The browser message “ManageNameID Request succeeded” is displayed confirming the federation has been terminated.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
Enter the federation termination URL in a web browser: https://lb2.idp-example.com:1081/opensso/saml2/jsp/idpMNIRequestInit.jsp?metaAlias=/idp&spEntityID=https://lb4.sp-example.com:1081/opensso&requestType=Terminate.
The browser message “ManageNameID Request succeeded” is displayed confirming the federation has been terminated.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.