saml2setup Doesn't Generate Metadata Against Federation Manager Running on Microsoft Active Directory

By default, saml2setup uses amadmin as the administrator identifier to log in during installation. A deployment incorporating Federation Manager and Microsoft Active Directory requires a full distinguished name to be passed.

Workaround: After the SAML v2 Plug-in for Federation Services has been successfully installed, you can run saml2meta:

• To generate metadata for a hosted identity provider on Federation Manager:

  Federation Manager/SUNWam/saml2/bin/saml2meta/saml2meta template [-i staging-directory] -u full-DN-admin-user -w admin-user-password -d idp-metaAlias -e idp-entityID -m idpMeta.xml -x idpExtended.xml

• To generate metadata for a hosted service provider on Federation Manager:

  Federation Manager/SUNWam/saml2/bin/saml2meta/saml2meta template [-i staging-directory] -u full-DN-admin-user -w admin-user-password -d sp-metaAlias -e sp-entityID -m spMeta.xml -x spExtended.xml

(6377631)