2.1 Using This Manual
This manual provides instructions for building a Federation environment using SAMLv2. These instructions were used to build, deploy and test this deployment example in a lab facility. When using this manual, you'll obtain the best results if you perform the tasks in the exact sequence in which they are presented. Use the Table of Contents which begins on page 3 as a master task list. Groups of tasks are numbered for your convenience.
The last step in each task is a verification procedure. Be sure to verify the success of each task before moving on to the next task in the sequence.
This manual is designed to demonstrate just one way to implement Federation using SAMLv2. Although these instructions incorporate many recommended or “best practices,” and may be suitable in many different scenarios, this is not the only way to achieve the same results.
Caution – If you do plan to deviate from the task sequence or details described in this manual, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.
2.1.1 Using the Companion Manual
This manual, Deployment Example 2: Federation Using SAMLv2, is designed to be used with its companion manual, Deployment Example 1: Access Manager Load Balancing, Distributed Authentication UI, and Session Failover. Use the Deployment Example 1 manual to set up the Identity Provider Site, and use this Deployment Example 2 manual to set up the Service Provider Site. For more information, see 1.2 System Architecture and 2.12 Obtaining Instructions for Deploying the Identity Provider Site in this manual.
2.1.2 Host Names and Functions Used in Examples
The following table lists naming conventions used in this manual.
Table 2–1 Naming Conventions Used in This Manual|
Host Name :Port Number |
Main Service URL |
|
|---|---|---|
|
Directory Servers |
||
|
DirectoryServer–3SP:1391 |
ldap://DirectoryServer-3SP.siroe.com:1391 |
|
|
DirectoryServer–4SP:1391 |
ldap://DirectoryServer-4SP.siroe.com:1391 |
|
|
Access Managers |
||
|
AccessManager–1:58080 |
http://AccessManager-1. example.com:58080/amserver |
|
|
AccessManager–2:58080 |
http://AccessManager-1. example.com:58080/amserver |
|
|
Federation Managers |
||
|
FederationManager–1:8080 |
http://FederationManager-1.siroe.com:8080 |
|
|
FederationManager–1:8080 |
http://FederationManager-2.siroe.com:8080 |
|
|
Protected Resources — Application Servers |
||
|
ProtectedResource–3:8888 |
http://LoadBalancere-10.siroe.com:1080 |
|
|
ProtectedResource–4:8888 |
http://LoadBalancer-.10.siroe.com:1080 |
|
|
Protected Resources — Web Servers |
||
|
ProtectedResource–3:8888 |
http://LoadBalancer-11.siroe.com:2080 |
|
|
ProtectedResource–4:8888 |
http://LoadBalancer-11.siroe.com:2080 |
|
|
Load Balancer for Access Manager-Servers |
||
|
LoadBalancer–3:9443 |
http://LoadBalancer-3.example.com:9443 |
|
|
Load Balancers for DirectoryServers |
||
|
LoadBalancer–7 |
http://LoadBalancer-7.siroe.com |
|
|
LoadBalancer–8 |
http://LoadBalancer-8.siroe.com |
|
|
Load Balancer for Federation Manager Servers |
||
|
LoadBalancer–9 |
http://LoadBalancer-9.siroe.com |
|
|
Load Balancer for J2EE Policy Agents |
||
|
LoadBalancer–10 |
http://LoadBalancer-10.siroe.com |
|
|
Load Balancer for Web Policy Agents |
||
|
LoadBalancer–11 |
http://LoadBalancer-11.siroe.com |
|
2.1.3 Related Third-Party Web Site References
Third-party URLs are referenced in this document and provide additional, related information.
Note –
Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.
2.1.4 Typographic Conventions
The following table describes the typographic conventions that are used in this book.
Table 2–2 Typographic Conventions|
Typeface |
Meaning |
Example |
|---|---|---|
|
AaBbCc123 |
The names of commands, files, and directories, and onscreen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
|
AaBbCc123 |
What you type, contrasted with onscreen computer output |
machine_name% su Password: |
|
aabbcc123 |
Placeholder: replace with a real name or value |
The command to remove a file is rm filename. |
|
AaBbCc123 |
Book titles, new terms, and terms to be emphasized |
Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online. |
2.1.5 Shell Prompts in Command Examples
The following table shows the default UNIX® system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table 2–3 Shell Prompts|
Shell |
Prompt |
|---|---|
|
C shell |
machine_name% |
|
C shell for superuser |
machine_name# |
|
Bourne shell and Korn shell |
$ |
|
Bourne shell and Korn shell for superuser |
# |
- © 2010, Oracle Corporation and/or its affiliates