To Load the Identity Provider Metadata into
the Service Provider Servers
-
As a root user, log into the Federation Manager 1 host.
-
Copy the following Identity Provider configuration files from the Access Manager host to the Federation Manager host:
/etc/opt/SUNWam/config/saml2-idp-template.xml /etc/opt/SUNWam/config/saml2-idp-extended-template.xml
In this deployment example, the files are copied to the following directory on the Federation Manager host:
/etc/opt/SUNWam/config/
-
Customize the saml2-idp-extended-template.xml file.
# cd /etc/opt/SUNWam/config/ # vi saml2-idp-extended-template.xml
-
Go to the following directory:
-
Open the saml2-idp-extended-template.xml file.
-
Set the following parameter value:
<EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig" xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig" hosted="0"
This indicates that you are using the a configuration from a remote host. A 1 value indicates that the configuration is provided by the local host.
Save the file.
-
-
Load the customized Identity Provider configuration files.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fm/war_staging import -u amadmin -w 11111111 -m /etc/opt/SUNWam/config/saml2-idp-template.xml -x /etc/opt/SUNWam/config/saml2-idp-extended-template.xml File "/etc/opt/SUNWam/config/idp/saml2-idp-template.xml" was imported successfully. File "/etc/opt/SUNWam/config/idp/saml2-idp-extended-template.xml" was imported successfully.
-
Restart the Federation Manager Servers.
-
Verify that both Service Provider and Identity Provider belong to the same circle of trust.
Run the cotmember command to display a list of entities in the circle of trust.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fn/war_staging cotmember -u amadmin -w 11111111 -t saml2_circle_of_trust Entity ID:loadbalancer-9.siroe.com Entity ID:loadbalancer-3.example.com Circle of trust "saml2_circle_of_trust" is listed successfully.
- © 2010, Oracle Corporation and/or its affiliates