test

Deployment Example 2: Federation Using SAML v2

ProcedureTo Configure the J2EE Policy Agents Load Balancer

  1. Go to URL for the Big IP load balancer login page and log in.

    https://ls-f5.siroe.com

    User name:

    username

    Password:

    password

  2. Request an SSL Certificate for Load Balancer 10.

    1. Log in to the BIG-IP load balancer.

    2. Click Proxies in the left pane.

    3. Click the Cert Admin tab, and then click the “Generate New Key Pair/ Certificate Request” button.

    4. In the Create Certificate Request page, provide the following information:

      Key Identifier:

      LoadBalancer-10.siroe.com

      Organization:

      siroe.com

      Domain Name:

      LoadBalancer-10.siroe.com

      Email Address:

      jdoe@siroe.com

    5. Click the Generate Request button.

    6. In the Generate Request page, copy the request that looks similar to this:


      -----BEGIN CERTIFICATE REQUEST-----
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU
AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0
EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC
xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0
wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz
ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC
FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU
ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0
GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo
2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2
-----END CERTIFICATE REQUEST-----

    7. Paste this text into a request form provided by a root certificate authority (CA) such as Verisign or Thwarte.

      See the certificate authority website such as http://www.verisign.com/ or http://www.thawte.com/ for detailed instructions on submitting a certificate request.

  3. After you receive the certificate from the issuer, install the SSL Certificate.

    1. In the BIG-IP load balancer console, click the Cert Admin tab.

    2. On the Cert Admin tab, click Install Certificate.

    3. In the Install SSL Certificate page, paste the certificate text you received from the certificate issuer. Example:


      -----BEGIN CERTIFICATE REQUEST-----
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAU
AMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0
EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UEC
xMlU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wMTA4MDIwMDAwMDBaFw0
wMzA4MDIyMzU5NTlaMIGQMQswCQYDVQQGEwJVUz
ERMA8GA1UECBMIVmlyZ2luaWExETAPBgNVBAcUC
FJpY2htb25kMSAwHgYDVQQKFBdDYXZhbGllciBU
ZWxlcGhvYm9uZGluZy5jYXZ0ZWwuY29tMIGfMA0
GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8x/1dxo
2YnblilQLmpiEziOqb7ArVfI1ymXo/MKcbKjnY2
-----END CERTIFICATE REQUEST-----

    4. Click Install Certificate.

  4. Create a Pool.

    A pool contains all the backend server instances.

    1. Open the Configuration Utility.

      Click “Configure your BIG-IP (R) using the Configuration Utility.”

    2. In the left pane, click Pools.

    3. On the Pools tab, click the Add button.

    4. In the Add Pool dialog, provide the following information:

      Pool Name

      federation _j2ee_agents

      Load Balancing Method

      Round Robin

      Resources

      Add the IP address of both Application Server hosts. In this example:

      192.18.72.152:8080 (for Application Server 3)

      192.18.72.151:8080 (for Application Server 4)

    5. Click the Done button.

    6. In the List of Pools, click the name of the pool you just created (federation_j2ee_agents).

  5. Add a Virtual Server.

    If you encounter Javascript errors or otherwise cannot proceed to create a virtual server, try using Microsoft Internet Explorer for this step.

    1. In the left frame, Click Virtual Servers.

    2. On the Virtual Servers tab, click the Add button.

    3. In the Add a Virtual Server dialog box, provide the following information:

      Address

      192.18.69.14 (for LoadBalancer-10.siroe.com )

      Services Port

      1080

      Pool

      federation_j2ee_agents

    4. Continue to click Next until you reach the Pool Selection dialog box.

    5. Click the Done button.