test

Deployment Example 2: Federation Using SAML v2

ProcedureTo Update the Federation Manager 1 serverconfig.xml File

  1. Go the following directory that contains the serverconfig.xml file:


    # cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/config/

  2. Make a backup of the file serverconfig.xml, and then make the following changes in serverconfig.xml:

    1. In the following entry, change the host name and port number attribute values.:


      <iPlanetDataAccessLayer>
        <ServerGroup name="default" minConnPool="1" maxConnPool="10">
               <Server name="Server1" host="LoadBalancer-7.siroe.com" 
								port="389" type="SIMPLE" />
                <User name="User1" type="proxy">
                        <DirDN>
                                uid=amadmin,ou=people,o=siroe.com

    2. Verify that the following user entries exist in the file:


      <User name="User1" type="proxy">
                        <DirDN>
                                uid=amadmin,ou=people,o=siroe.com
                        </DirDN>
                        <DirPassword>
                                AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P
                        </DirPassword>
                </User>
                <User name="User2" type="admin"~
                        <DirDN>
                                uid=amadmin,ou=people,o=siroe.com
                        </DirDN>
                        <DirPassword>
                                AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P
                        </DirPassword>
                </User>

    In this deployment example, the proxy user and administrative user have the same DN. In effect, these are the same user. They are both superusers contained in the ou=service branch of the Directory Server. These users have privileges to read, write, and search the Federation Manager configuration. The user amadmin does not exist in the Directory Server at this point.

  3. Add the user amadmin to the Directory Server.

    1. On the Federation Manager 1 host, go to the following directory:


      /opt/SUNWam/fm/bin

    2. Create a file named amadminconfig.ldif with the following entries:


          
    dn=o=siroe.com
    changetype:modify
    add:aci
    
    dn: ou=People,o=siroe.com
    changetype: add
    objectClass: top
    objectClass: organizationalunit

    dn: uid=amAdmin,ou=People,o=siroe.com
    changetype: add
    objectclass: inetuser
    objectclass: inetorgperson
    objectclass: organizationalperson
    objectclass: person
    objectclass: top
    objectClass: iPlanetPreferences
    objectclass: inetAdmin
    inetuserstatus: Active
    cn: amAdmin
    sn: amAdmin
    userPassword: 11111111

 
    aci: (target="ldap:///ou=services,*o=siroe.com")
         (targetattr = "*") (version 3.0; acl "S1IS Top-level Admin Role 
         access allow"; 
         allow (all) userdn = "ldap:///uid=amAdmin,ou=People,
         o=siroe.com";)

      This LDIF creates a People container and the user amAadmin with the Top-level Admin Role. The user is assigned read, write, and search privileges.

    3. Use the ldapmodify utility to load ./amadminconfig.ldif into the Directory Server 3SP.


      # ldapmodify -D "cn=Directory Manager" -w 11111111 
-h LoadBalancer-7.siroe.com -f amadminconfig.ldif