11.1 Loading Service Provider Metadata into the Access Manager Servers
Use the following as your checklist for enabling the exchange of metadata between the Service Provider and Identity Provider:
-
Load the Service Provider metadata into the Identity Provider servers.
-
Load the Identity Provider metadata into the Service Provider servers.
To Load the Service Provider Metadata into
the Identity Provider Servers
-
As a root user, log into the Access Manager 1 host.
-
Copy the following Service Provider configuration files from the Federation Manager 1 host to the Access Manager 1 host:
/etc/opt/SUNWam/config/saml2-sp-template.xml /etc/opt/SUNWam/config/saml2-sp-extended-template.xml
In this deployment example, the files are copied to the following directory on the Access Manager host:
/etc/opt/SUNWam/config/
-
Customize the saml2-sp-extended-template.xml file.
-
Go to the following directory:
/etc/opt/SUNWam/config/
-
Open the file saml2-sp-extended-template.xml.
-
Set the following parameter value:
<EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig" xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig" hosted="0"
This indicates that you are using the a configuration from a remote host. A 1 value indicates that the configuration is provided by the local host.
Save the file.
-
-
Load the customized Service Provider configuration files.
# /opt/SUNWam/saml2/bin/saml2meta import -u amadmin -w 4m4dmin1 -r /users -m /etc/opt/SUNWam/config/saml2-sp-template.xml -x /etc/opt/SUNWam/config/saml2-sp-extended-template.xml
-
Restart the Access Manager Servers
-
Verify that both Service Provider and Identity Provider belong to the same circle of trust.
Run the cotmember command to display a list of entities in the circle of trust.
# /opt/SUNWam/saml2/bin/saml2meta cotmember -u amadmin -w 4m4dmin1 -r /users -t saml2_circle_of_trust Entity ID:LoadBalancer-9.siroe.com Entity ID:LoadBalancer-3.example.com Circle of trust "saml2_circle_of_trust" is listed successfully.
To Load the Identity Provider Metadata into
the Service Provider Servers
-
As a root user, log into the Federation Manager 1 host.
-
Copy the following Identity Provider configuration files from the Access Manager host to the Federation Manager host:
/etc/opt/SUNWam/config/saml2-idp-template.xml /etc/opt/SUNWam/config/saml2-idp-extended-template.xml
In this deployment example, the files are copied to the following directory on the Federation Manager host:
/etc/opt/SUNWam/config/
-
Customize the saml2-idp-extended-template.xml file.
# cd /etc/opt/SUNWam/config/ # vi saml2-idp-extended-template.xml
-
Go to the following directory:
-
Open the saml2-idp-extended-template.xml file.
-
Set the following parameter value:
<EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig" xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig" hosted="0"
This indicates that you are using the a configuration from a remote host. A 1 value indicates that the configuration is provided by the local host.
Save the file.
-
-
Load the customized Identity Provider configuration files.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fm/war_staging import -u amadmin -w 11111111 -m /etc/opt/SUNWam/config/saml2-idp-template.xml -x /etc/opt/SUNWam/config/saml2-idp-extended-template.xml File "/etc/opt/SUNWam/config/idp/saml2-idp-template.xml" was imported successfully. File "/etc/opt/SUNWam/config/idp/saml2-idp-extended-template.xml" was imported successfully.
-
Restart the Federation Manager Servers.
-
Verify that both Service Provider and Identity Provider belong to the same circle of trust.
Run the cotmember command to display a list of entities in the circle of trust.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fn/war_staging cotmember -u amadmin -w 11111111 -t saml2_circle_of_trust Entity ID:loadbalancer-9.siroe.com Entity ID:loadbalancer-3.example.com Circle of trust "saml2_circle_of_trust" is listed successfully.
- © 2010, Oracle Corporation and/or its affiliates