This chapter provides instructions for making Service Provider metadata available to the Identity Provider, and for making Identity Provider metadata available to the Service Provider.
Use the following as your checklist for enabling the exchange of metadata between the Service Provider and Identity Provider:
Load the Service Provider metadata into the Identity Provider servers.
Load the Identity Provider metadata into the Service Provider servers.
As a root user, log into the Access Manager 1 host.
Copy the following Service Provider configuration files from the Federation Manager 1 host to the Access Manager 1 host:
/etc/opt/SUNWam/config/saml2-sp-template.xml /etc/opt/SUNWam/config/saml2-sp-extended-template.xml |
In this deployment example, the files are copied to the following directory on the Access Manager host:
/etc/opt/SUNWam/config/ |
Customize the saml2-sp-extended-template.xml file.
Go to the following directory:
/etc/opt/SUNWam/config/ |
Open the file saml2-sp-extended-template.xml.
Set the following parameter value:
<EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig" xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig" hosted="0" |
This indicates that you are using the a configuration from a remote host. A 1 value indicates that the configuration is provided by the local host.
Save the file.
Load the customized Service Provider configuration files.
# /opt/SUNWam/saml2/bin/saml2meta import -u amadmin -w 4m4dmin1 -r /users -m /etc/opt/SUNWam/config/saml2-sp-template.xml -x /etc/opt/SUNWam/config/saml2-sp-extended-template.xml |
Restart the Access Manager Servers
Verify that both Service Provider and Identity Provider belong to the same circle of trust.
Run the cotmember command to display a list of entities in the circle of trust.
# /opt/SUNWam/saml2/bin/saml2meta cotmember -u amadmin -w 4m4dmin1 -r /users -t saml2_circle_of_trust Entity ID:LoadBalancer-9.siroe.com Entity ID:LoadBalancer-3.example.com Circle of trust "saml2_circle_of_trust" is listed successfully. |
As a root user, log into the Federation Manager 1 host.
Copy the following Identity Provider configuration files from the Access Manager host to the Federation Manager host:
/etc/opt/SUNWam/config/saml2-idp-template.xml /etc/opt/SUNWam/config/saml2-idp-extended-template.xml |
In this deployment example, the files are copied to the following directory on the Federation Manager host:
/etc/opt/SUNWam/config/ |
Customize the saml2-idp-extended-template.xml file.
# cd /etc/opt/SUNWam/config/ # vi saml2-idp-extended-template.xml |
Go to the following directory:
|
Open the saml2-idp-extended-template.xml file.
Set the following parameter value:
<EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig" xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig" hosted="0" |
This indicates that you are using the a configuration from a remote host. A 1 value indicates that the configuration is provided by the local host.
Save the file.
Load the customized Identity Provider configuration files.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fm/war_staging import -u amadmin -w 11111111 -m /etc/opt/SUNWam/config/saml2-idp-template.xml -x /etc/opt/SUNWam/config/saml2-idp-extended-template.xml File "/etc/opt/SUNWam/config/idp/saml2-idp-template.xml" was imported successfully. File "/etc/opt/SUNWam/config/idp/saml2-idp-extended-template.xml" was imported successfully. |
Restart the Federation Manager Servers.
Verify that both Service Provider and Identity Provider belong to the same circle of trust.
Run the cotmember command to display a list of entities in the circle of trust.
# /opt/SUNWam/saml2/bin/saml2meta -i /var/opt/SUNWam/fn/war_staging cotmember -u amadmin -w 11111111 -t saml2_circle_of_trust Entity ID:loadbalancer-9.siroe.com Entity ID:loadbalancer-3.example.com Circle of trust "saml2_circle_of_trust" is listed successfully. |