To Load the Service Provider Metadata into the Identity Provider Servers

1. As a root user, log into the Access Manager 1 host.

2. Copy the following Service Provider configuration files from the Federation Manager 1 host to the Access Manager 1 host:

   /etc/opt/SUNWam/config/saml2-sp-template.xml /etc/opt/SUNWam/config/saml2-sp-extended-template.xml

   In this deployment example, the files are copied to the following directory on the Access Manager host:

   /etc/opt/SUNWam/config/

3. Customize the saml2-sp-extended-template.xml file.

   1. Go to the following directory:

      /etc/opt/SUNWam/config/

   2. Open the file saml2-sp-extended-template.xml.

   3. Set the following parameter value:

      <EntityConfig xmlns="urn:sun:fm:SAML:2.0:entityconfig" xmlns:fm="urn:sun:fm:SAML:2.0:entityconfig" hosted="0"

      This indicates that you are using the a configuration from a remote host. A 1 value indicates that the configuration is provided by the local host.

      Save the file.

4. Load the customized Service Provider configuration files.

   # /opt/SUNWam/saml2/bin/saml2meta import -u amadmin -w 4m4dmin1 -r /users -m /etc/opt/SUNWam/config/saml2-sp-template.xml -x /etc/opt/SUNWam/config/saml2-sp-extended-template.xml

5. Restart the Access Manager Servers

   1. As a root user, log into the Access Manager 1 host.

      # cd /opt/SUNWwbsvr/https-AccessManager-1.example.com # ./stop;./start

   2. As a root user, log into the Access Manager 2 host.

      # cd /opt/SUNWwbsvr/https-AccessManager-2.example.com # ./stop;./start

6. Verify that both Service Provider and Identity Provider belong to the same circle of trust.

   Run the cotmember command to display a list of entities in the circle of trust.

   # /opt/SUNWam/saml2/bin/saml2meta cotmember -u amadmin -w 4m4dmin1 -r /users -t saml2_circle_of_trust Entity ID:LoadBalancer-9.siroe.com Entity ID:LoadBalancer-3.example.com Circle of trust "saml2_circle_of_trust" is listed successfully.