Deployment Example 2: Federation Using SAML v2

ProcedureTo Verify that Attribute Mapping is Working Properly

The file snoop.jsp is provided at the end of this chapter for you to use with this deployment example. The snoop.jsp file reads each of the HTTP headers and reads a number of query parameters in the SAMLv2 metadata. In this use case, the JSP determines which headers are being passed from the Service Provider to the agent. When you will initiate SAMLv2 for Federation, the user attribute mapping from the Identity Provider to the Service Provider takes place using the SAMLv2 protocol. The mapping from the Service Provider to the Identity Provider takes places using LDAP attribute mapping from Federation Manager to the Web Policy Agent.

  1. As a root user, log into the Protected Resource 3 host.

  2. Copy the snoop.jsp file to the following directory on both the Protected Resource 3 host and the Protected Resource 4 host:


    /opt/SUNWwbsvr/docs
  3. Access snoop.jsp through the Web Policy Agents URL:


    https://LoadBalancer-11.siroe.com:6443/snoop.jsp

    The Web Policy Agent redirects the request, and the Access Manager login page is displayed.

  4. Log in to the Access Manager console using the following information:

    User Name:

    jsmith

    Password:

    jsmith

    The JSP Snoop Page is displayed. John Smith's telephone number and email address are included in the request headers section of the file. Also notice that the Remote user is anonymous. This is the user that serves as confirmation of the transientUser you configured in the saml2-sp-extended-metadata.xmlfile on the Service Provider.

    Figure 16–1 Output from snoop.jsp

    John Smith's telephone number and email address
are displayed in the Request headers section of the snoop.jsp page.


Example 16–1 snoop.jsp


sr1-usca-43 7 > view snoop.jsp
"snoop.jsp" [Read only] 171 lines, 3825 characters
<HTML>
<HEAD>
        <TITLE>JSP snoop page</TITLE>
        <%@ page import="javax.servlet.http.
         HttpUtils,java.util.Enumeration" %>
</HEAD>
<BODY>

<H1>JSP Snoop page</H1>

<H2>Request information</H2>

<TABLE>
<TR>
        <TH align=right>Requested URL:</TH>
        <TD><%= HttpUtils.getRequestURL(request) %></TD>
</TR>
<TR>
        <TH align=right>Request method:</TH>
        <TD><%= request.getMethod() %></TD>
</TR>
<TR>
        <TH align=right>Request URI:</TH>
        <TD><%= request.getRequestURI() %></TD>
</TR>
<TR>
        <TH align=right>Request protocol:</TH>
        <TD><%= request.getProtocol() %></TD>
</TR>
<TR>
        <TH align=right>Servlet path:</TH>
        <TD><%= request.getServletPath() %></TD>
</TR>
<TR>
        <TH align=right>Path info:</TH>
        <TD><%= request.getPathInfo() %></TD>
</TR>
<TR>
        <TH align=right>Path translated:</TH>
        <TD><%= request.getPathTranslated() %></TD>
</TR>
<TR>
        <TH align=right>Query string:</TH>
        <TD><%= request.getQueryString() %></TD>
</TR>
<TR>
        <TH align=right>Content length:</TH>
        <TD><%= request.getContentLength() %></TD>
</TR>
<TR>
        <TH align=right>Content type:</TH>
        <TD><%= request.getContentType() %></TD>
<TR>
<TR>
        <TH align=right>Server name:</TH>
        <TD><%= request.getServerName() %></TD>
<TR>
<TR>
        <TH align=right>Server port:</TH>
        <TD><%= request.getServerPort() %></TD>
<TR>
<TR>
        <TH align=right>Remote user:</TH>
        <TD><%= request.getRemoteUser() %></TD>
<TR>
<TR>
        <TH align=right>Remote address:</TH>
        <TD><%= request.getRemoteAddr() %></TD>
<TR>
<TR>
        <TH align=right>Remote host:</TH>
        <TD><%= request.getRemoteHost() %></TD>
<TR>
<TR>
        <TH align=right>Authorization scheme:</TH>
        <TD><%= request.getAuthType() %></TD>
<TR>
</TABLE>

<%
        Enumeration e = request.getHeaderNames();
        if(e != null && e.hasMoreElements()) {
%>
<H2>Request headers</H2>

<TABLE>
<TR>
        <TH align=left>Header:</TH>
        <TH align=left>Value:</TH>
</TR>
<%
                while(e.hasMoreElements()) {
                        String k = (String) e.nextElement();
%>
<TR>
        <TD><%= k %></TD>
        <TD><%= request.getHeader(k) %></TD>
</TR>
<%
                }
%>
</TABLE>
<%
        }
%>


<%
        e = request.getParameterNames();
        if(e != null && e.hasMoreElements()) {
%>
<H2>Request parameters</H2>
<TABLE>
<TR valign=top>
        <TH align=left>Parameter:</TH>
        <TH align=left>Value:</TH>
        <TH align=left>Multiple values:</TH>
</TR>
<%
            while(e.hasMoreElements()) {
                    String k = (String) e.nextElement();
                    String val = request.getParameter(k);
                    String vals[] = request.getParameterValues(k);
%>
<TR valign=top>
        <TD><%= k %></TD>
        <TD><%= val %></TD>
        <TD><%
                   for(int i = 0; i < vals.length; i++) {
                           if(i > 0)
                                    out.print("<BR>");
                            out.print(vals[i]);
                        }
                %></TD>
</TR>
<%
                }
%>
</TABLE>
<%
        }
%>

<%
        e = getServletConfig().getInitParameterNames();
        if(e != null && e.hasMoreElements()) {
%>
<H2>Init parameters</H2>
<TABLE>
<TR valign=top>
        <TH align=left>Parameter:</TH>
        <TH align=left>Value:</TH>
</TR>
<%
            while(e.hasMoreElements()) {
                    String k = (String) e.nextElement();
                    String val = getServletConfig().getInitParameter(k);
%>
<TR valign=top>
        <TD><%= k %></TD>
        <TD><%= val %></TD>
</TR>
<%
                }
%>
</TABLE>
<%
        }
%>

</BODY>
</HTML>