Configuring Secure Attributes Exchange

Secure Attributes Exchange configuration involves modifying two different OpenSSO Enterprise installations: one OpenSSO Enterprise instance on the Identity Provider side, and one OpenSSO Enterprise instance on the Service Provider side. Before proceeding with the instructions in this chapter, you must download and deploy the OpenSSO Enterprise WAR file to a supported web container.

A SAMLv2 provider with Secure Attributes Exchange can be configured by using one of the following alternatives:

• In the administration console, use the OpenSSO Enterprise Common Tasks interface to configure SAML configuration and to configure Secure Attribute Exchange.

• Import the metadata using the command-line interface.

About the Software Binaries

The software binaries for Secure Attributes Exchange in OpenSSO Enterprise are included in the following components. Locations are relative within the opensso_enterprise_80.zip file.

• Deployable opensso.war

  The OpenSSO Enterprise server

• libraries/jars/openssoclientsdk.jar

  For client applications using Java APIs

• libraries/dll/famsae.dll

  For client applications using .NET APIs

High-level Configuration Steps

For detailed instructions for configuring Secure Attributes Exchange, see the Administration Guide. For deployment planning purposes, the following provides a high-level overview of steps to configure Secure Attributes Exchange:

1. Configure the instance of OpenSSO Enterprise on the Identity Provider side for the hosted Identity Provider.

   1. Set up trust between the Identity Provider application and the OpenSSO Enterprise Identity Provider instance.

      Determine and configure the cryptography type, applicable keys, and application identifiers.

   2. Determine the Identity Provider application name.

   3. Determine the Identity Provider Secure Attributes Exchange handler URL.

   4. Set up attribute mapping.

2. Configure the instance of OpenSSO Enterprise on the Identity Provider side for the remote Service Provider.

   1. Set up the attribute mapping.

   2. Determine the Service Provider Virtual Federation handler URL.

3. Configure the instance of OpenSSO Enterprise on the Service Provider side for the hosted Service Provider.

   1. Set up trust between Service Provider application and OpenSSO Enterprise Service Provider instance.

      Determine and configure the cryptography type, applicable keys, and application identifiers.

   2. Turn on auto-federation and specify the attribute that will identify the user's identity

   3. Determine the Service Provider Application URL.

   4. Set up attribute mapping.

   5. Determine the Service Provider logout URL.