test

Sun OpenSSO Enterprise 8.0 Administration Guide

ProcedureTo Set Up SAML Single Sign-on

This procedure assumes the following values:

Deployment URI 

opensso

Port 

58080 

Protocol 

http

  1. Write down or copy the value of the Site ID attribute from the destination site (machine B).

    1. Login to the console running at exampleB.com as the default administrator, amadmin.

    2. Click the Federation tab.

    3. Click the SAML button.

    4. Click the sole entry listed under Site Identifiers.

      This takes you to the Edit site identifier page.

    5. Write down or copy the value of the Site ID attribute.

    6. Click Cancel.

    7. Log out of this instance of OpenSSO Enterprise.

  2. Configure the source site (machine A) to trust the destination site (machine B) AND write down or copy the value of the Site ID attribute from the source site.

    1. Login to the console running at exampleA.com as the default administrator, amadmin.

    2. Click the Federation tab.

    3. Click New under Trusted Partners.

      This takes you to the Select trusted partner type and profile page.

    4. Check Artifact and Post under Destination and click Next.

      This takes you to the Add New Trusted Partner page.

    5. Set the values of the following attributes to configure machine B as a trusted partner of machine A:

      name 

      Type the name of the trusted partner. The name will be displayed in the trusted partner table. 

      Source ID 

      Type the Site ID copied from the destination site, machine B, in the previous step. 

      Target 

      The value of this attribute contains the host's domain or domain with port. Do not include the accompanying protocol. For example, exampleB.com and exampleB.com:58080 are valid but, http://exampleB.com:58080.

      SAML URL 

      http://exampleB.com:58080/opensso/SAMLAwareServlet

      HOST LIST 

      exampleB.com

      POST URL 

      http://exampleB.com:58080/opensso/SAMLPOSTProfileServlet

    6. Click Finish.

    7. Click Save.

    8. Click the sole entry listed under Site Identifiers.

      This takes you to the Edit site identifier page.

    9. Write down or copy the value of the Site ID attribute.

    10. Click Cancel to go to previous page.

    11. Log out of OpenSSO Enterprise.

  3. Configure the destination site (machine B) to trust the source site (machine A).

    1. Login to the OpenSSO Enterprise console running at exampleB.com as the default administrator, amadmin.

    2. Click the Federation tab.

    3. Click New under Trusted Partners.

      This takes you to the Select trusted partner type and profile page.

    4. Check Artifact and Post under Source and click Next.

      This takes you to the Add New Trusted Partner page.

    5. Set the values of the following attributes to configure machine A as a trusted partner of machine B:

      Name 

      Type the name of the trusted partner. This will appear in the Trusted Partners table. 

      Source ID 

      Type the Site ID you copied from the source site, machine A, in the previous step. 

      SOAP URL 

      http://exampleA.com:58080/opensso/SAMLSOAPReceiver

      Issuer 

      exampleA.com:58080

      Note –

      If machine B uses https, check SSL under Authentication Type. Be sure to modify the protocol in the other attributes as necessary.

    6. Click Finish.

    7. Click Save.

    8. Log out of OpenSSO Enterprise.