This final part of Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0 contains technical configurations and other information regarding this deployment.
Appendix A, Identity Provider Directory Server Host Machines, Load Balancer and Test User
Appendix B, Service Provider Directory Server Host Machines, Load Balancer and Test User
Appendix C, Identity Provider OpenSSO Enterprise Host Machines and Load Balancers
Appendix D, Service Provider OpenSSO Enterprise Host Machines and Load Balancers
Appendix E, Service Provider Protected Resource Host Machine Web Containers and Policy Agents
The BIG-IP load balancer login page and configuration console for all load balancers in this deployment example is accessed from the URL, is-f5.example.com.
username
password
This appendix collects the information regarding the Directory Server instances. It contains the following tables:
Components |
Description | |
---|---|---|
Host Name |
ds1.idp-example.com |
|
Installation Directory |
/var/opt/mps/serverroot/ |
|
Administrator User |
cn=Directory Manager |
|
Administrator Password |
dsmanager |
|
User Data Instance |
Instance Name |
idp-users |
Instance Directory |
/var/opt/mps/idp-users |
|
Port Number |
1489 (LDAP) 1736 (LDAPS) |
|
Base Suffix |
dc=company,dc=com |
|
Users Suffix |
ou=users,dc=company,dc=com |
|
Administrative User |
cn=Directory Manager |
|
Administrative User Password |
dsmanager |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
replmanager |
Table A–2 Sun Java System Directory Server 2 Host Machine
Component |
Description | |
---|---|---|
Host Name |
ds2.idp-example.com |
|
Installation Directory |
/var/opt/mps/serverroot/ |
|
Administrator User |
cn=Directory Manager |
|
Administrator Password |
dsmanager |
|
User Data Instance |
Instance Name |
idp-users |
Instance Directory |
/var/opt/mps/idp-users |
|
Port Number |
1489 (LDAP) 1736 (LDAPS) |
|
Base Suffix |
dc=company,dc=com |
|
Users Suffix |
ou=users,dc=company,dc=com |
|
Administrative User |
cn=Directory Manager |
|
Administrative User Password |
dsmanager |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
replmanager |
Table A–3 Load Balancer for Directory Server Host Machines
Component |
Description | |
---|---|---|
URL |
lb1.idp-example.com |
|
Method |
Round Robin |
|
Protected Servers |
ds1.idp-example.com:1736 ds2.idp-example.com:1736 |
|
Virtual Servers |
lb1.idp-example.com:489 |
|
Monitors |
ds1.idp-example.com:1736 ds2.idp-example.com:1736 |
Table A–4 Test User Entry
UserID |
Description | |
---|---|---|
idpuser |
Password |
idpuser |
DN |
uid=idpuser1,ou=users,dc=company,dc=com |
This appendix collects the information regarding the Directory Server instances. It contains the following tables:
Components |
Description | |
---|---|---|
Host Name |
ds1.sp-example.com |
|
Installation Directory |
/var/opt/mps/serverroot/ |
|
Administrator User |
cn=Directory Manager |
|
Administrator Password |
dsmanager |
|
User Data Instance |
Instance Name |
sp-users |
Instance Directory |
/var/opt/mps/sp-users |
|
Port Number |
1489 (LDAP) 1736 (LDAPS) |
|
Base Suffix |
o=spusers.com |
|
Users Suffix |
ou=users,o=spusers.com |
|
Administrative User |
cn=Directory Manager |
|
Administrative User Password |
dsmanager |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
replmanager |
Table B–2 Sun Java System Directory Server 2 Host Machine
Component |
Description | |
---|---|---|
Host Name |
ds2.sp-example.com |
|
Installation Directory |
/var/opt/mps/serverroot/ |
|
Administrator User |
cn=Directory Manager |
|
Administrator Password |
dsmanager |
|
User Data Instance |
Instance Name |
sp-users |
Instance Directory |
/var/opt/mps/sp-users |
|
Port Number |
1489 (LDAP) 1736 (LDAPS) |
|
Base Suffix |
o=spusers.com |
|
Users Suffix |
ou=users,o=spusers.com |
|
Administrative User |
cn=Directory Manager |
|
Administrative User Password |
dsmanager |
|
Replication Manager |
cn=replication manager,cn=replication,cn=config |
|
Replication Manager Password |
replmanager |
Table B–3 Load Balancer for Directory Server Host Machines
Component |
Description | |
---|---|---|
URL |
lb3.sp-example.com |
|
Method |
Round Robin |
|
Protected Servers |
ds1.sp-example.com:1736 ds2.sp-example.com:1736 |
|
Virtual Servers |
lb3.sp-example.com:489 |
|
Monitors |
ds1.sp-example.com:1736 ds2.sp-example.com:1736 |
Table B–4 Test User Entry
UserID |
Description | |
---|---|---|
spuser |
Password |
spuser |
DN |
uid=spuser1,ou=users,o=spusers.com |
This appendix collects the information regarding the identity provider OpenSSO Enterprise host machines.
Component |
Description | |
---|---|---|
Host Name |
osso1.idp-example.com | |
Non-Root User |
osso80adm | |
Non-Root User Password |
nonroot1pwd | |
Sun Java System Application Server Administrative Server |
Installation Directory |
/opt/SUNWappserver91 |
Administrative User |
admin |
|
Administrative User Password |
domain1pwd |
|
Ports |
4848 (administration) 8080 (HTTP) 8181 (HTTPS) |
|
Default Domain Name |
domain1 |
|
Administrative Console URL |
http://osso1.idp-example.com:4848 |
|
Sun Java System Application Server Non-Root User Domain |
Name |
ossodomain |
Directory |
/export/osso80adm/domains/ |
|
Administrative User |
domain2adm |
|
Administrative User Password |
domain2pwd |
|
Master Password |
domain2master |
|
Ports |
8989 (administration) 1080 (HTTP) 1081 (HTTPS) |
|
Administrative Console URL |
http://osso2.idp-example.com:8989 |
|
OpenSSO Enterprise |
Administrative User |
amadmin |
Administrative User Password |
ossoadmin |
|
Configuration Data Store |
Embedded |
|
User Data Store |
lb2.idp-example.com:489 |
|
Agent User |
agentuser |
|
Agent User Password |
agentuser |
|
Administrative Console URL |
https://osso2.idp-example.com:1081/opensso/console |
Table C–2 OpenSSO Enterprise 2 Host Machine
Component |
Description | |
---|---|---|
Host Name |
osso2.idp-example.com | |
Non-Root User |
osso80adm | |
Non-Root User Password |
nonroot2pwd | |
Sun Java System Application Server Administrative Server |
Installation Directory |
/opt/SUNWappserver91 |
Administrative User |
admin |
|
Administrative User Password |
domain1pwd |
|
Ports |
4848 (administration) 8080 (HTTP) 8181 (HTTPS) |
|
Default Domain Name |
domain1 |
|
Administrative Console URL |
http://osso2.idp-example.com:4848 |
|
Sun Java System Application Server Non-Root User Domain |
Name |
ossodomain |
Directory |
/export/osso80adm/domains/ |
|
Administrative User |
domain2adm |
|
Administrative User Password |
domain2pwd |
|
Master Password |
domain2master |
|
Ports |
8989 (administration) 1080 (HTTP) 1081 (HTTPS) |
|
Administrative Console URL |
http://osso2.idp-example.com:8989 |
|
OpenSSO Enterprise |
Administrative User |
amadmin |
Administrative User Password |
ossoadmin |
|
Configuration Data Store |
Embedded |
|
User Data Store |
lb2.idp-example.com:489 |
|
Agent User |
agentuser |
|
Agent User Password |
agentuser |
|
Administrative Console URL |
https://osso2.idp-example.com:1081/opensso/console |
Table C–3 Load Balancer for OpenSSO Enterprise Host Machines
Component |
Description | |
---|---|---|
URL |
lb2.idp-.example.com |
|
Method |
Round Robin |
|
Protected Servers |
osso1.idp-example.com:1081 osso2.idp-example.com:1081 |
|
Virtual Servers |
lb2.idp-example.com:489 |
|
Monitors |
osso1.idp-example.com:1081 osso2.idp-example.com:1081 |
|
Cookie Name |
amlbcookie |
This appendix collects the information regarding the service provider OpenSSO Enterprise host machines.
Component |
Description | |
---|---|---|
Host Name |
osso1.sp-example.com | |
Non-Root User |
osso80adm | |
Non-Root User Password |
nonroot1pwd | |
Sun Java System Application Server Administrative Server |
Installation Directory |
/opt/SUNWappserver91 |
Administrative User |
admin |
|
Administrative User Password |
domain1pwd |
|
Ports |
4848 (administration) 8080 (HTTP) 8181 (HTTPS) |
|
Default Domain Name |
domain1 |
|
Administrative Console URL |
http://osso1.sp-example.com:4848 |
|
Sun Java System Application Server Non-Root User Domain |
Name |
ossodomain |
Directory |
/export/osso80adm/domains/ |
|
Administrative User |
domain2adm |
|
Administrative User Password |
domain2pwd |
|
Master Password |
domain2master |
|
Ports |
8989 (administration) 1080 (HTTP) 1081 (HTTPS) |
|
Administrative Console URL |
http://osso2.sp-example.com:8989 |
|
OpenSSO Enterprise |
Administrative User |
amadmin |
Administrative User Password |
ossoadmin |
|
Configuration Data Store |
Embedded |
|
User Data Store |
lb2.isp-example.com:489 |
|
Agent User |
agentuser |
|
Agent User Password |
agentuser |
|
Administrative Console URL |
https://osso2.sp-example.com:1081/opensso/console |
Table D–2 OpenSSO Enterprise 2 Host Machine
Component |
Description | |
---|---|---|
Host Name |
osso2.sp-example.com | |
Non-Root User |
osso80adm | |
Non-Root User Password |
nonroot2pwd | |
Sun Java System Application Server Administrative Server |
Installation Directory |
/opt/SUNWappserver91 |
Administrative User |
admin |
|
Administrative User Password |
domain1pwd |
|
Ports |
4848 (administration) 8080 (HTTP) 8181 (HTTPS) |
|
Default Domain Name |
domain1 |
|
Administrative Console URL |
http://osso2.sp-example.com:4848 |
|
Sun Java System Application Server Non-Root User Domain |
Name |
ossodomain |
Directory |
/export/osso80adm/domains/ |
|
Administrative User |
domain2adm |
|
Administrative User Password |
domain2pwd |
|
Master Password |
domain2master |
|
Ports |
8989 (administration) 1080 (HTTP) 1081 (HTTPS) |
|
Administrative Console URL |
http://osso2.sp-example.com:8989 |
|
OpenSSO Enterprise |
Administrative User |
amadmin |
Administrative User Password |
ossoadmin |
|
Configuration Data Store |
Embedded |
|
User Data Store |
lb2.sp-example.com:489 |
|
Agent User |
agentuser |
|
Agent User Password |
agentuser |
|
Administrative Console URL |
https://osso2.sp-example.com:1081/opensso/console |
Table D–3 Load Balancer for OpenSSO Enterprise Host Machines
Component |
Description | |
---|---|---|
URL |
lb4.sp-.example.com |
|
Method |
Round Robin |
|
Protected Servers |
osso1.sp-example.com:1081 osso2.sp-example.com:1081 |
|
Virtual Servers |
lb2.sp-example.com:489 |
|
Monitors |
osso1.sp-example.com:1081 osso2.sp-example.com:1081 |
|
Cookie Name |
amlbcookie |
This appendix collects the information regarding the web containers and policy agents installed on the Protected Resource host machine.
Table E–1 Protected Resource 1 Host Machine
Component |
Description | |
---|---|---|
Host Name |
pr1.sp-example.com |
|
BEA WebLogic Server Administration Server |
Home Directory |
/usr/local/bea |
Installation Directory |
/usr/local/bea/weblogic10 |
|
Domain Directory |
/usr/local/bea/user_projects/domains/pr1 |
|
Administration Server Directory |
/usr/local/bea/user_projects/domains/pr1/servers/AdminServer |
|
Administrator |
weblogic |
|
Administrator Password |
bea10admin |
|
Port |
7001 |
|
Administration Console URL |
http://pr1.sp-example.com:7001/console |
|
BEA WebLogic Server Managed Server |
Managed Server Directory |
/usr/local/bea/user_projects/domains/pr1/servers/ApplicationServer-1 |
Port |
1081 |
|
OpenSSO Enterprise URL |
https://lb4.sp-example.com:1081/opensso |
|
J2EE Policy Agent for BEA WebLogic Server |
J2EE Agent Profile Name |
j2eeagent–1 |
J2EE Agent Profile Password |
j2eeagent1 |
|
J2EE Agent URL |
http://pr1.sp-example.com:1081/agentapp |
|
Sun Java System Web Server Administration Server |
Installation Directory |
/opt/SUNWwbsvr/ |
Default Administration Directory |
/opt/SUNWwbsvr/admin-server |
|
Default Administrator |
admin |
|
Default Administrator Password |
web4dmin |
|
Runtime User ID |
root |
|
Ports |
8989 (SSL) 1080 (HTTP) |
|
Sun Java System Web Server Instance |
Instance Name |
pr1.sp-example.com |
Instance Directory |
/opt/SUNWwbsvr/https-pr-1.example.com |
|
Port |
1080 |
|
Service URL |
http://pr1.sp-example.com:1080 |
|
Web Policy Agent for Sun Java System Web Server |
Web Agent Profile Name |
webagent-1 |
Web Agent Profile Password |
webagent1 |
This appendix contains the snoop.jsp file used in .
<HTML> <HEAD> <TITLE>JSP snoop page</TITLE> <%@ page import="javax.servlet.http. HttpUtils,java.util.Enumeration" %> </HEAD> <BODY> <H1>JSP Snoop page</H1> FIGURE 16?1 Output from snoop.jsp Example 16?1 16.1 Mapping User Attributes fromthe Identity Provider to a Single User on the Service Provider 284 Deployment Example 2: Federation Using SAML v2 ? April 2007 <H2>Request information</H2> <TABLE> <TR> <TH align=right>Requested URL:</TH> <TD><%= HttpUtils.getRequestURL(request) %></TD> </TR> <TR> <TH align=right>Request method:</TH> <TD><%= request.getMethod() %></TD> </TR> <TR> <TH align=right>Request URI:</TH> <TD><%= request.getRequestURI() %></TD> </TR> <TR> <TH align=right>Request protocol:</TH> <TD><%= request.getProtocol() %></TD> </TR> <TR> <TH align=right>Servlet path:</TH> <TD><%= request.getServletPath() %></TD> </TR> <TR> <TH align=right>Path info:</TH> <TD><%= request.getPathInfo() %></TD> </TR> <TR> <TH align=right>Path translated:</TH> <TD><%= request.getPathTranslated() %></TD> </TR> <TR> <TH align=right>Query string:</TH> <TD><%= request.getQueryString() %></TD> </TR> <TR> <TH align=right>Content length:</TH> <TD><%= request.getContentLength() %></TD> </TR> <TR> <TH align=right>Content type:</TH> <TD><%= request.getContentType() %></TD> <TR> <TR> <TH align=right>Server name:</TH> <TD><%= request.getServerName() %></TD> 16.1 Mapping User Attributes fromthe Identity Provider to a Single User on the Service Provider Chapter 16 ? Use Case 2: User AttributeMapping 285 <TR> <TR> <TH align=right>Server port:</TH> <TD><%= request.getServerPort() %></TD> <TR> <TR> <TH align=right>Remote user:</TH> <TD><%= request.getRemoteUser() %></TD> <TR> <TR> <TH align=right>Remote address:</TH> <TD><%= request.getRemoteAddr() %></TD> <TR> <TR> <TH align=right>Remote host:</TH> <TD><%= request.getRemoteHost() %></TD> <TR> <TR> <TH align=right>Authorization scheme:</TH> <TD><%= request.getAuthType() %></TD> <TR> </TABLE> <% Enumeration e = request.getHeaderNames(); if(e != null && e.hasMoreElements()) { %> <H2>Request headers</H2> <TABLE> <TR> <TH align=left>Header:</TH> <TH align=left>Value:</TH> </TR> <% while(e.hasMoreElements()) { String k = (String) e.nextElement(); %> <TR> <TD><%= k %></TD> <TD><%= request.getHeader(k) %></TD> </TR> <% } %> </TABLE> <% 16.1 Mapping User Attributes fromthe Identity Provider to a Single User on the Service Provider 286 Deployment Example 2: Federation Using SAML v2 ? April 2007 } %> <% e = request.getParameterNames(); if(e != null && e.hasMoreElements()) { %> <H2>Request parameters</H2> <TABLE> <TR valign=top> <TH align=left>Parameter:</TH> <TH align=left>Value:</TH> <TH align=left>Multiple values:</TH> </TR> <% while(e.hasMoreElements()) { String k = (String) e.nextElement(); String val = request.getParameter(k); String vals[] = request.getParameterValues(k); %> <TR valign=top> <TD><%= k %></TD> <TD><%= val %></TD> <TD><% for(int i = 0; i < vals.length; i++) { if(i > 0) out.print("<BR>"); out.print(vals[i]); } %></TD> </TR> <% } %> </TABLE> <% } %> <% e = getServletConfig().getInitParameterNames(); if(e != null && e.hasMoreElements()) { %> <H2>Init parameters</H2> <TABLE> <TR valign=top> 16.1 Mapping User Attributes fromthe Identity Provider to a Single User on the Service Provider Chapter 16 ? Use Case 2: User AttributeMapping 287 <TH align=left>Parameter:</TH> <TH align=left>Value:</TH> </TR> <% while(e.hasMoreElements()) { String k = (String) e.nextElement(); String val = getServletConfig().getInitParameter(k); %> <TR valign=top> <TD><%= k %></TD> <TD><%= val %></TD> </TR> <% } %> </TABLE> <% } %> </BODY> </HTML> |
The issues in this appendix will be updated as more information becomes available.
Table G–1 Known Issues and Limitations
Reference Number |
Description |
---|---|
4510 |
Creating a non-root domain Shows a FileNotFoundException For more information, see Issue 4510 on https://glassfish.dev.java.net/. |