test

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Create an SSL Proxy for SSL Termination at the OpenSSO Enterprise Load Balancer 2

SSL communication is terminated at Load Balancer 2. The request is then re-encrypted and securely forwarded to OpenSSO Enterprise. When clients send an SSL-encrypted request to Load Balancer 2, it decrypts the request and re-encrypts it before sending it on to the OpenSSO Enterprise SSL port. Load Balancer 2 also encrypts the responses it receives back from OpenSSO Enterprise, and sends these encrypted responses back to the client. Towards this end create an SSL proxy for SSL termination and regeneration.

Before You Begin

Use the same root certificate that you imported in 7.4 Enabling Secure Communication for the Directory Server User Data Instances. For more information, see 3.3 Obtaining Secure Socket Layer Certificates.

  1. Access https://is-f5.example.com, the BIG-IP load balancer login page, in a web browser.

  2. Log in to the BIG-IP console as the administrator.

  3. Click Configure your BIG-IP (R) using the Configuration Utility.

  4. In the left pane, click Proxies.

  5. Under the Proxies tab, click Add.

  6. In the Add Proxy dialog, provide the following information.

    Proxy Type:

    Check the SSL and ServerSSL checkbox.

    Proxy Address:

    The IP address of Load Balancer 2.

    Proxy Service:

    1081

    The secure port number

    Destination Address:

    The IP address of Load Balancer 2.

    Destination Service:

    1082

    The non-secure port number

    Destination Target:

    Choose Local Virtual Server.

    SSL Certificate:

    Choose lb2.sp-example.com.

    SSL Key:

    Choose lb2.sp-example.com.

    Enable ARP:

    Check this checkbox.

  7. Click Next.

  8. On the page starting with “Insert HTTP Header String,” change to Rewrite Redirects and choose Matching.

  9. Click Next.

  10. On the page starting with “Server Chain File,” change to Server Trusted CA's File, select “ca.cer” from the drop-down list.

  11. Click Done.

    The new proxy server is added to the Proxy Server list.

  12. Log out of the load balancer console.

  13. Access https://lb2.sp-example.com:1081/index.html from a web browser.

    If the Application Server index page is displayed, you can access it using the new proxy server port number and the load balancer is configured properly.

    Tip –

    A message may be displayed indicating that the browser doesn't recognize the certificate issuer. If this happens, install the CA root certificate in the browser so that the browser recognizes the certificate issuer. See your browser's online help system for information on installing a root CA certificate.

  14. Close the browser.