test

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

ProcedureTo Configure the J2EE Policy Agent for SAML v2 Communication

  1. Access https://lb4.sp-example.com:1081/opensso/console from a web browser.

  2. Log in to the OpenSSO Enterprise console as the administrator.

    User Name:

    amadmin

    Password:

    ossoadmin

  3. Under the Access Control tab, click / (Top Level Realm).

  4. Click the Agents tab.

  5. Click the J2EE tab.

    j2eeagent-1 is displayed under the Agent table.

  6. Click j2eeagent-1.

    The j2eeagent-1 properties page is displayed.

  7. Click the OpenSSO Services tab.

    The Edit j2eeagent-1 page is displayed.

  8. Click the Login URL link on the Edit j2eeagent-1 page.

  9. Remove the existing value of the OpenSSO Login URL property.

    This value is displayed in the Selected box.

  10. Enter https://lb4.sp-example.com:1081/opensso/spssoinit? metaAlias=/sp&idpEntityID=https://lb2.idp-example.com:1181/opensso in the text box and click Add.

    This URL redirects the agent to the identity provider for authentication.

  11. Enter https://lb4.sp-example.com:1081/opensso/saml2/jsp/spSingleLogoutInit.jsp?idpEntityID=https://lb2.idp-example.com:1181/opensso as a value of the OpenSSO Logout URL attribute and click Add.

  12. Click Save.

  13. Click the Application tab.

  14. Add the following values to the Application Logout URI text boxes and click Add.

    Map Key

    agentsample

    Corresponding Map Value

    /agentsample/logout

  15. Click Save.

  16. Log out of the OpenSSO Enterprise console and close the browser.

  17. Log in to the pr1.sp-example.com host machine.

  18. Restart the WebLogic administration server and managed instance.


    # cd /usr/local/bea/user_projects/domains/pr1/bin
# ./stopManagedWebLogic.sh ApplicationServer-1 t3://localhost:7001
# ./stopWebLogic.sh
# ./startWebLogic.sh
# ./startManagedWebLogic.sh ApplicationServer-1 t3://localhost:7001

  19. Log out of the pr1.sp-example.com host machine.

  20. Verify the configurations with the following sub procedure.

    1. Access http://pr1.sp-example.com:1081/agentsample from a web browser.

      The user is redirected to the OpenSSO Enterprise login page on the identity provider side.

    2. Log in to the OpenSSO Enterprise console as the administrator.

      User Name:

      idpuser

      Password:

      idpuser

      After successful authentication, single sign on is accomplished between the identity provider and the service provider.

  21. Access http://pr1.sp-example.com:1081/agentsample/logout from a web browser.

    The J2EE policy agent sample application welcome page is displayed. The user has successfully logged out of both the identity provider and the service provider.