Name identifiers are used by the identity provider and the service provider to communicate with each other regarding a user. In this test, a persistent identifier is used to federate the identity provider's user profile with the same user's profile on the service provider side.
To Test Persistent Federation Using the Browser Artifact Profile
To Test Persistent Federation Using the Browser POST Profile
Enter the persistent federation URL in a web browser: https://lb4.sp-example.com:1081/opensso/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=https://lb2.idp-example.com:1081/opensso.
The request is directed to OpenSSO Enterprise on the identity provider side for authentication.
Log in to the OpenSSO Enterprise console as test user.
idpuser
idpuser
The request is redirected to OpenSSO Enterprise on the service provider side.
Log in to the OpenSSO Enterprise console as the test user.
spuser
spuser
The browser message “Single Sign-On succeeded” is displayed confirming federation has succeeded.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.
Enter the persistent federation URL in a web browser: https://lb4.sp-example.com:1081/opensso/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=https://lb2.idp-example.com:1081/opensso&binding=HTTP-POST.
The request is directed to OpenSSO Enterprise on the identity provider side for authentication.
Log in to the OpenSSO Enterprise console as a test user.
idpuser
idpuser
The request is redirected to OpenSSO Enterprise on the service provider side.
Log in to the OpenSSO Enterprise console as a test user.
spuser
spuser
The browser message “Single Sign-On succeeded” is displayed confirming federation has succeeded.
(Optional) To view the SAML v2 assertion used, see the debug file in /export/ossoadm/config/opensso/debug/Federation.