To Modify the Directory Server LDAP Schema for SAML v2 User Data (Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0)

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

Previous: 7.2 Enabling Multi-Master Replication of the User Data Instances
Next: 7.4 Enabling Secure Communication for the Directory Server User Data Instances

To Modify the Directory Server LDAP Schema for SAML v2 User Data

Create an LDIF file with the following information and save it as /tmp/saml.ldif.

This file includes SAML v2 LDAP attributes.

dn: CN=schema
changetype:modify
add:attributeTypes
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.500 
NAME 'sun-fm-saml2-nameid-infokey' 
DESC 'SAML 2.0 Name Identifier Information Key' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 
'Sun Java System Access Management' )

attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.501 
NAME 'sun-fm-saml2-nameid-info' 
DESC 'SAML 2.0 Name Identifier Information' 
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 
'Sun Java System Access Management' )
-
add:objectClasses
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.200 
NAME 'sunFMSAML2NameIdentifier' 
DESC 'SAML 2.0 name identifier objectclass' 
SUP top AUXILIARY MAY 
( sun-fm-saml2-nameid-infokey $ sun-fm-saml2-nameid-info ) 
X-ORIGIN 'Sun Java System Access Management' )

Run ldapmodify on the ds1.sp-example.com host machine using /tmp/saml.ldif as input.

# cd /var/opt/mps/serverroot/dsrk6/bin
# ldapmodify -a -h ds2.sp-example.com -p 1489 
-D "cn=Directory Manager" -w dsmanager -f /tmp/saml.ldif

modifying entry CN=schema

Log out of the ds1.idp-example.com host machine.