About the Oracle OpenSSO Fedlet

The Oracle OpenSSO Fedlet is a lightweight service provider (SP) implementation that can be deployed with a Java or .NET service provider application, enabling the application to communicate with an identity provider (IDP) such as Oracle OpenSSO 8.0 Update 2 using the SAMLv2 protocol. The Fedlet has two versions, depending on your platform:

The Java Fedlet was first released in OpenSSO 8.0. For information, see Chapter 5, Using the OpenSSO Enterprise Fedlet to Enable Identity Federation, in Sun OpenSSO Enterprise 8.0 Deployment Planning Guide.
The .NET Fedlet was released in OpenSSO 8.0 Update 1. For information, see Chapter 10, Using the ASP.NET Fedlet with OpenSSO Enterprise 8.0 Update 1, in Sun OpenSSO Enterprise 8.0 Update 1 Release Notes.

In Oracle OpenSSO 8.0 Update 2, the Fedlet is available as follows:

After you unzip the OpenSSO 8.0 Update 2 ZIP file, both the Java Fedlet and .NET Fedlet are available in the following file:

zip-root/opensso/fedlet/fedlet-unconfigured.zip, where zip-root is where you unzipped the Oracle OpenSSO 8.0 Update 2 ZIP file.
After you install Oracle OpenSSO 8.0 Update 2, you can create the Java Fedlet in the OpenSSO 8.0 Administration Console using the Create Fedlet work flow under Common Tasks.

Requirements for the Oracle OpenSSO Fedlet

The Fedlet has the following requirements:

Oracle OpenSSO 8.0 Update 2 supported web container, if you plan to deploy the fedlet.war, or a Java service provider application that is integrated with the Fedlet. See the Hardware and Software Requirements For OpenSSO 8.0 Update 2.
Microsoft Internet Information Server (IIS) 7.0 and later, if you plan to deploy the .NET Fedlet
JDK 1.6.x and later

Oracle OpenSSO Fedlet Configuration

This section describes how to initially configure the Fedlet with a service provider application:

To Configure the Java Fedlet
To Configure the .NET Fedlet

After you finish the initial configuration for the Fedlet, continue with any additional configuration you want to perform. Several considerations are:

If you modify the Fedlet sp.xml file, you must re-import this file into your identity provider.
If you make other Fedlet configuration changes on the service provider side, convey this information to the identity provider administrator, so that the required configuration changes can be made on the identity provider side.

To Configure the Java Fedlet

On the identity provider side, generate the XML metadata for the identity provider and save the metadata in a file named idp.xml.
For Oracle OpenSSO 8.0 Update 2, use exportmetadata.jsp. For example:
```
http://opensso-idp.example.com:8080/opensso/saml2/jsp/exportmetadata.jsp
```
On the service provider side, unzip the Fedlet ZIP file (if necessary).
Create the Fedlet home directory, which is the directory where the Fedlet reads its metadata, circle of trust, and configuration properties files.
The default location is the fedlet subdirectory under the home directory of the user running the Fedlet web container (indicated by the user.home JVM property). For example, if this home directory is /home/webservd, the Fedlet home directory is:
```
/home/webservd/fedlet
```
To change the Fedlet default home directory, set the value of the JVM run-time com.sun.identity.fedlet.home property to the desired location. For example:
```
-Dcom.sun.identity.fedlet.home=/export/fedlet/conf
```
The Fedlet then reads its metadata, circle of trust, and configuration files from the /export/fedlet/conf directory.
Copy the following files from the Java Fedlet java/conf directory to the Fedlet home directory:
- sp.xml-template
- sp-extended.xml-template
- idp-extended.xml-template
- fedlet.cot-template
In the Fedlet home directory, rename the files you copied and drop -template from each name.

In the files you copied and renamed in the Fedlet home directory, replace the tags as shown in the next table:

Tag	Replace With
`FEDLET_COT`	Name of the circle of trust (COT) of which the remote identity provider and the Java Fedlet service provider application are members.
`FEDLET_ENTITY_ID`	ID (name) of the Java Fedlet service provider application. For example: `fedletsp`
`FEDLET_PROTOCOL`	Protocol of the web container for the Java Fedlet service provider application (such as `fedlet.war`). For example: `https`
`FEDLET_HOST`	Host name of the web container for the Java Fedlet service provider application (such as `fedlet.war`). For example: `fedlet-host.example.com`
`FEDLET_PORT`	Port number of the web container for the Java Fedlet service provider application (such as `fedlet.war`). For example: `80`
`FEDLET_DEPLOY_URI`	URL of the Java Fedlet service provider application. For example: `http://fedletsp.example.com/myFedletApp`
`IDP_ENTITY_ID`	ID (name) of the remote identity provider. For example: `openssoidp`
Note: If the Fedlet service provider or identity provider entity ID contains a percent sign (%) or comma (,), you must escape the character before replacing it in the `fedlet.cot` file. For example, change ”%” to ”%25" and ”," to ”%2C”.

Copy the FedletConfiguration.properties file from the Java Fedlet java/conf directory to the Fedlet home directory.
Copy the identity provider standard metadata XML file (from Step 1) to the Fedlet home directory. This file must be named idp.xml.
Import the Java Fedlet XML metadata file (sp.xml) into the identity provider.
For Oracle OpenSSO 8.0 Update 2, use the Register Remote Service Provider work flow under Common Tasks in the OpenSSO 8.0 Administration Console to import the Java Fedlet service provider metadata and to add the Java Fedlet service provider to a circle of trust.

Next Steps

Depending on your requirements, continue with any additional configuration for the Java Fedlet.

To Configure the .NET Fedlet

On the identity provider side, generate the XML metadata for the identity provider and save the metadata in a file named idp.xml.
For Oracle OpenSSO 8.0 Update 2, use exportmetadata.jsp. For example:
```
http://opensso-idp.example.com:8080/opensso/saml2/jsp/exportmetadata.jsp
```
On the service provider side, unzip the Fedlet ZIP file (if necessary).
Copy the following files from the .NET Fedlet asp.net/conf folder to your application's App_Data folder:
- sp.xml-template
- sp-extended.xml-template
- idp-extended.xml-template
- fedlet.cot-template
In the App_Data folder, rename the files you copied and drop -template from each name.

In the files you copied and renamed in the App_Data folder, replace the tags as shown in the next table:

Tag	Replace With
`FEDLET_COT`	Name of the circle of trust (COT) of which the remote identity provider and the .NET Fedlet service provider application are members.
`FEDLET_ENTITY_ID`	ID (name) of the .NET Fedlet service provider application. For example: `fedletsp`
`FEDLET_DEPLOY_URI`	URL of the .NET Fedlet service provider application. For example: `http://fedletsp.example.com/myFedletApp`
`IDP_ENTITY_ID`	ID (name) of the remote identity provider. For example: `openssoidp`

Copy the identity provider standard metadata XML file (from Step 1) to your application's App_Data folder. This file must be named idp.xml.
Copy the Fedlet.dll and the Fedlet.dll.config files from the .NET Fedlet asp.net/bin folder to the application's bin folder.
Import the .NET Fedlet XML metadata file (sp.xml) into the identity provider.
For Oracle OpenSSO 8.0 Update 2, use the Register Remote Service Provider work flow under Common Tasks in the OpenSSO 8.0 Administration Console to import the .NET Fedlet service provider metadata and to add the .NET Fedlet service provider to a circle of trust.

Next Steps

Depending on your requirements, continue with any additional configuration for the .NET Fedlet.

Skip Navigation Links
Exit Print View
	Oracle OpenSSO 8.0 Update 2 Release Notes