Previous      Contents      Index      Next
Sun Java Systems Access Manager 6 2005Q1 Federation Management Guide

Contents

List of Figures

List of Tables

List of Code Examples

Preface

Who Should Use This Guide

Before You Read This Guide

Conventions Used in This Guide

Typographic Conventions

Symbols

Default Paths and File Names

Shell Prompts

Access Manager Documentation Set

Access Manager Core Documentation

Access Manager Policy Agent Documentation

Related JES Product Documentation

Accessing Sun Resources Online

Contacting Sun Technical Support

Related Third-Party Web Site References

Sun Welcomes Your Feedback

Part I Liberty Specifications and Federation Management

Chapter 1   Introduction to the Liberty Alliance Project

Overview

LAP Members

LAP Objectives

The Concept of Identity

The Concept of Identity Federation

Liberty Alliance Project Concepts

The Liberty Alliance Project Specifications

Liberty Identity Federation Framework

Single Sign-on and Federation Protocol

Name Registration Protocol

Federation Termination Protocol

Single Log-out Protocol

Name Identifier Mapping Protocol

Additional ID-FF Documents

Liberty Identity Web Services Framework

SOAP Binding Specification

Discovery Service Specification

Security Mechanisms Specification

Data Services Template Specification

Interaction Service Specification

Authentication Service Specification

Client Profiles for Liberty-enabled User Agents or Devices

Additional ID-WSF Documents

Liberty Identity Service Interface Specifications

Personal Profile Service

Employee Profile Service

Supporting Documents

Deploying a Liberty-based System

Size Up Your IT Staff

Clean Your Directory Data

Draft Business Agreements

Liberty-compliant Technology

Chapter 2   Implementation of the Liberty Specifications

Overview

Name Identifier Mapping Protocol

Single Sign-on and Federation Protocol

Dynamic Identity Provider Proxying

Affiliation Federation

One-Time Federation

Name Identifier Encryption Profile

Liberty Metadata Description and Discovery Specification

Liberty Use Cases

Unified Access to Intranet Resources

Integrated Partner Networks

Sample Use Case Process

Access Manager Implementations

Web Services

Authentication Web Service

Discovery Service

Liberty Personal Profile Service

SOAP Binding

Application Programming Interfaces

Federation Management Module

Packages and Global Interfaces

Liberty-based Samples

Chapter 3   Federation Management

Overview

The Federation Management Interface

The Process of Federation

Pre-login Process

Single Sign-on Process

Common Domain Services

Installing the Common Domain Services

Common Domain Service URLs

Federation Management

Authentication Domains

Creating and Maintaining Authentication Domains

To Create An Authentication Domain

To Modify An Authentication Domain

To Delete An Authentication Domain

Entity Descriptors

Provider Entity Descriptor

Affiliate Entity Descriptor

Creating and Maintaining Entity Descriptors

To Create an Entity Descriptor of Either Type

To Configure a Provider Entity Descriptor

To Configure an Affiliate Entity Descriptor

To Delete an Entity Descriptor of Either Type

Federation Management API

Federation Management Samples

Installing Access Manager

Updating and Loading the Metadata

Deploying the Service Provider

To Configure AMClient.properties

To Create a WAR File for SP1

To Deploy the Service Provider WAR File

Deploying the Identity Provider

To Configure AMClient.properties

To Create a WAR File for IDP1

To Deploy the Identity Provider WAR File

Creating and Managing a Federation

To Federate the Service Provider and Identity Provider Accounts

To Accomplish Single Sign-On

To Perform a Single Logout

To Terminate Account Federation

Part II Liberty-based Web Services

Chapter 4   Authentication Web Service

Overview

XML Service File

Application Programming Interfaces

Authentication Web Service Process

Authentication Web Service Attribute

Mechanism Handler List

key Parameter

class Parameter

Authentication Web Service Interfaces

com.sun.identity.liberty.ws.authnsvc

com.sun.identity.liberty.ws.authnsvc.protocol

Authentication Web Service Sample

Chapter 5   Data Services

Overview

Data Services Template Specifications

Liberty Personal Profile Service

XML Service File

XSD Schema Definition

Liberty Employee Profile Service

XML Service File

XSD Schema Definition

Data Services Template API

Liberty Personal Profile Service

The Liberty Personal Profile Service Process

Liberty Personal Profile Service Attributes

ResourceID Mapper

Authorizer

Attribute Mapper

Provider ID

Name Scheme

Namespace Prefix

Supported Containers

PPLDAP Attribute Map List

Require Query PolicyEval

Require Modify PolicyEval

Extension Container Attributes

Extension Attributes Namespace Prefix

Is ServiceUpdate Enabled

Service Instance Update Class

Alternate Endpoint

Liberty Employee Profile Service

Data Services Template API

com.sun.identity.liberty.ws.dst

com.sun.identity.liberty.ws.dst.service

Developing A New Data Service

Chapter 6   Discovery Service

Overview

Discovery Entries

XML Service Files

Application Programming Interfaces

com.sun.identity.liberty.ws.disco

com.sun.identity.liberty.ws.disco.plugins

com.sun.identity.liberty.ws.interfaces

Discovery Service Architecture

Discovery Service Process

Discovery Service Attributes

Provider ID

Supported Authentication Mechanisms

Supported Directives

Enable Policy Evaluation for DiscoveryLookup

Enable Policy Evaluation for DiscoveryUpdate

Authorizer Plugin Class

Entry Handler Plugin Class

Classes For ResourceIDMapper Plugin

Authenticate Response Message

Generate SessionContextStatement for Bootstrapping

Encrypt NameIdentifier in Session Context for Bootstrapping

Use Implied Resource; don't generate ResourceID for Bootstrapping

Resource Offerings for Bootstrapping Resources

Discovery Entries and Resource Offerings

Storing Discovery Entries as User Attributes

Storing Discovery Entries as Dynamic Attributes

Storing Discovery Entries for Bootstrapping

Discovery Service Interfaces

DefaultDiscoAuthorizer Implementation

Default ResourceIDMapper Implementations

DiscoEntryHandler Interface

Client APIs

Discovery Service Sample

Chapter 7   SOAP Binding Service

Overview

XML Service File

Application Programming Interfaces

SOAP Binding Process

SOAP Binding Attributes

Request Handler List

key Parameter

class Parameter

Web Service Authenticator

Supported Authentication Mechanisms

SOAP Binding Interfaces

Chapter 8   Application Programming Interfaces

Overview of Public Interfaces

Common Service Interfaces

com.sun.identity.liberty.ws.common

com.sun.identity.liberty.ws.interfaces

Authorizer

ResourceIDMapper

Common Security API

com.sun.identity.liberty.ws.security

com.sun.identity.liberty.ws.common.wsse

Interaction Service API

Configuring the Interaction Service

Interaction Service API

PAOS Binding

PAOS vs. SOAP

PAOS Binding API

PAOS Binding Sample

Part III Appendices

Appendix A   Included Samples

Overview

Federation Framework Samples

sample1

sample2

sample3

Web Services Framework Samples

wsc

sis-ep

paos

authnsvc

Appendix B   Service Schema Files

Overview

SOAP Binding Schema

Personal Profile Schema

Employee Profile Schema

Authentication Web Service Schema

PAOS Binding Schema

Metadata Description Schema

Glossary

Index

Previous      Contents      Index      Next

---

Part No: 817-7648.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.