Skip to ContentSun and Oracle Channel Sun How to Buy Log In

Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0

Contidos dentro

Sun OpenSSO Enterprise 8.0

Localizar Mais Documentação

Destaques de Recursos de Suporte

Fazer download desta apostila em PDF (2223 KB)

Anterior: Configuring and Testing the SAML v2 Communications

Part V Appendices

This final part of Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0 contains technical configurations and other information regarding this deployment.

Note –

The BIG-IP load balancer login page and configuration console for all load balancers in this deployment example is accessed from the URL, is-f5.example.com.

Login: username
Password: password

Appendix A Identity Provider Directory Server Host Machines, Load Balancer and Test User

This appendix collects the information regarding the Directory Server instances. It contains the following tables:

Table A–1 Sun Java System Directory Server 1 Host Machine


Components	Description
Host Name	ds1.idp-example.com
Installation Directory	/var/opt/mps/serverroot/
Administrator User	cn=Directory Manager
Administrator Password	dsmanager
User Data Instance	Instance Name	idp-users
	Instance Directory	/var/opt/mps/idp-users
	Port Number	1489 (LDAP) 1736 (LDAPS)
	Base Suffix	dc=company,dc=com
	Users Suffix	ou=users,dc=company,dc=com
	Administrative User	cn=Directory Manager
	Administrative User Password	dsmanager
	Replication Manager	cn=replication manager,cn=replication,cn=config
	Replication Manager Password	replmanager

Table A–2 Sun Java System Directory Server 2 Host Machine


Component	Description
Host Name	ds2.idp-example.com
Installation Directory	/var/opt/mps/serverroot/
Administrator User	cn=Directory Manager
Administrator Password	dsmanager
User Data Instance	Instance Name	idp-users
	Instance Directory	/var/opt/mps/idp-users
	Port Number	1489 (LDAP) 1736 (LDAPS)
	Base Suffix	dc=company,dc=com
	Users Suffix	ou=users,dc=company,dc=com
	Administrative User	cn=Directory Manager
	Administrative User Password	dsmanager
	Replication Manager	cn=replication manager,cn=replication,cn=config
	Replication Manager Password	replmanager

Table A–3 Load Balancer for Directory Server Host Machines


Component	Description
URL	lb1.idp-example.com
Method	Round Robin
Protected Servers	ds1.idp-example.com:1736 ds2.idp-example.com:1736
Virtual Servers	lb1.idp-example.com:489
Monitors	ds1.idp-example.com:1736 ds2.idp-example.com:1736

Table A–4 Test User Entry


UserID	Description
idpuser	Password	idpuser
	DN	uid=idpuser1,ou=users,dc=company,dc=com

Appendix B Service Provider Directory Server Host Machines, Load Balancer and Test User

This appendix collects the information regarding the Directory Server instances. It contains the following tables:

Table B–1 Sun Java System Directory Server 1 Host Machine


Components	Description
Host Name	ds1.sp-example.com
Installation Directory	/var/opt/mps/serverroot/
Administrator User	cn=Directory Manager
Administrator Password	dsmanager
User Data Instance	Instance Name	sp-users
	Instance Directory	/var/opt/mps/sp-users
	Port Number	1489 (LDAP) 1736 (LDAPS)
	Base Suffix	o=spusers.com
	Users Suffix	ou=users,o=spusers.com
	Administrative User	cn=Directory Manager
	Administrative User Password	dsmanager
	Replication Manager	cn=replication manager,cn=replication,cn=config
	Replication Manager Password	replmanager

Table B–2 Sun Java System Directory Server 2 Host Machine


Component	Description
Host Name	ds2.sp-example.com
Installation Directory	/var/opt/mps/serverroot/
Administrator User	cn=Directory Manager
Administrator Password	dsmanager
User Data Instance	Instance Name	sp-users
	Instance Directory	/var/opt/mps/sp-users
	Port Number	1489 (LDAP) 1736 (LDAPS)
	Base Suffix	o=spusers.com
	Users Suffix	ou=users,o=spusers.com
	Administrative User	cn=Directory Manager
	Administrative User Password	dsmanager
	Replication Manager	cn=replication manager,cn=replication,cn=config
	Replication Manager Password	replmanager

Table B–3 Load Balancer for Directory Server Host Machines


Component	Description
URL	lb3.sp-example.com
Method	Round Robin
Protected Servers	ds1.sp-example.com:1736 ds2.sp-example.com:1736
Virtual Servers	lb3.sp-example.com:489
Monitors	ds1.sp-example.com:1736 ds2.sp-example.com:1736

Table B–4 Test User Entry


UserID	Description
spuser	Password	spuser
	DN	uid=spuser1,ou=users,o=spusers.com

Appendix C Identity Provider OpenSSO Enterprise Host Machines and Load Balancers

This appendix collects the information regarding the identity provider OpenSSO Enterprise host machines.

Table C–1 OpenSSO Enterprise 1 Host Machine


Component	Description
Host Name	osso1.idp-example.com
Non-Root User	osso80adm
Non-Root User Password	nonroot1pwd
Sun Java System Application Server Administrative Server	Installation Directory	/opt/SUNWappserver91
	Administrative User	admin
	Administrative User Password	domain1pwd
	Ports	4848 (administration) 8080 (HTTP) 8181 (HTTPS)
	Default Domain Name	domain1
	Administrative Console URL	http://osso1.idp-example.com:4848
Sun Java System Application Server Non-Root User Domain	Name	ossodomain
	Directory	/export/osso80adm/domains/
	Administrative User	domain2adm
	Administrative User Password	domain2pwd
	Master Password	domain2master
	Ports	8989 (administration) 1080 (HTTP) 1081 (HTTPS)
	Administrative Console URL	http://osso2.idp-example.com:8989
OpenSSO Enterprise	Administrative User	amadmin
	Administrative User Password	ossoadmin
	Configuration Data Store	Embedded
	User Data Store	lb2.idp-example.com:489
	Agent User	agentuser
	Agent User Password	agentuser
	Administrative Console URL	https://osso2.idp-example.com:1081/opensso/console

Table C–2 OpenSSO Enterprise 2 Host Machine


Component	Description
Host Name	osso2.idp-example.com
Non-Root User	osso80adm
Non-Root User Password	nonroot2pwd
Sun Java System Application Server Administrative Server	Installation Directory	/opt/SUNWappserver91
	Administrative User	admin
	Administrative User Password	domain1pwd
	Ports	4848 (administration) 8080 (HTTP) 8181 (HTTPS)
	Default Domain Name	domain1
	Administrative Console URL	http://osso2.idp-example.com:4848
Sun Java System Application Server Non-Root User Domain	Name	ossodomain
	Directory	/export/osso80adm/domains/
	Administrative User	domain2adm
	Administrative User Password	domain2pwd
	Master Password	domain2master
	Ports	8989 (administration) 1080 (HTTP) 1081 (HTTPS)
	Administrative Console URL	http://osso2.idp-example.com:8989
OpenSSO Enterprise	Administrative User	amadmin
	Administrative User Password	ossoadmin
	Configuration Data Store	Embedded
	User Data Store	lb2.idp-example.com:489
	Agent User	agentuser
	Agent User Password	agentuser
	Administrative Console URL	https://osso2.idp-example.com:1081/opensso/console

Table C–3 Load Balancer for OpenSSO Enterprise Host Machines


Component	Description
URL	lb2.idp-.example.com
Method	Round Robin
Protected Servers	osso1.idp-example.com:1081 osso2.idp-example.com:1081
Virtual Servers	lb2.idp-example.com:489
Monitors	osso1.idp-example.com:1081 osso2.idp-example.com:1081
Cookie Name	amlbcookie

Appendix D Service Provider OpenSSO Enterprise Host Machines and Load Balancers

This appendix collects the information regarding the service provider OpenSSO Enterprise host machines.

Table D–1 OpenSSO Enterprise 1 Host Machine


Component	Description
Host Name	osso1.sp-example.com
Non-Root User	osso80adm
Non-Root User Password	nonroot1pwd
Sun Java System Application Server Administrative Server	Installation Directory	/opt/SUNWappserver91
	Administrative User	admin
	Administrative User Password	domain1pwd
	Ports	4848 (administration) 8080 (HTTP) 8181 (HTTPS)
	Default Domain Name	domain1
	Administrative Console URL	http://osso1.sp-example.com:4848
Sun Java System Application Server Non-Root User Domain	Name	ossodomain
	Directory	/export/osso80adm/domains/
	Administrative User	domain2adm
	Administrative User Password	domain2pwd
	Master Password	domain2master
	Ports	8989 (administration) 1080 (HTTP) 1081 (HTTPS)
	Administrative Console URL	http://osso2.sp-example.com:8989
OpenSSO Enterprise	Administrative User	amadmin
	Administrative User Password	ossoadmin
	Configuration Data Store	Embedded
	User Data Store	lb2.isp-example.com:489
	Agent User	agentuser
	Agent User Password	agentuser
	Administrative Console URL	https://osso2.sp-example.com:1081/opensso/console

Table D–2 OpenSSO Enterprise 2 Host Machine


Component	Description
Host Name	osso2.sp-example.com
Non-Root User	osso80adm
Non-Root User Password	nonroot2pwd
Sun Java System Application Server Administrative Server	Installation Directory	/opt/SUNWappserver91
	Administrative User	admin
	Administrative User Password	domain1pwd
	Ports	4848 (administration) 8080 (HTTP) 8181 (HTTPS)
	Default Domain Name	domain1
	Administrative Console URL	http://osso2.sp-example.com:4848
Sun Java System Application Server Non-Root User Domain	Name	ossodomain
	Directory	/export/osso80adm/domains/
	Administrative User	domain2adm
	Administrative User Password	domain2pwd
	Master Password	domain2master
	Ports	8989 (administration) 1080 (HTTP) 1081 (HTTPS)
	Administrative Console URL	http://osso2.sp-example.com:8989
OpenSSO Enterprise	Administrative User	amadmin
	Administrative User Password	ossoadmin
	Configuration Data Store	Embedded
	User Data Store	lb2.sp-example.com:489
	Agent User	agentuser
	Agent User Password	agentuser
	Administrative Console URL	https://osso2.sp-example.com:1081/opensso/console

Table D–3 Load Balancer for OpenSSO Enterprise Host Machines


Component	Description
URL	lb4.sp-.example.com
Method	Round Robin
Protected Servers	osso1.sp-example.com:1081 osso2.sp-example.com:1081
Virtual Servers	lb2.sp-example.com:489
Monitors	osso1.sp-example.com:1081 osso2.sp-example.com:1081
Cookie Name	amlbcookie

Appendix E Service Provider Protected Resource Host Machine Web Containers and Policy Agents

This appendix collects the information regarding the web containers and policy agents installed on the Protected Resource host machine.

Table E–1 Protected Resource 1 Host Machine


Component	Description
Host Name	pr1.sp-example.com
BEA WebLogic Server Administration Server	Home Directory	/usr/local/bea
	Installation Directory	/usr/local/bea/weblogic10
	Domain Directory	/usr/local/bea/user_projects/domains/pr1
	Administration Server Directory	/usr/local/bea/user_projects/domains/pr1/servers/AdminServer
	Administrator	weblogic
	Administrator Password	bea10admin
	Port	7001
	Administration Console URL	http://pr1.sp-example.com:7001/console
BEA WebLogic Server Managed Server	Managed Server Directory	/usr/local/bea/user_projects/domains/pr1/servers/ApplicationServer-1
	Port	1081
	OpenSSO Enterprise URL	https://lb4.sp-example.com:1081/opensso
J2EE Policy Agent for BEA WebLogic Server	J2EE Agent Profile Name	j2eeagent–1
	J2EE Agent Profile Password	j2eeagent1
	J2EE Agent URL	http://pr1.sp-example.com:1081/agentapp
Sun Java System Web Server Administration Server	Installation Directory	/opt/SUNWwbsvr/
	Default Administration Directory	/opt/SUNWwbsvr/admin-server
	Default Administrator	admin
	Default Administrator Password	web4dmin
	Runtime User ID	root
	Ports	8989 (SSL) 1080 (HTTP)
Sun Java System Web Server Instance	Instance Name	pr1.sp-example.com
	Instance Directory	/opt/SUNWwbsvr/https-pr-1.example.com
	Port	1080
	Service URL	http://pr1.sp-example.com:1080
Web Policy Agent for Sun Java System Web Server	Web Agent Profile Name	webagent-1
	Web Agent Profile Password	webagent1

Appendix F The `snoop.jsp` File

This appendix contains the snoop.jsp file used in .

<HTML>
<HEAD>
<TITLE>JSP snoop page</TITLE>
<%@ page import="javax.servlet.http.
HttpUtils,java.util.Enumeration" %>
</HEAD>
<BODY>
<H1>JSP Snoop page</H1>
FIGURE 16?1 Output from snoop.jsp
Example 16?1
16.1 Mapping User Attributes fromthe Identity Provider to 
a Single User on the Service Provider
284 Deployment Example 2: Federation Using SAML v2 ? April 2007
<H2>Request information</H2>
<TABLE>
<TR>
<TH align=right>Requested URL:</TH>
<TD><%= HttpUtils.getRequestURL(request) %></TD>
</TR>
<TR>
<TH align=right>Request method:</TH>
<TD><%= request.getMethod() %></TD>
</TR>
<TR>
<TH align=right>Request URI:</TH>
<TD><%= request.getRequestURI() %></TD>
</TR>
<TR>
<TH align=right>Request protocol:</TH>
<TD><%= request.getProtocol() %></TD>
</TR>
<TR>
<TH align=right>Servlet path:</TH>
<TD><%= request.getServletPath() %></TD>
</TR>
<TR>
<TH align=right>Path info:</TH>
<TD><%= request.getPathInfo() %></TD>
</TR>
<TR>
<TH align=right>Path translated:</TH>
<TD><%= request.getPathTranslated() %></TD>
</TR>
<TR>
<TH align=right>Query string:</TH>
<TD><%= request.getQueryString() %></TD>
</TR>
<TR>
<TH align=right>Content length:</TH>
<TD><%= request.getContentLength() %></TD>
</TR>
<TR>
<TH align=right>Content type:</TH>
<TD><%= request.getContentType() %></TD>
<TR>
<TR>
<TH align=right>Server name:</TH>
<TD><%= request.getServerName() %></TD>
16.1 Mapping User Attributes fromthe Identity Provider 
to a Single User on the Service Provider
Chapter 16 ? Use Case 2: User AttributeMapping 285
<TR>
<TR>
<TH align=right>Server port:</TH>
<TD><%= request.getServerPort() %></TD>
<TR>
<TR>
<TH align=right>Remote user:</TH>
<TD><%= request.getRemoteUser() %></TD>
<TR>
<TR>
<TH align=right>Remote address:</TH>
<TD><%= request.getRemoteAddr() %></TD>
<TR>
<TR>
<TH align=right>Remote host:</TH>
<TD><%= request.getRemoteHost() %></TD>
<TR>
<TR>
<TH align=right>Authorization scheme:</TH>
<TD><%= request.getAuthType() %></TD>
<TR>
</TABLE>
<%
Enumeration e = request.getHeaderNames();
if(e != null && e.hasMoreElements()) {
%>
<H2>Request headers</H2>
<TABLE>
<TR>
<TH align=left>Header:</TH>
<TH align=left>Value:</TH>
</TR>
<%
while(e.hasMoreElements()) {
String k = (String) e.nextElement();
%>
<TR>
<TD><%= k %></TD>
<TD><%= request.getHeader(k) %></TD>
</TR>
<%
}
%>
</TABLE>
<%
16.1 Mapping User Attributes fromthe Identity Provider 
to a Single User on the Service Provider
286 Deployment Example 2: Federation Using SAML v2 ? April 2007
}
%>
<%
e = request.getParameterNames();
if(e != null && e.hasMoreElements()) {
%>
<H2>Request parameters</H2>
<TABLE>
<TR valign=top>
<TH align=left>Parameter:</TH>
<TH align=left>Value:</TH>
<TH align=left>Multiple values:</TH>
</TR>
<%
while(e.hasMoreElements()) {
String k = (String) e.nextElement();
String val = request.getParameter(k);
String vals[] = request.getParameterValues(k);
%>
<TR valign=top>
<TD><%= k %></TD>
<TD><%= val %></TD>
<TD><%
for(int i = 0; i < vals.length; i++) {
if(i > 0)
out.print("<BR>");
out.print(vals[i]);
}
%></TD>
</TR>
<%
}
%>
</TABLE>
<%
}
%>
<%
e = getServletConfig().getInitParameterNames();
if(e != null && e.hasMoreElements()) {
%>
<H2>Init parameters</H2>
<TABLE>
<TR valign=top>
16.1 Mapping User Attributes fromthe Identity Provider 
to a Single User on the Service Provider
Chapter 16 ? Use Case 2: User AttributeMapping 287
<TH align=left>Parameter:</TH>
<TH align=left>Value:</TH>
</TR>
<%
while(e.hasMoreElements()) {
String k = (String) e.nextElement();
String val = getServletConfig().getInitParameter(k);
%>
<TR valign=top>
<TD><%= k %></TD>
<TD><%= val %></TD>
</TR>
<%
}
%>
</TABLE>
<%
}
%>
</BODY>
</HTML>

Appendix G Known Issues and Limitations

The issues in this appendix will be updated as more information becomes available.

Table G–1 Known Issues and Limitations


Reference Number	Description
4510	Creating a non-root domain Shows a FileNotFoundException For more information, see Issue 4510 on `https://glassfish.dev.java.net/`.

Anterior: Configuring and Testing the SAML v2 Communications