Skip to Content
Sun and Oracle
Channel Sun
How to Buy
Log In
한국어
docs.sun.com Home
>
Sun OpenSSO Enterprise 8.0
> Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0
Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0
검색에만이 책은
검색 도움말
Contained Within
Sun OpenSSO Enterprise 8.0
Find More Documentation
문서 제목 찾기
제품 설명서 찾기
Featured Support Resources
Sun 교육 과정
BigAdmin 시스템 관리 포털
Sun 지원 센터
Sun Solve
PDF로 이 문서 다운로드 (2223 KB)
Deployment Example: SAML v2 Using Sun OpenSSO Enterprise 8.0
Book Information
Preface
About This Guide
Before You Read This Book
Related Documentation
OpenSSO Enterprise 8.0 Core Documentation
Related Product Documentation
Searching Sun Product Documentation
Documentation, Support, and Training
Third-Party Web Site References
Sun Welcomes Your Comments
Typographical Conventions
Default Paths and Directory Names
About This Deployment
1. Components and Features
1.1 Key Features of Deployment
1.2 Deployment Architecture and Components
1.2.1 Identity Provider Deployment
1.2.2 Service Provider Deployment
1.3 Sequential Component Interactions
2. Technical Overview
2.1 Host Machines
2.2 Software
2.3 Main Service URLs
2.3.1 Identity Provider Main Service URLs
2.3.2 Service Provider Main Service URLs
2.4 Viewing Replicated Entries
3. Before You Begin
3.1 Technical Reference
3.2 Setting Up the Load Balancers
3.3 Obtaining Secure Socket Layer Certificates
3.4 Resolving Host Names
3.5 Known Issues and Limitations
Building the Identity Provider Environment
4. Installing Sun Java System Directory Server and Creating Instances for User Data
4.1 Installing and Configuring Directory Server 1 and Directory Server 2
To Download the Directory Server Bits and Required Patches to the Host Machines
To Patch the Directory Server Host Machines
To Install Directory Server 1
To Create a User Data Instance on Directory Server 1
To Create a Base Suffix for the User Data Instance on Directory Server 1
To Install Directory Server 2
To Create a User Data Instance on Directory Server 2
To Create a Base Suffix for the User Data Instance on Directory Server 2
4.2 Enabling Multi-Master Replication of the User Data Instances
To Enable Multi-Master Replication for the User Data Instance on Directory Server 1
To Enable Multi-Master Replication for the User Data Instance on Directory Server 2
To Change the Default Replication Manager Password for Each User Data Instance
To Create Replication Agreements for Each User Data Instance
To Initialize the Replication Agreements
To Verify Successful User Data Replication
4.3 Modifying the Directory Server Schema
To Modify the Directory Server LDAP Schema for SAML v2 User Data
4.4 Enabling Secure Communication for the Directory Server User Data Instances
To Import a Root Certificate and a Server Certificate to Directory Server 1
To Import a Root Certificate and a Server Certificate to Directory Server 2
4.5 Configuring the Directory Server Load Balancer
To Import the Root Certificate to Directory Server Load Balancer 1
To Configure the Directory Server Load Balancer 1
4.6 Creating a Test User
To Import Test User Data into the Replicated Directory Server Instances
5. Deploying and Configuring OpenSSO Enterprise
5.1 Installing the Application Server Web Containers
To Patch the OpenSSO Enterprise Host Machines
To Create a Non-Root User on the OpenSSO Enterprise 1 Host Machine
To Install Application Server on the OpenSSO Enterprise 1 Host Machine
To Create a Non-Root User on the OpenSSO Enterprise 2 Host Machine
To Install Application Server on the OpenSSO Enterprise 2 Host Machine
5.2 Configuring the OpenSSO Enterprise Load Balancer
To Request a Certificate for OpenSSO Enterprise Load Balancer 2
To Install the Certificate Authority Root Certificate to OpenSSO Enterprise Load Balancer 2
To Install the Server Certificate to OpenSSO Enterprise Load Balancer 2
To Configure OpenSSO Enterprise Load Balancer 2
To Create an SSL Proxy for SSL Termination at the OpenSSO Enterprise Load Balancer 2
5.3 Deploying and Configuring OpenSSO Enterprise 1 and OpenSSO Enterprise 2
To Generate an OpenSSO Enterprise WAR on the OpenSSO Enterprise 1 Host Machine
To Deploy the OpenSSO Enterprise WAR as OpenSSO Enterprise 1
To Copy the OpenSSO Enterprise WAR to the OpenSSO Enterprise 2 Host Machine
To Deploy the OpenSSO Enterprise WAR File as OpenSSO Enterprise 2
To Configure OpenSSO Enterprise 1
To Configure OpenSSO Enterprise 2
5.4 Configuring the OpenSSO Enterprise Platform Service
To Create a Site on OpenSSO Enterprise 1
To Verify that the OpenSSO Enterprise Site was Configured Properly
5.5 Configuring OpenSSO Enterprise for SAML v2
To Configure OpenSSO Enterprise for the Modified LDAP Schema
6. Configuring OpenSSO Enterprise Realms for User Authentication
6.1 Modifying the Top-Level Realm for Test Users
To Modify the Top-Level Realm for User Authentication
To Verify that a User Can Successfully Authenticate
6.2 Creating and Configuring a Sub Realm for Test Users
To Create a Sub Realm
To Change the User Profile Configuration for the Sub Realm
To Modify the Sub Realm for User Authentication
To Verify That the Sub Realm Can Access the External User Data Store
To Verify That the Sub Realm Subjects Can Successfully Authenticate
Building the Service Provider Environment
7. Installing Sun Java System Directory Server and Creating Instances for User Data
7.1 Installing and Configuring Directory Server 1 and Directory Server 2
To Download the Directory Server Bits and Required Patches to the Directory Server Host Machines
To Patch the Directory Server Host Machines
To Install Directory Server 1
To Create a User Data Instance on Directory Server 1
To Create a Base Suffix for the User Data Instance on Directory Server 1
To Install Directory Server 2
To Create a User Data Instance on Directory Server 2
To Create a Base Suffix for the User Data Instance on Directory Server 2
7.2 Enabling Multi-Master Replication of the User Data Instances
To Enable Multi-Master Replication for User Data Instance on Directory Server 1
To Enable Multi-Master Replication for User Data Instance on Directory Server 2
To Change the Default Replication Manager Password for Each User Data Instance
To Create Replication Agreements for Each User Data Instance
To Initialize the Replication Agreements
To Verify Successful User Data Replication
7.3 Modifying the Directory Server Schema
To Modify the Directory Server LDAP Schema for SAML v2 User Data
7.4 Enabling Secure Communication for the Directory Server User Data Instances
To Install a Root Certificate and a Server Certificate on Directory Server 1
To Install a Root Certificate and a Server Certificate on Directory Server 2
7.5 Configuring the Directory Server Load Balancer
To Import the Root Certificate to the User Data Load Balancer
To Configure Directory Server Load Balancer 1
7.6 Creating a Test User
To Import Test User Data into the Replicated Directory Server Instances
8. Deploying and Configuring OpenSSO Enterprise
8.1 Installing the Application Server Web Containers
To Patch the OpenSSO Enterprise Host Machines
To Create a Non-Root User on the OpenSSO Enterprise 1 Host Machine
To Install Application Server on the OpenSSO Enterprise 1 Host Machine
To Create a Non-Root User on the OpenSSO Enterprise 2 Host Machine
To Install Application Server on the OpenSSO Enterprise 2 Host Machine
8.2 Configuring the OpenSSO Enterprise Load Balancer
To Request a Certificate for OpenSSO Enterprise Load Balancer 2
To Install a CA Root Certificate to OpenSSO Enterprise Load Balancer 2
To Install the Server Certificate to OpenSSO Enterprise Load Balancer 2
To Configure OpenSSO Enterprise Load Balancer 2
To Create an SSL Proxy for SSL Termination at the OpenSSO Enterprise Load Balancer 2
8.3 Deploying and Configuring OpenSSO Enterprise 1 and OpenSSO Enterprise 2
To Generate an OpenSSO Enterprise WAR on the OpenSSO Enterprise 1 Host Machine
To Deploy the OpenSSO Enterprise WAR as OpenSSO Enterprise 1
To Copy the OpenSSO Enterprise WAR to the OpenSSO Enterprise 2 Host Machine
To Deploy the OpenSSO Enterprise WAR File as OpenSSO Enterprise 2
To Configure OpenSSO Enterprise 1
To Configure OpenSSO Enterprise 2
8.4 Configuring the OpenSSO Enterprise Platform Service
To Create a Site on OpenSSO Enterprise 1
To Verify that the OpenSSO Enterprise Site was Configured Properly
8.5 Configuring OpenSSO Enterprise for SAML v2
To Configure OpenSSO Enterprise for the Modified LDAP Schema
9. Configuring OpenSSO Enterprise Realms for User Authentication
9.1 Modifying the Top-Level Realm for Test Users
To Modify the Top-Level Realm for User Authentication
To Verify that a User Can Successfully Authenticate
9.2 Creating and Configuring a Sub Realm for Test Users
To Create a Sub Realm
To Change the User Profile Configuration for the Sub Realm
To Modify the Sub Realm for User Authentication
To Verify That the Sub Realm Can Access the External User Data Store
To Verify That the Sub Realm Subjects Can Successfully Authenticate
10. Configuring the Service Provider Protected Resource Host Machine
10.1 Installing the J2EE Container and J2EE Policy Agent on Protected Resource 1
To Install BEA WebLogic Server on Protected Resource 1
To Configure BEA WebLogic Server on Protected Resource 1
To Import a Certificate Authority Root Certificate to Protected Resource 1
To Install the J2EE Policy Agent on Protected Resource 1
To Deploy and Start the J2EE Policy Agent Housekeeping Application
To Deploy the J2EE Policy Agent Sample Application
To Configure the J2EE Policy Agent to Bypass Application Server Administrator Authentication
To Enable the J2EE Policy Agent to Run in SSO Only Mode
To Configure the J2EE Policy Agent for SAML v2 Communication
10.2 Installing the Web Server and Web Policy Agent on Protected Resource 1
To Patch the Protected Resource 1 Host Machine
To Install and Configure Sun Java System Web Server on Protected Resource 1
To Import a Certificate Authority Root Certificate to Protected Resource 1
To Install and Configure Web Policy Agent on Protected Resource 1
To Enable the Web Policy Agent to Run in SSO Only Mode
To Configure the Web Policy Agent for SAML v2 Communication
Configuring and Testing the SAML v2 Communications
11. Configuring OpenSSO Enterprise for SAML v2
11.1 Configuring OpenSSO Enterprise as the Hosted Identity Provider
To Configure the Hosted Identity Provider
To View the Hosted Identity Provider Metadata in XML Format
11.2 Configuring OpenSSO Enterprise as the Hosted Service Provider
To Configure the Hosted Service Provider
To View the Hosted Service Provider Metadata in XML Format
11.3 Configuring the Hosted Service Provider to Communicate with the Remote Identity Provider
To Import the Remote Identity Provider Metadata into the Hosted Service Provider
12. Testing the SAML v2 Profiles
12.1 Using the OpenSSO Enterprise Common Tasks Wizard
To Test SAML v2 Using the Common Tasks Wizard
12.2 Using Specially Constructed URLs
12.2.1 Testing Identity Provider Initiated URLs
12.2.1.1 Testing Persistent Federation
To Test Persistent Federation Using the Browser Artifact Profile
To Test Persistent Federation Using the Browser POST Profile
12.2.1.2 Testing Single Logout
To Test Single Logout Using Back Channel SOAP Over HTTP
To Test Single Logout Using Front Channel HTTP
12.2.1.3 Testing Single Sign On
To Test Single Sign-On Using the Browser Artifact Profile
To Test Single Sign-On Using the Browser POST Profile
12.2.1.4 Testing Federation Termination
To Test Federation Termination Using Back Channel SOAP Over HTTP
To Test Federation Termination Using Front Channel HTTP
12.2.2 Testing Service Provider Initiated URLs
12.2.2.1 Testing Persistent Federation
To Test Persistent Federation Using the Browser Artifact Profile
To Test Persistent Federation Using the Browser POST Profile
12.2.2.2 Testing Single Logout
To Test Single Logout Using Back Channel SOAP Over HTTP
To Test Single Logout Using Front Channel HTTP
12.2.2.3 Testing Single Sign On
To Test Single Sign On Using the Browser Artifact Profile
To Test Single Sign-On Using the Browser POST Profile
12.2.2.4 Testing Federation Termination
To Terminate Federation Using Back Channel SOAP Over HTTP
To Terminate Federation Using Front Channel HTTP
13. Testing Secure Attribute Exchange
13.1 Patching the Secure Attribute Exchange Host Machines
To Patch the OpenSSO Enterprise Host Machines
13.2 Installing Application Server on the Secure Attribute Exchange Identity Provider Host Machine
To Install Application Server on the Secure Attribute Exchange Identity Provider Host Machine
To Secure Communications from the Identity Provider Host Machine
To Modify the Identity Provider Web Container domain.xml Configuration File
To Deploy the Client SDK on the Identity Provider Host Machine
13.3 Installing Application Server on the Secure Attribute Exchange Service Provider Host Machine
To Install Application Server on the Secure Attribute Exchange Service Provider Host Machine
To Secure Communications from the Service Provider Application
To Modify the Service Provider Web Container domain.xml Configuration File
To Deploy the Client SDK on the Service Provider Host Machine
13.4 Establishing Trust Between Communicating Entities
To Establish Trust Between OpenSSO Enterprise and the Application on the Identity Provider Side
To Establish Trust Between OpenSSO Enterprise and the Application on the Service Provider Side
13.5 Testing the Secure Attribute Exchange
To Test the Secure Attribute Exchange Configurations
14. Testing Attribute Mapping
14.1 Creating a Test User
To Create a Test User for Attribute Mapping
To Edit the Test User Profile
14.2 Configuring OpenSSO Enterprise for Attribute Mapping
To Add SAML v2 Mappings to the Identity Provider Metadata
To Enable Anonymous Authentication
To Modify the Agent Profile to Use SAMLv2 Transient
To Map Identity Provider User Attributes to Service Provider Anonymous User Attributes
14.3 Testing Attribute Mapping
To Verify That Attribute Mapping is Working Properly
Appendices
A. Identity Provider Directory Server Host Machines, Load Balancer and Test User
B. Service Provider Directory Server Host Machines, Load Balancer and Test User
C. Identity Provider OpenSSO Enterprise Host Machines and Load Balancers
D. Service Provider OpenSSO Enterprise Host Machines and Load Balancers
E. Service Provider Protected Resource Host Machine Web Containers and Policy Agents
F. The snoop.jsp File
G. Known Issues and Limitations
News Center
About Sun
Contact Sun
Terms of Use
Privacy
Copyright
1994-2009
Sun Microsystems, Inc.
PDF로 이 문서 다운로드 (2223 KB)