StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>There is no one-fits-all answer to your question really. Setting up SAMLv2 Federation largely depends on the actual SP implementation, some SPs can work with SAML metadata, some don't.. The simplest way to set up federation between two OpenAM instances for reference would be something like:</p> <ul> <li>Create Hosted IdP wizard on node1</li> <li>Create Hosted SP wizard on node2</li> <li>On both nodes remove the persistent NameID-Format, so both will have transient at the top of the list</li> <li>Register Remote SP wizard on node1, with URL: node2/openam/saml2/jsp/exportmetadata.jsp</li> <li>Register Remote IdP wizard on node2, with URL: node1/openam/saml2/jsp/exportmetadata.jsp</li> <li>On node2 in the Hosted SP setting set the transient user to "anonymous"</li> </ul> <p>After all this you can test Federation by using:</p> <ul> <li>/openam/spssoinit?metaAlias=/sp&idpEntityID=node1_entityid on node2</li> <li>/openam/idpssoinit?metaAlias=/idp&spEntityID=node2_entityid on node1</li> </ul> <p>I've used the default metaAlias values, but those should be visible on the console pages. Similarly by downloading the metadata you can see the actual entity IDs for the given entities.</p> <p>Based on this, you should see now that with an OpenAM IdP you could at least test SAML support using the idpssoinit URL (if your SP supports unsolicited responses), but from the other way around it pretty much depends on your SP implementation how you need to actually trigger a SAML authentication.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload