Geek asks and answers

How to configure openam as an identity provider (IdP) for SAML-based SSO testing

I am trying to configure openam as an identity provider to verify my SAML based service provider.

I searched a lot and saw openam documentation. There are lots of things supported by openam, which I probably do not need a moment. I do not want to read the whole documentation, which will take a lot of time, which I do not want to test right now. I even saw chatpet 9 "Managing SAML 2.0 SSO" at http://docs.forgerock.org/en/openam/10.0.0/admin-guide/index/index.html But before that, a lot of things are required.

Is there any quick start guide to test it as saml based Idl?

EDIT

Not fast, detailed is also beautiful. But I want OpenAm to be an identity provider. SP is an application hosted by Jetty that we have developed. Also tell me what has changed, I have to do on SP, like that the application URL should respond with what.

+5
source share
2 answers

There is no single answer to your question. Setting up SAMLv2 federation largely depends on the actual implementation of the SP, some SPs can work with SAML metadata, and some can not. The easiest way to configure federation between two OpenAM instances for a link would be something like this:

  • Create a Hosted IdP Wizard on Node1
  • Create a Hosted SP Wizard on Node2
  • NameID-Format,
  • SP 1 URL: node2/openam/saml2/jsp/exportmetadata.jsp
  • IdP 2 URL: node1/openam/saml2/jsp/exportmetadata.jsp
  • 2 Hosted SP ""

, :

  • /openam/spssoinit? metaAlias ​​=/sp & idpEntityID = node1_entityid 2
  • /openam/idpssoinit? metaAlias ​​=/idp & spEntityID = node2_entityid 1

metaAlias ​​ , . , , .

, , OpenAM IdP , , SAML, URL- idpssoinit ( SP ), , , SP SAML.

+3

.

+1

More articles:


All Articles