Sun(TM) Microsystems, Inc.
Jump Over Tab Navigation Area. Current Selection is: Access Control

 

< Sample Main Page

 

Introduction


This sample illustrates the use case where there are multiple federation protocols in one circle of trust.

In this sample, user will create a circle of trust containing one multi-federation protocol Identity Provider instance and three Service Provider instances speaking ID-FF, SAMLv2 and WS-Federation protocol respectively.

The sample demonstrates following scenarios among different federation protocols:

  • SP initiated Single Sign On cross different federation protocols
  • SP initiated Single Log out cross different federation protocols
  • IDP initiated Single Log out cross different federation protocols

Setup


To run and test the sample, you need four OpenAM instances:
  • one instance configured as SAMLv2/ID-FF/WS-Federation Identity Providers
  • one instance configured as SAMLv2 Service Provider.
  • one instance configured as ID-FF Service Provider.
  • one instance configured as WS-Federation Service Provider.

To configure this sample:
  1. You must start the configuration from a Service Provider instance. Access the configure.jsp under the Service Provider instance, e.g. http://<sp-host>:<port>/<uri>/samples/multiprotocol/sp/configure.jsp.
  2. Enter the remote Identity Provider information, including Federation Protocol, HTTP protocol, host name, port and deployment URI. Click "Configure" button to setup service provider side metadata.
  3. Once the service provider side configuration is done, a link will be shown to redirect you to the IDP side configuration page. Click the "here" link in the message "Click here to configure remote Identity Provider", you will be redirected to Identity Provider side to setup corresponding metadata.
  4. If you have not login to the Identity Provider yet, you will be prompted with a link to authenticate to the Identity Provider.
  5. Identity Provider will setup the required metadata information to establish the trust between the SP and IDP
  6. After the configuration on identity provider side is completed, you will be redirected back to the service provider page.
  7. Repeat step 1-6 on remaining two Service Provider instances by selecting different Federation protocol (e.g. SAMLv2, ID-FF and WS-Federation) at step 2.

The configuration performs following tasks:
  • On service provider side, loads the meta data of the hosted service provider and remote identity provider.
  • On identity provider side, loads the meta data of the hosted identity provider and remote service provider.
  • On both service provider and identity provider side, creates a sample circle-of-trust named "samplemultiprotocolcot", and add the service provider and identity provider to the circle-of-trust.

To configure this instance as a Service Provider, click here.

To view current configuration on the Identity Provider, click here.


Demonstration

To try out the multi-federation protocol use cases, follow the Readme.