4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster The contents of this file are subject to the terms
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster of the Common Development and Distribution License
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster (the License). You may not use this file except in
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster compliance with the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster You can obtain a copy of the License at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster https://opensso.dev.java.net/public/CDDLv1.0.html or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster See the License for the specific language governing
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster permission and limitations under the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster When distributing Covered Code, include this CDDL
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Header Notice in each file and include the License file
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster If applicable, add the following below the CDDL Header,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster with the fields enclosed by brackets [] replaced by
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster your own identifying information:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "Portions Copyrighted [year] [name of copyright owner]"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $Id: index.html,v 1.6 2008/08/19 19:12:14 veiming Exp $
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<link rel="stylesheet" type="text/css" href="/com_sun_web_ui/css/css_ns6up.css" />
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<div class="MstDiv"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblTop" title="">
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblBot" title="">
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<div class="MstDivTtl"><img name="ProdName" src="/console/images/PrimaryProductName.png" alt="" /></div></td><td class="MstTdLogo" width="1%"><img name="RMRealm.mhCommon.BrandLogo" src="/com_sun_web_ui/images/other/javalogo.gif" alt="Java(TM) Logo" border="0" height="55" width="31" /></td></tr></tbody></table>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<table class="MstTblEnd" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img name="RMRealm.mhCommon.EndorserLogo" src="/com_sun_web_ui/images/masthead/masthead-sunname.gif" alt="Sun(TM) Microsystems, Inc." align="right" border="0" height="10" width="108" /></td></tr></tbody></table></div><div class="SkpMedGry1"><a name="SkipAnchor2089" id="SkipAnchor2089"></a></div>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<div class="SkpMedGry1"><a href="#SkipAnchor4928"><img src="/com_sun_web_ui/images/other/dot.gif" alt="Jump Over Tab Navigation Area. Current Selection is: Access Control" border="0" height="1" width="1" /></a></div>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<table border="0" cellpadding="10" cellspacing="0" width="100%">
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis sample illustrates the use case where there are multiple
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfederation protocols in one circle of trust. <br><br>In this sample, user will
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercreate a circle of trust containing one multi-federation protocol Identity
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterProvider instance and three Service Provider instances speaking ID-FF, SAMLv2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterand WS-Federation protocol respectively.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe sample demonstrates following scenarios among different federation protocols:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP initiated Single Sign On cross different federation protocols<br></li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP initiated Single Log out cross different federation protocols</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>IDP initiated Single Log out cross different federation protocols</li>
b93185b577f7150fec37f9999b95b246d73bf63cjeff.schenkTo run and test the sample, you need four OpenAM instances: <br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>one instance configured as SAMLv2/ID-FF/WS-Federation Identity Providers</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>one instance configured as SAMLv2 Service Provider. </li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>one instance configured as ID-FF Service Provider. </li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>one instance configured as WS-Federation Service Provider. </li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterTo configure this sample:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>You must start the configuration from a Service Provider instance. Access the configure.jsp under the Service Provider instance, e.g. http://<sp-host>:<port>/<uri>/samples/multiprotocol/sp/configure.jsp. </li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>Enter the remote Identity Provider information, including Federation Protocol, HTTP protocol, host name, port and deployment URI. Click "Configure" button to setup service provider side metadata.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>Once the service provider side configuration is done, a link will be shown to redirect you to the IDP side configuration page. Click the "here" link in the message "Click here to configure remote Identity Provider", you will be redirected to Identity Provider side to setup corresponding metadata.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>If you have not login to the Identity Provider yet, you will be prompted with a link to authenticate to the Identity Provider.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>Identity Provider will setup the required metadata information to establish the trust between the SP and IDP</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>After the configuration on identity provider side is completed, you will be redirected back to the service provider page.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>Repeat step 1-6 on remaining two Service Provider instances by selecting different Federation protocol (e.g. SAMLv2, ID-FF and WS-Federation) at step 2.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe configuration performs following tasks:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>On service provider side, loads the meta data of the hosted service provider and remote identity provider.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>On identity provider side, loads the meta data of the hosted identity provider and remote service provider.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<li>On both service provider and identity provider side, creates a sample circle-of-trust named "samplemultiprotocolcot", and add the service provider and identity provider to the circle-of-trust.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterTo configure this instance as a <b>Service Provider</b>,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterclick <a class="named" href="sp/configure.jsp">here</a>.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterTo view current configuration on the <b>Identity Provider</b>, click <a class="named" href="idp/configure.jsp">here</a>.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterTo try out the multi-federation protocol use cases, follow the <a class="named" href="demo/Readme.html">Readme.</a>