4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster The contents of this file are subject to the terms
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster of the Common Development and Distribution License
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster (the License). You may not use this file except in
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster compliance with the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster You can obtain a copy of the License at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster https://opensso.dev.java.net/public/CDDLv1.0.html or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster See the License for the specific language governing
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster permission and limitations under the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster When distributing Covered Code, include this CDDL
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Header Notice in each file and include the License file
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster If applicable, add the following below the CDDL Header,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster with the fields enclosed by brackets [] replaced by
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster your own identifying information:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "Portions Copyrighted [year] [name of copyright owner]"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $Id: Readme.html,v 1.7 2009/08/01 00:21:52 sean_brydon Exp $
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<title>Setting up SAMLv2 sample useCaseDemo</title>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<link rel="stylesheet" type="text/css" href="/com_sun_web_ui/css/css_ns6up.css" />
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<div class="MstDiv"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblTop" title="">
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblBot" title="">
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<div class="MstDivTtl"><img name="ProdName" src="/console/images/PrimaryProductName.png" alt="" /></div></td><td class="MstTdLogo" width="1%"><img name="RMRealm.mhCommon.BrandLogo" src="/com_sun_web_ui/images/other/javalogo.gif" alt="Java(TM) Logo" border="0" height="55" width="31" /></td></tr></tbody></table>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<table class="MstTblEnd" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img name="RMRealm.mhCommon.EndorserLogo" src="/com_sun_web_ui/images/masthead/masthead-sunname.gif" alt="Sun(TM) Microsystems, Inc." align="right" border="0" height="10" width="108" /></td></tr></tbody></table></div><div class="SkpMedGry1"><a name="SkipAnchor2089" id="SkipAnchor2089"></a></div>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<div class="SkpMedGry1"><a href="#SkipAnchor4928"><img src="/com_sun_web_ui/images/other/dot.gif" alt="Jump Over Tab Navigation Area. Current Selection is: Access Control" border="0" height="1" width="1" /></a></div>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<h1 style="text-align: center;">SAMLv2 sample useCaseDemo</h1>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis sample illustrates the following use cases in a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterof trust having one Identity Provider(IDP, title shown as <span
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster style="font-weight: bold;">GreatAir</span> in sample pages,) and one
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterProvider(SP, title shown as <span style="font-weight: bold;">BestCars</span>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterin sample pages).<br>
b93185b577f7150fec37f9999b95b246d73bf63cjeff.schenkThis document assumes OpenAM SAMLv2 Identity Provider is configured at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterand Service Provider is configured at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterPlease correct the URLs used in the following text to reflect
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterinstallation URLs.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Point your browser at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<a class="named" href="home.jsp">http://idp-host:idp-port/idp-deploy-uri/samples/saml2/useCaseDemo/home.jsp</a>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at IDP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on link " Reserve Car with our associate,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterBestCars". You would be prompted by IDP to login.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Login to IDP using the following credentials :
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster User Name : demo<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Password : changeit</br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>On successful login at IDP, IDP would initiate Single Sign On and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteryou to SP.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP would prompt you to login locally if you have not yet
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteraccounts at IDP and SP.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>If prompted for login at SP use the following credentials :
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster User Name : demo<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Password : changeit</br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP would then automatically log you in based on the Assertion
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterIDP and you would be shown a protected application page by SP.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThis completes IDP initiated Single Sign On and Federation.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link "BestCars(SP: <sp1>)
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterHome". You would be taken to
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://sp-host:sp-port/sp-deploy-uri/samples/saml2/useCaseDemo/home.jsp
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at SP). You would see links allowing you
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterLogout, Defederate and a link to take you to home page of
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link " GreatAir(IDP: idp1) Sample Home"</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Your browser would show useCaseDemo sample home page at IDP.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on "SAMLv2 Logout" link. IDP would initiate a Single
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOut and log you out of SP and IDP. You could
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthat you are logged out by visiting useCaseDemo sample page at IDP and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe pages would show you "Login" links.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Point your browser at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<a class="named" href="home.jsp">http://sp-host:sp-port/sp-deploy-uri/samples/saml2/useCaseDemo/home.jsp</a>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at SP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on link "Reserve Car with us". The link is for
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprotected application page that requires SAMLv2 authentication. SP would
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterinitiate a Single Sing On Request. </li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP would prompt you to login locally if you have not yet
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteraccounts at IDP and SP.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP would then automatically log you in based on the Assertion
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterIDP and you would be shown the protected application page by SP.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>This completes SP initiated Single Sign On and Federation.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link "BestCars(SP: <sp1>)
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterHome". You would be taken to
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://sp-host:sp-port/sp-deploy-uri/samples/saml2/useCaseDemo/home.jsp
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at SP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>You would see links allowing you to Logout, Defederate and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterlink to take you to home page of useCaseDemo at IDP.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on "SAMLv2 Logout" link. SP would initiate a Single
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOut and log you out SP and IDP. You could
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthat you are logged out by visiting useCaseDemo home page at IDP and
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterThe pages would show you "Login" links.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<h3>IDP Initiated Federation and Defederation</h3>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Point your browser at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<a class="named" href="home.jsp">http://idp-host:idp-port/idp-deploy-uri/samples/saml2/useCaseDemo/home.jsp</a>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at IDP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link "Local Login". IDP would prompt you for local login.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercompletion of login, IDP would show you useCaseDemo home page at IDP.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>If you have already federated with SP, the page would show the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster"Terminate Federation with BestCars". Click on the link.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>IDP would initiate a defederate request. On completion of
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster defederation, you would be shown the useCaseDemo sample home page at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster IDP. You would be shown a link " Federate with BestCars".
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>You can verify that you are really defederated by visiting useCaseDemo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster home page at SP. Click on the link
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "BestCars(SP: <sp1>) Home". You would be taken to
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhttp://sp-host:sp-port/sp-deploy-uri/samples/saml2/useCaseDemo/home.jsp
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at SP).
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Click the link "Local Login" of the SP gome page and login as the user demo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster again. Note, make sure you click the local login link and not the SAMLv2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster login link. If you click the SAMLv2 login link it would cause you to
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster federate so you could not verify your previous defederation.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster Now that you are locally logged in to the SP, the SP should would show you
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster the link to Federate with GreatAir.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click the "Local Logout" link on the SP home page. This does a local
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster logout at the SP and not a SAMLv2 Single Log Out.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Now go back to the IDP home page. Point your browser at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<a class="named" href="home.jsp">http://idp-host:idp-port/idp-deploy-uri/samples/saml2/useCaseDemo/home.jsp</a>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at IDP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on link " Federate with BestCars"</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>IDP would initiate Single Sign On and Federate request. On
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercompletion of federation, you would be shown useCaseDemo sample home page at IDP
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteragain. You would be shown a link " Terminate Federation with BestCars".
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterYou can verify that you are really federated by visiting useCaseDemo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhome page at SP. SP would show you the Terminate Federation with
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterGreatAir.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click the "SAMLv2 Logout" link. On completion of Single Sign Out,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster the useCaseDemo sample home page would be shown again.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<h3>SP Initiated Federation and Defederation</h3>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Point your browser at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<a class="named" href="home.jsp">http://sp-host:sp-port/sp-deploy-uri/samples/saml2/useCaseDemo/home.jsp</a>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo sample home page at SP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link " SAMLv2 Login through IDP, secure service provided by GreatAir"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP would initiate Single Sign On. On completion of Single Sign
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosteruseCaseDemo sample home page would be shown again at SP.<br>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link " Terminate Federation with GreatAir".
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterwould initiate a defederate request. On completion of
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdefederation, you would be shown the useCaseDemo sample home page at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterSP. You would be shown
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostera link " Federate with GreatAir". You can verify that you are
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdefederated by visiting useCaseDemo sample home page at IDP. IDP
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostershow you Federate with BestCars.</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Point your browser at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster<a class="named" href="home.jsp">http://sp-host:sp-port/sp-deploy-uri/samples/saml2/useCaseDemo/home.jsp</a>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster(useCaseDemo home page at SP).</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>Click on the link "Federate with GreatAir".</li>
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster <li>SP would initiate Single Sign On and Federate request. On
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterof federation, you would be shown useCaseDemo sample home page at SP
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterYou would be shown a link " Terminate Federation with GreatAir".
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercan verify that you are really federated by visiting useCaseDemo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterpage at IDP. IDP would show you Terminate Federation with
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterBestCars.</li>