This section contains the following topics:
Legacy Federation Sample Application Overview
Legacy Sample Application Deployment
Prerequisites to Deploy the Sample Application
How To Run the Sample Application
Test Single Sign-on with the Sample Application
Test Single Logout with the Sample Application
Review Application-Generated SiteMinder Objects
To become familiar with SiteMinder Federation Security Services, deploy the legacy federation sample application. The sample application automates all the federation setup tasks to accomplish SAML 2.0 single sign-on and single logout. After you run the sample application, look at the SiteMinder policy objects that the sample application creates. Also, examine the SiteMinder logs containing assertions. Finally, use the sample application objects as a basis for configuring your own federation environment.
Note: The Federation Security Services sample application only creates SAML 2.0 objects.
The sample websites in the SiteMinder federated network are an Identity Provider named idp.demo, and a Service Provider named sp.demo. A business partnership is established between idp.demo and sp.demo.
You can deploy the sample application in many ways. We recommend one of two ways:
The following illustration shows two deployments of the sample application.
The legacy sample application contains the following components:
The FederationSample.conf file contains configuration settings that define the IdP and SP-side policy objects.
The SetupFederationSample.pl Perl script executes the federation sample application. This script creates the objects for the IdP and SP sites. The script also creates the necessary web pages to initiate single sign-on and single logout between the IdP and the SP. The script relies on the information in the FederationSample.conf file to operate.
Use the Perl interpreter included with the sample application to run the application.
The sample application installs two directories that contain template pages for testing SAML 2.0 single sign-on and single logout transactions. The directories, idpsample and the spsample, are installed in the directory siteminder_home/siteminder/samples/federation/content.
These directories are also copied to the default document root directory of the web server.
The IdP web pages are in the idpsample directory. These pages include:
Index.jsp is the first web page the user accesses at the IdP for IdP-initiated single sign-on. This page provides the link to the protected target resource at the sp.demo partner site. This page also provides a single logout link.
Note: The single logout link is displayed only if FSS is the IdP and an SMSESSION cookie is in the request headers.
SLOConfirm.jsp displays a message that the user has successfully logged out from idp.demo and sp.demo domains.
The SP web pages are in the spsample directory. These pages include:
Index.jsp is the first web page the user accesses at the SP for SP-initiated single sign-on. This page provides a link to the protected target resource. This page also provides single logout link.
Note: The single logout link is displayed only if FSS is the IdP and an SMSESSION cookie is in the request headers.
Target.jsp, a protected page at the sp.demo partner site, is located in the /spsample/protected directory. The SAML 2.0 authentication scheme protects this page. A user sees this page when single sign-on between the IdP and SP succeeds.
SLOConfirm.jsp displays a message that the user has successfully logged out from the idp.demo and sp.demo domains.
Before you run the sample application, satisfy the following requirements.
Deployment requirements (SiteMinder r12.0 SP3 components recommended):
The web server where you install the Web Agent does not require an SSL port.
If you install the Policy Server, Web Agent, and Web Agent Option Pack on one system, we recommend using ServletExec as the application server. To install the Web Agent Option Pack and deploy Federation Web services on an application server, see the Web Agent Option Pack Guide.
On the Policy Server system:
For instructions on configuring a session store, see the Policy Server Administration Guide.
On the web agent system:
Note: If your deployment uses only one system, install all components on that one system. If your deployment has more than one Policy Server and more than one Web Agent, complete the prerequisites on all relevant systems.
Verify that the Policy Server and Web Agent are configured properly and that you can protect a resource.
Important! Core SiteMinder must function properly to run the sample application successfully.
|
Copyright © 2012 CA.
All rights reserved.
|
|