Month: December 2010

#OpenSSO #Fedlet Integration with #Oracle #Identity #Federation 11g


What is a Fedlet? (snipped from Oracle’s Identity Management Web site)

The Oracle OpenSSO Fedlet (Fedlet) is a compact, easy to deploy SAML 2.0 service provider implementation. It includes a small software package and a simple file-based configuration, embeddable into a service provider’s Java or .NET application. The Fedlet establishes single sign-on (SSO) between an identity provider instance and the service provider application without requiring a fully-featured federation product on the service provider side.

The Oracle OpenSSO Fedlet can accept SAML 2.0 assertions from any SAML 2.0 identity provider and retrieve user attributes to accomplish SSO and content personalization. The Fedlet can be configured to communicate with any number of identity providers. It also can leverage an external discovery service to find the preferred identity provider.

My Environment:

  • OIF 11g is configured as an Identity Provider (IDP)
  • Fedlet is configured as Service Provider (SP)
  • SAML version is 2.0

Assumptions:

  1. Weblogic is already installed and configured
  2. Have access to the idp.xml metadata file from your Identity Provider
  3. Installing on either Linux or Solaris (I am installing on Solaris but this is essentially the same for Linux)

Make sure that $JAVA_HOME/bin is in your PATH variable, so that JDK commands such as jar, java, and keytool are accessible.

Copy the Fedlet binary (from Oracle) to /opt/Fedlet_stuff/

cd /opt/Fedlet_stuff/java

Expand the war file:

jar xvf FEDLET_ZIP_DIR/java/fedlet.war

Run the Configure Fedlet Script

java -classpath WEB-INF/lib/opensso-sharedlib.jar:WEB-INF/lib/openfedlib.jar:install/lib/configurefedlet.jar oracle.security.fed.fedlet.install.ConfigureFedlet

Enter the directory with path where Oracle-OpenSSO-Fedlet.zip is extracted to: /opt/Fed_stuff

Enter the URL where this Fedlet will be deployed on (in http(s)://host.domain:port/uri format):

 http://hostname.hostdomain:7001/fedletsample

Enter Fedlet Provider ID:[fedlet_sp_sample] // I accepted the default here

Do you want to generate keystore and key pair for the Fedlet? 1=yes/2=no [1] 1

Enter Fedlet keystore password: Re-enter Fedlet keystore password: Enter Fedlet key password: Re-enter Fedlet key password:

Do you want to import IDP metadata? 1=yes/2=no [1] 1

Enter IDP metadata filename with path: /opt/Fed_stuff/idp.xml

Include sample and generate fedletsample.war? 1=yes/2=no [2] 1

Enter the directory with path where the newly generated Fedlet configuration and optionally fedletsample.war should be saved to: /opt/fedlet

Fedlet configuration is created at: /opt/fedlet fedletsample.war is created at: /opt/fedlet

Deploy the newly created war file, that was created here: /opt/fedlet/fedletsample.war

[if you need instructions on deploying the war to Weblogic or Glassfish … ¬†then email me and I can provide to you.]

Copy the sp.xml file (from /opt/fedlet/fedlet/sp.xml) to your desktop console.

Import the sp.xml (that you just copied) to the Circle of Trust on your IDP’s OIF Admin Console.

Advertisements