Versions Compared

Old Version 3

changes.mady.by.user Arto Vainiolehto

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: small update for renamed ubisaml2.jar

An Overview of the Configuration Files

...

Code Block
languagetext
titleListing 3. Creating the Service Provider identity
cd <webapp_directory>\WEB-INF
mkdir saml2\sp
java -jar lib\sso-ubisaml2.jar Generate https://sp.example.com/webapp/spsso -o saml2\sp

...

Code Block
languagetext
titleListing 4. Write the SAML metadata of the Service Provider to the c:\temp\sp.xml file
cd <webapp_directory>\WEB-INF
java -jar lib\sso-ubisaml2.jar Metadata saml2\sp -f c:\temp\sp.xml

...

If your application uses an attribute authority (AA) for attribute queries, you should copy the AA metadata to /WEB-INF/saml2/sp/metadata folder together with the IDP metadata file. The name of each file is insignificant, but should have the suffix .xml.

Key rotation

In order to use Key Rotation feature and update IDP/AA metadata automatically a ".href" file must exist. Don't be confused with the file extension since it is just a normal properties file in "key=value" format.

The file must be located at the same directory as the IDP/AA metadata file:

/WEB-INF/saml2/sp/metadata


The following properties are supported in ".href" file:


Value type
entityIdstring

An entity identifier. Should be taken from IDP/AA metadata:

<md:EntityDescriptor entityId="https://localhost:8443/uas"...>
type- IDP (Identity Provider);
- AA (Attribute Authority).		An entity type.
urlstring

A URL to fetch metadata from. The same URL where SAML 2.0 IDP/AA metadata was fetched initially.

See "Get the Metadata of the Identity Provider" step.

refreshIntervalnumberAn interval in seconds to fetch the metadata.

The example:

Code Block
titleuas.href
entityId=https://localhost:8443/uas
type=AA
url=https://localhost:8443/uas/saml2/metadata.xml
refreshInterval=20