Implementing SAML v2.0 Service Providers by Using Fedlets
An AM Fedlet is a small Java web application that can act as a service provider for a specific identity provider without requiring that you install all of AM.
When your organization acts as the identity provider and you want to enable service providers to federate their services with yours, you can generate configuration files for a Fedlet.
Fedlets are easy to integrate into Java web applications; they do not require an entire AM installation alongside your application, but instead can redirect to AM for single sign-on, and to retrieve SAML assertions.
| SAML v2.0 Feature | Java Fedlet |
|---|---|
| IDP and SP-initiated Single Sign-On (HTTP Artifact) | Supported |
| IDP and SP-initiated Single Sign-On (HTTP POST) | Supported |
| IDP and SP-initiated Single Logout (HTTP POST) | Supported |
| IDP and SP-initiated Single Logout (HTTP Redirect) | Supported |
| Sign Requests and Responses | Supported |
| Encrypt Assertion, Attribute, and NameID Elements | Supported |
| Export SP Metadata | Supported |
| Multiple IDPs | Supported |
| External IDP Discovery Service | Supported |
| Bundled IDP Reader Service for Discovery | Supported |
After receiving the configuration files for the Fedlet, the service provider administrator installs them, and then obtains the Fedlet web application from the AM distribution and installs it in the application web container.
The following table summarizes the high-level tasks required to configure Fedlets:
| Task | Resources |
|---|---|
| Create and Configure the Fedlet Configure the Fedlet files and its keystore for your environment, add the metadata from the IDPs to it, and share the Fedlet's metadata with the IDPs. | |
| Ensure the Fedlet is Secure By default, signing and encryption are not configured. You should configure them to sign and encrypt data, such as assertions. | |
| Test the Fedlet You can test the Fedlet as a standalone application, or by integrating it inside one of your applications. |