Implementing SAML v2.0 Service Providers by Using Fedlets

An AM Fedlet is a small Java web application that can act as a service provider for a specific identity provider without requiring that you install all of AM.

When your organization acts as the identity provider and you want to enable service providers to federate their services with yours, you can generate configuration files for a Fedlet.

Fedlets are easy to integrate into Java web applications; they do not require an entire AM installation alongside your application, but instead can redirect to AM for single sign-on, and to retrieve SAML assertions.

Fedlet Support for SAML v2.0 Features
SAML v2.0 FeatureJava Fedlet
IDP and SP-initiated Single Sign-On (HTTP Artifact)Supported
IDP and SP-initiated Single Sign-On (HTTP POST)Supported
IDP and SP-initiated Single Logout (HTTP POST)Supported
IDP and SP-initiated Single Logout (HTTP Redirect)Supported
Sign Requests and ResponsesSupported
Encrypt Assertion, Attribute, and NameID ElementsSupported
Export SP MetadataSupported
Multiple IDPsSupported
External IDP Discovery ServiceSupported
Bundled IDP Reader Service for DiscoverySupported

After receiving the configuration files for the Fedlet, the service provider administrator installs them, and then obtains the Fedlet web application from the AM distribution and installs it in the application web container.

The following table summarizes the high-level tasks required to configure Fedlets:


Create and Configure the Fedlet

Configure the Fedlet files and its keystore for your environment, add the metadata from the IDPs to it, and share the Fedlet's metadata with the IDPs.

Ensure the Fedlet is Secure

By default, signing and encryption are not configured. You should configure them to sign and encrypt data, such as assertions.

Test the Fedlet

You can test the Fedlet as a standalone application, or by integrating it inside one of your applications.

Read a different version of :