Book

SAML Federation in AM/OpenAM

This book provides information on SAML2 federation in AM/OpenAM and includes help on configuring federation, managing SAML certificates and manipulating metadata for IdPs and SPs.


Printer friendly view

Table of Contents

  • 1 What federation standards does AM/OpenAM support?
  • 2 Configuring Federation
    • 2.1 How do I configure the SAML2 Authentication module for Local Account Linking in AM (All versions) and OpenAM 13.x?
    • 2.2 How do I set up the SAML2 Authentication module using Integrated Mode in AM (All versions) and OpenAM 13.x?
    • 2.3 How do I configure the SAML2 Authentication module for Auto Federation in AM (All versions) and OpenAM 13.x?
    • 2.4 How do I create persistent SAML federation between two AM/OpenAM servers where user attributes match?
    • 2.5 How do I create a persistent SAML federation between two AM/OpenAM servers where user attributes are different (and need mapping)?
    • 2.6 How do I configure AM/OpenAM (All versions) to integrate with Microsoft Office 365 using SAML2?
    • 2.7 How do I configure AM (All versions) or OpenAM 13.5.x as an Identity Provider for Microsoft Office 365 and Azure using WS-Federation?
    • 2.8 How do I set up an IdP Proxy environment in AM/OpenAM (All versions)?
    • 2.9 How do I configure AM/OpenAM (All versions) as an IdP when going through a proxy?
    • 2.10 How do I use an IdP Proxy with SAML2 federation in AM/OpenAM (All versions)?
    • 2.11 How do I automate the creation of a SAML2 entity provider in AM/OpenAM (All versions)?
    • 2.12 How do I create a hosted IdP or SP in AM/OpenAM (All versions) using ssoadm?
    • 2.13 How do I register a remote IdP or SP in AM/OpenAM (All versions) using ssoadm?
    • 2.14 How do I integrate ADFS with AM/OpenAM (All versions) using SAML2 federation?
    • 2.15 How do I configure a hosted SP as an Attribute Query provider in AM/OpenAM (All versions)?
    • 2.16 How does AM/OpenAM (All versions) use account mapping to identify the end user from a SAML Assertion?
    • 2.17 How do I configure AM/OpenAM (All versions) to use a Hardware Security Module (HSM) for signing SAML assertions?
    • 2.18 How do I configure how long the SAML AuthnRequest remains in cache in AM/OpenAM (All versions)?
    • 2.19 How do I configure IdP or SP initiated Single Sign On in AM/OpenAM (All versions)?
    • 2.20 How do I redirect to a specific page after a successful IdP or SP initiated login in AM/OpenAM (All versions)?
    • 2.21 How do I configure IdP or SP initiated Single Logout in AM/OpenAM (All versions)?
    • 2.22 How do I redirect to a specific page after a successful IdP or SP initiated logout in AM/OpenAM (All versions)?
    • 2.23 How do I know which binding to use for SAML2 federation in AM/OpenAM (All versions)?
  • 3 Managing SAML Certificates
    • 3.1 How do I rollover certificates for an IdP or SP in AM (All versions) and OpenAM 13.x?
    • 3.2 How do I renew expired certificates for a hosted IdP or SP in AM/OpenAM (All versions)?
    • 3.3 How do I renew expired certificates for a remote IdP or SP in AM/OpenAM (All versions)?
    • 3.4 How do I change the Signing Key for Federation in OpenAM 12.x and 13.x?
    • 3.5 How do I enable validation checks for SAML certificates in AM/OpenAM (All versions)?
  • 4 Manipulating Metadata
    • 4.1 How do I export and import SAML2 metadata in AM/OpenAM (All versions)?
    • 4.2 How do I update metadata for an IdP or SP in AM/OpenAM (All versions) using ssoadm?
    • 4.3 How do I change the metaAlias for an existing IdP or SP in AM/OpenAM (All versions)?
    • 4.4 How do I change the hostname for a remote IdP or SP entity in AM/OpenAM (All versions)?
  • 5 Fedlets
    • 5.1 How do I change the algorithm used to sign SAML requests in the Fedlet in AM (All versions) and OpenAM 12.0.3, 12.0.4, 13.x?
    • 5.2 How do I use AM/OpenAM (All versions) as an IdP in ASP.NET applications?
    • 5.3 How do I rotate AM/OpenAM (All versions) Fedlet debug logs?
  • 6 Frequently Asked Questions
    • 6.1 FAQ: SAML certificate management in AM/OpenAM
    • 6.2 FAQ: SAML federation in AM/OpenAM
  • 7 Known Issues
    • 7.1 NullPointerException when trying to view remote SP entities for AWS in AM 6.5.x console
    • 7.2 Federation related pages do not display in the console with a java.lang.NoClassDefFoundError: sun/misc/CharacterEncoder error in AM 6.5.x
    • 7.3 Federation fails with Unable to get AuthnRequest from cache, sending error response in AM/OpenAM (All versions)
    • 7.4 Illegal key size error when using a key encrypted with AES256 for SAML federation in AM/OpenAM (All versions)
    • 7.5 Signature algorithm is not supported error when verifying a signed SAML assertion in AM/OpenAM (All versions)
    • 7.6 content length too large error when sending and receiving SAML requests in AM/OpenAM (All versions)
    • 7.7 SAML2 federation fails due to presence of &#13 characters in signature and certificate blocks in AM 6, 6.0.0.1, 6.0.0.2, 6.0.0.3 and 6.0.0.4
    • 7.8 SSO fails with Login failed with unknown reason in AM/OpenAM (All versions)
    • 7.9 Dynamic user profile creation fails with The password value for attribute userPassword was found to be unacceptable error in AM (All versions) and OpenAM 13.x
    • 7.10 SAML redirect is ignored when doing an IdP or SP initiated SSO with WDSSO/Kerberos authentication in OpenAM 13.0 and 13.5
    • 7.11 There was an Exception doing the forward/redirect error and SAML2 authentication fails when redirecting with a SAML2 JSP page in OpenAM 13.0
    • 7.12 test key provided with AM 5.x and OpenAM 12.x, 13.x has expired
    • 7.13 Unable to login to OpenAM console 12.x and 13.x or access REST API after changing the Federation Signing Key
    • 7.14 SP initiated logout fails in AM/OpenAM (All versions) with Identity Provider ID is null error
    • 7.15 SP initiated login fails in AM/OpenAM (All versions) with Service Provider ID is null error
Loading...