Configure Circle of Trust (COT):


Create Identity Provider (IDP) Host:

Loging to your idp url: http://opensso.idp.com:8081/idp by using amadmin account

On the Common Tasks page,  Click on Create Hosted Identity Provider

idpcot1.jpg

 

Metadata Name is the unique url for this Identity Provider, leave it as default.

Enter a New Circle of Trust for this IDP, say: idp_cot

Click on the Configure button and click Finish button on the next page.

idpcot2.jpg

You should have the metadata for you idp by passing this url: http://opensso.idp.com:8081/idp/saml2/jsp/exportmetadata.jsp.  You will see the browser will display the metadata xml content.  You can save the page source xml and this is your idp metadata xml

idpcot3.jpg

idpcot4.jpg

 

Create Service Provider (SP) Host:

Login to your sp url: http://opensso.sp.com:8080/sp by using amadmin account.

On the Common Tasks page,  Click on Create Hosted Service Provider

spcot1.jpg

Realm will be your jdbc realm (we did configure early), it is 2qvideo for me.

Name is the unquie url for IDP to see, I leave it as default.

New Circle of Trust is the name to identify this cot, I named it: 2qvideo_sp_cot

spcot2.jpg

Click Configure button to finish this page

Click Yes button to the pop up window that ask you to create a remote identy provider if you have the idp metadata ready or No to do it later.

To configure the Remote Identity Provider, SP will need the metadata of the IDP by the URL or the file, since we have the idp metadata url, we will enter URL where metadata is located: http://opensso.idp.com:8081/idp/saml2/jsp/exportmetadata.jsp anc click Configure button.

spcot3.jpg

Again, you can get your metadata by url (tricky with the realm, enter realm=2qvideo at the end): http://opensso.sp.com:8080/sp/saml2/jsp/exportmetadata.jsp?realm=2qvideo

spcot5.jpg

Now, Your SP COT is done.  You can verify by click on the Federation tab. 

spcot4.jpg

 

Let come back to Idp and finish off the IDP COT becuase we are now have the SP metadata.

Log back in to IDP url: http://opensso.idp.com:8081/idp with amadmin user and go to the Federation tab.

Click Import on Entity Provider section.

idpcot5.JPG

 

Enter URL where metadata is located: http://opensso.sp.com:8080/sp/saml2/jsp/exportmetadata.jsp?realm=2qvideo and click OK button

idpcot6.jpg

Click on the idp_cot link to add this SP entity on the IDP COT:

idpcot7.jpg

Click Save and you now have COT between IDP to SP and COT between SP and IDP