Monday Aug 18, 2008

OpenSSO - How to Configure Attribute Query profile using famadm CLI

Here are the steps to configure Attribute Query Profile using famadm command line tools in OpenSSO.

Step1: On IDP machine using IDP famadm command

- Create Meta data for attribute query profile on IdP using following command.

./famadm create-metadata-templ -u amadmin -f ampass -m mm -x xx -i /idpattr -b test -g test -I /attra -B test -G test -C /authna -D test -E test -y idp

Note:

1. ampass - is password file which contains amadmin password.

2. mm and xx are file names for metadata templates.

3. idpattr - is meta alias name for IDP

4. test - is the out box cert alias name

5. attra - is IDP attribute response meta alias name

6. authna - is IDP authentication meta alias name

7. idp - Entity name for IDP

Step2: On IDP machine using famadm command

- Import Metadata on IDP.

./famadm import-entity -u amadmin -f ampass -m mm -x xx -t test

Step3: On IDP machine using famadm command

-Modify xx file for remote metadata file by changing hosted to 0

- cp xx xx_remote

- change host value to 0 (i.e remote)

Step4: On SP machine using SP famadm command

- Create Metadata for attribute query profile on SP using following command.

./famadm create-metadata-templ -u amadmin -f ampass -m mm -x xx -s /spattr -a test -r test -S /attrq -A test -R test -y sp

Note:

1. ampass - is password file which contains amadmin password.

2. mm and xx are file names for meta data templates.

3. spattr - is meta alias name for SP

4. test - is the out of box cert alias name

5. attrq - is SP attribute request meta alias name

6. sp - is entity name for SP

Step5: On SP machine using SP famadm command

- Import Metadata on SP.

./famadm import-entity -u amadmin -f ampass -m mm -x xx -t test

Step6: On SP machine using SP famadm command

- Modify xx file for remote metadata file by changing hosted to 0

- cp xx xx_remote

- change host value to 0 (i.e remote)

Step7: On SP machine using SP famadm command

- Import SP remote xx_remote data from IDP

./famadm import-entity -u amadmin -f ampass -m /mm -x /xx_remote -t test

Step7: On IDP machine using IDP famadm command

- Import IDP remote xx_remote data from SP

./famadm import-entity -u amadmin -f ampass -m /mm -x xx_remote -t test

Step8: On IDP console, configure attributes which you want to retrieve

- Login IDP console using amadmin

- Click Federation Tab

- Click the IDP entity you created above

- Click Assertion Processing Tab - Add the attributes you want to retrieve like below under Attribute Mapper and Attribute Map

- cn=cn (example)

- sn=sn(example)

- Save configuration.

This concludes configuring Attribute Query Profile on both IDP and SP side, this configuration should get cn and sn attributes from IDP.

About

Ashok Anumandla

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today