import sp.xml file on service provider or identity provider
https://stackoverflow.com//questions/12667581
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am doing adfs+openam federation where openam server is my service provider and adfs server is identity provider .In that I have created sp.xml and sp-extend.xml file on openam server. and idp.xml and idp-extend.xml on adfs server.
But where to import that sp.xml whether on Openam or adfs server . also same about idp.xml. I am confused about this. I am refering following site to do configuration:
https://wikis.forgerock.org/confluence/display/openam/OpenAM+and+ADFS2+configuration
Solution
Normally, idp.xml (the ADFS metadata) would be imported into OpenAM and sp.xml (the OpenAM metadata) would be imported into ADFS.
On the ADFS side, this would be done by clicking "Add Relying Party Trust" and then selecting the second option "Import data about relying party from a file".
The documentation is not clear. It simple says for OpenAM:
"Secondly import the identity providers. This can be done by uploading the metadata XML files. You need to upload both the metadata and the extended metadata files per provider."
which implies both files (idp and sp).
For ADFS, it recommends using the first "Add Relying Party Trust" option which is "Import data about the relying party published online".
"However ADFS lets us use the OpenAM federation URL to obtain the metadata dynamically. So selecting the first option and use the following URL
https://sso01.aaa.local:8443/opensso/saml2/jsp/exportmetadata.jsp
This will import the Relying Party Trust."
I would try only importing the idp.xml into OpenAM and then use either of the two options to import sp.xml into ADFS.
