This article is the sequel of the theoretical and architecture Saml 2.0 openam presentation published a few days ago.  In this new article, you will learn practically how to build an OpenAM Saml configuration.

1) Presentation
This document describes how to use openAM12 to perform SAML configuration. The SAMLV2 configuration is illustrated throughout 2 instances :

  • idp :
  • sp :

The penultimate goal is to provide Federation between the both instances. Upon startup, the Federation section is empty.

2) IDP creation
Le’s create a IDP

2.1) Host IDP verification

3) SP Creation

3.1) Service Provider Configuration

The remote IDP is cretaed on SP host using IDP XML metadata

3.3) Remote Identity Provide Verification

4.2) Remote Service Provider (creating from IDP)

4.3) Remote Service Provide Creation
The remote Service provider at IDP level is created using SP XML metadata.

4.3) Verification at IDP of Cicle of Trust
The Circle of Trust contains both teh IDP and the remote SP

5) SSOInit Request
Once the federation has been configured, the SSO initilisation can be configured either from SP or IDP using either idpSSOInit.jsp or spSSOInit.jsp.
5.1) SSOInitRequest from IDP

5.2 ) SSOInit Request from SP


6.1) SAML AUTH Request

6.2) SAML AUTH Response

7) Pointers

Below are some interesting pointers :

Olivier Rivat

Senior Software Engineer with over 25 years of experience doing Software Development, Support and Consulting in Identity and Access Management Solutions.
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Olivier Rivat

Les derniers articles par Olivier Rivat (tout voir)