5.6.4. Configure Service Provider

The Service Provider (SP) can be a JBoss EAP server instance.

Procedure 5.2. Configure Service Provider (SP)

Configure the Web Application Security For the SP

The web application to be configured as a SP should have FORM based security enabled in its web.xml file.

Example 5.9. web.xml Configuration for SP

<display-name>IDP</display-name>
<description>IDP</description>
<!-- Define a security constraint that gives unlimited access to images -->
<security-constraint>
  <web-resource-collection>
    <web-resource-name>Images</web-resource-name>
    <url-pattern>/images/*</url-pattern>
  </web-resource-collection>
</security-constraint>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
  <web-resource-collection>
    <web-resource-name>IDP</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>manager</role-name>
  </auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>IDP Application</realm-name>
  <form-login-config>
    <form-login-page>/jsp/login.jsp</form-login-page>
    <form-error-page>/jsp/loginerror.jsp</form-error-page>
  </form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
    <description>
   The role that is required to log in to the IDP Application
  </description>
  <role-name>manager</role-name>
</security-role>
</web-app>

Configure the SP Valve
To configure the valve for the SP, create a context.xml in the WEB-INF directory of your SP web application.
Example 5.10. context.xml File Configuration for IDP Valves
```
<Context>
  <Valve className="org.jboss.identity.federation.bindings.tomcat.sp.SPRedirectSignatureFormAuthenticator" />
</Context>
```
Configure the PicketLink Federation configuration file (picketlink-idfed.xml)
Configure picketlink-idfed.xml in WEB-INF of your IDP web application. In this configuration file you provide the URL that gets added as the issuer in the outgoing SAML2 assertions to the Service Providers and the IDP. The following is an example of picketlink-idfed.xml configuration.
Example 5.11. picketlink-idfed.xml Configuration
```
<PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:1.0" >
<IdentityURL>http://localhost:8080/idp/</IdentityURL>
</PicketLinkIDP
```

Configure the PicketLink Federation Handlers file (picketlink-handlers.xml)

Configure picketlink-handlers.xml in WEB-INF of your SP web application.

Example 5.12. Configure picketlink-handlers.xml

<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
</Handlers>

Note

Retain the order in which the handlers are listed.

Report a bug

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

5.6.4. Configure Service Provider

Where did the comment section go?