你能推荐一个 SAML 2.0 身份提供者进行测试吗? [英] Can you recommend a SAML 2.0 Identity Provider for test?
问题描述
我正在实施 SAML 2.0 服务提供者,需要安装 SAML 2.0 身份提供者进行测试.鉴于这种需求,身份提供者最好是免费的(或有试用期)并且易于设置和配置.
I'm implementing a SAML 2.0 Service Provider and need to install a SAML 2.0 Identity Provider for testing. Given this need, the Identity Provider should ideally be free (or have a trial period) and be easy to set up and configure.
我正在寻找基本的单点登录和单点注销功能.
I'm looking for basic single sign on and single log out functionality.
我尝试过 Sun Opensso Enterprise.价格合适,但到目前为止,配置一直是一场噩梦.此外,它的错误消息和日志记录还有很多不足之处,我经常解决一个基本上归结为错误配置或违反直觉的默认设置的问题.
I've tried Sun Opensso Enterprise. The price is right, but so far it's been a nightmare to configure. Also, its error messaging and logging leaves a lot to be desired and I'm often troubleshooting an issue that basically boils down to a misconfiguration or a counterintuitive default setting.
推荐答案
您在配置 OpenSSO 时遇到什么问题?我发现 OpenSSO 是最简单的设置!
What problems are you having configuring OpenSSO? I found OpenSSO to be the easiest setup!
我关于启动和运行基本 IDP 的笔记如下 - 希望它们能帮助您启动和运行.
My notes on getting the basic IDP up and running are below - hopefully they help you get up and running.
迈克尔
我发现最好的(即最无痛的)方法是......
I've found that the best (i.e. most painless) way is...
- 使用 Glassfish - 这是一个受良好支持的 OpenSSO 容器 - 使用开发者资料让您的生活更轻松 - 使用下载页面中记录的快速设置步骤
- 按照基本说明部署 OpenSSO(解压 zip - 将 war 文件部署到默认域)
我使用以下作为我的设置步骤(我使用 OpenSSO build 7):
I've used the following as my setup steps (I use OpenSSO build 7):
- 在自定义配置"下,点击创建新配置".
- 在密码和确认字段中输入密码adminadmin".点击下一步.
- 在服务器设置"中,保留默认值(或根据需要进行编辑),然后选择下一步".
- 在配置数据存储中,保留默认值(或根据需要进行编辑)并选择下一步.
- 在用户数据存储中,选择OpenSSO 用户数据存储".点击下一步.
- 在站点配置中,选择否(此安装将不使用负载平衡器).点击下一步.
- 在默认代理用户中,输入 admin123 作为密码和确认密码.点击下一步.
- 点击创建配置".
- 点击继续登录".
- 以amadmin"身份登录,密码为adminadmin".
以上说明基于 http://developers.sun.com/identity/reference/techart/opensso-glassfish.html
您现在已经掌握并运行了基础知识.在/称为用户下创建一个子域,并在其中创建一个或两个帐户.
You've now got your basics up and running. Create a subrealm under / called users, and create an account or two in there.
现在准备您的 SP 元数据.开始时不要在元数据中放入太多内容 - 保持简单.
Now prep your SP metadata. Don't put too much in your metadata to start with - keep it simple.
在 GUI 的默认页面中,选择创建托管 IDP.这是一个非常基本的工作流程.您应该指定您的/users 领域并选择使用测试密钥别名进行签名.你创造的信任圈可以称为小事.
In the default page of the GUI, choose to create a hosted IDP. This is a pretty basic workflow. You should specify your /users realm and choose to use the test key alias for signing. The circle of trust you create can be called petty much anything.
完成工作流程后,系统会询问您是否要为 SP 导入元数据 - 说是并选择从您准备好的元数据文件导入.
When you complete the workflow you'll be asked if you want to import metadata for an SP - say yes and choose to import from your prepared metadata file.
在这个阶段,你应该已经准备好了.
At this stage you should be pretty much set up.
接下来您需要获取 IDP 元数据.有几种方法可以做到这一点.您可以使用 "http://servername:8080/opensso/ssoadm.jsp?cmd=export-entity" 或 "http://servername:8080/opensso/saml2/jsp/exportmetadata.jsp?realm=/users".
You'll want to grab your IDP metadata next. There are a few ways to do this. You could use "http://servername:8080/opensso/ssoadm.jsp?cmd=export-entity" or "http://servername:8080/opensso/saml2/jsp/exportmetadata.jsp?realm=/users".
... 就设置好了.
如果您遇到与 OpenSSO 互操作的问题,您可以查看 OpenSSO 数据目录(默认为 ~/opensso).那里的子目录中有调试和日志信息.您可以使用 OpenSSO Wiki 交叉引用该信息,其中包含一些非常好的故障排除信息.
If you run into issues interoperating with OpenSSO you can look in the OpenSSO data directory (~/opensso by default). There's debugging and logging information in the subdirectories under there. You can cross reference that information with the OpenSSO Wiki, which has some pretty good troubleshooting information.
这篇关于你能推荐一个 SAML 2.0 身份提供者进行测试吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
