The following steps are needed for setting up a

This preview shows page 38 - 41 out of 60 pages.

The following steps are needed for setting up a security domain that uses an identity store: 1. Setting up the Identity Store 2. Adding the Security Domain Red Hat JBoss Enterprise Application Platform 7.0 How to Set Up SSO with SAML v2 34
Image of page 38

Subscribe to view the full document.

3. Adding the Authentication Section and Login Module to the Security Domain Note For the purposes of this document, the Database login module and Ldap login module are shown as examples, but other identity stores and login modules may also be configured for use with IDPs. Note The management CLI commands shown assume that you are running a JBoss EAP standalone server. For more details on using the management CLI for a JBoss EAP managed domain, please see the JBoss EAP Management CLI Guide . 2.4.1. 1. Setting up the Identity Store Before a security domain and login module can be configured to use an identity provider, the identity provider (and sometimes an connection to that identity provider) must be setup. 2.4.1.1. Configuring the Identity Store for the Database Login Module The following operations are needed for setting up the Identity Store for the Database login module: Database Setup Adding a Datasource Database Setup The first item needed for a Database-Backed Identity Store is a database for the login module to use. The following data points are needed: Usernames Passwords Roles Role Groups The Database Login module requires the ability to create a query that maps usernames to passwords and a query that maps usernames to roles and role groups. This information can be stored within the database in variety of ways, but creating a database with tables is not in the scope of this document. For the purposes of this example, it’s assumed the following tables have been created: Table 2.2. sso-users CHAPTER 2. HOW TO SET UP SSO WITH SAML V2 35
Image of page 39
username passwd Sarah Testing123! Table 2.3. sso-roles username role role-group Sarah Sample SSO-Users Adding a Datasource Creating datasources are not in the scope of this document. For specifics on setting up a datasource, please see the Datasource Management section of the Red Hat JBoss Enterprise Application Platform Configuration Guide . For the purposes of this example, it is assumed that a datasource named idpDS has been created, properly configured, and deployed to the JBoss EAP instance. This datasource has a connection to the database storing the sso-users and sso-roles tables. 2.4.1.2. Configuring the Identity Store for the Ldap Login Module A properly configured LDAP server is required prior to setting up the Ldap login module. Unlike the Database login module, a datasource is not needed for setting up the Ldap login module. The basics of LDAP and how it relates to JBoss EAP security are covered in the Red Hat JBoss Enterprise Application Platform Security Architecture document. Setting up an LDAP Server Setting up an LDAP server is not in the scope of this document. For more information on setting up an LDAP server, please consult the RHEL System’s Administration Guide . For the purposes of this example, the LDAP server can be reached at .
Image of page 40

Subscribe to view the full document.

Image of page 41
  • Spring '17
  • azmat fatma
  • SAML 2.0, Red Hat JBoss, saml v2

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern