• 5.19 • 5.2 • 5.3 • 5.8

Create IdP at ForgeRock Instance

Procedure

Log in to your ForgeRock instance (i.e., “http://<FQDN>:8080/openam”).
After successful login, go to Top Level Realms > Configure SAMLv2 Provider > Create Hosted Identity Provider.
Set name to http://<FQDN>:8080/openam
Set signing key to test.
In the Circle of trust section, select Add to new.
Provide a name for the Circle of trust (e.g., “COT1”)
Click Configure.
On the next screen, click Finish.

In your ForgeRock instance, go to Top Level Realms > Application > SAML.
On the Entity Providers section on the next screen, click New.
Choose the SAMLv2 option.
Edit the Entity Provider properties in the General section using value http://<BPSPHostname>/agentdesktop/sso/redirect
Edit the Meta Alias properties using value http://<BPSPHostname>/agentdesktop/sso/redirect
In the Service Provider section, in the "Signing certificate alias" field, type test.
Save changes.

Go to Circle of Trust Configuration and choose the current Circle of Trust (i.e., “COT1”).
Add the second created entity provider.
Save changes.

Go to the Circle of Trust Configuration option and choose IDP Entity provider.
In Certificate Aliases > Signing, add "test" value.
Name ID format
1. NameID Format List: remove all values except urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2. NameID Value Map: remove all and add next value: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=uid

Go to the Circle of Trust Configuration option and choose SP Entity provider.
Go to the Services tab.
Change to "POST" Single Logout Service and Manage NameID Service options.
Change parameters in Assertion Consumer Service:
1. Set default HTTP-POST.
2. Change value to http://<BPSPhostname>/agentdesktop/sso/redirect
Change index to 0.

After you have created the identity provider in your ForgeRock instance, you are ready to Export Metadata.