From Bright Pattern Documentation
Jump to: navigation, search
• 5.19 • 5.2 • 5.3 • 5.8

Create IdP at ForgeRock Instance


Step 1: Create a hosted identity provider

  1. Log in to your ForgeRock instance (i.e., “http://<FQDN>:8080/openam”).

  2. After successful login, go to Top Level Realms > Configure SAMLv2 Provider > Create Hosted Identity Provider.

  3. Set name to http://<FQDN>:8080/openam

  4. Set signing key to test.

  5. In the Circle of trust section, select Add to new.

  6. Provide a name for the Circle of trust (e.g., “COT1”)

  7. Click Configure.

  8. On the next screen, click Finish.

Step 2: Enable SAML 2.0

  1. In your ForgeRock instance, go to Top Level Realms > Application > SAML.

  2. On the Entity Providers section on the next screen, click New.

  3. Choose the SAMLv2 option.

  4. Edit the Entity Provider properties in the General section using value http://<BPSPHostname>/agentdesktop/sso/redirect

  5. Edit the Meta Alias properties using value http://<BPSPHostname>/agentdesktop/sso/redirect

  6. In the Service Provider section, in the "Signing certificate alias" field, type test.

  7. Save changes.

Step 3: Add the entity provider

  1. Go to Circle of Trust Configuration and choose the current Circle of Trust (i.e., “COT1”).

  2. Add the second created entity provider.

  3. Save changes.

Step 4: Set the name for sign-on

  1. Go to the Circle of Trust Configuration option and choose IDP Entity provider.

  2. In Certificate Aliases > Signing, add "test" value.

  3. Name ID format

    1. NameID Format List: remove all values except urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

    2. NameID Value Map: remove all and add next value: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=uid

Step 4: Change your HTTP method

  1. Go to the Circle of Trust Configuration option and choose SP Entity provider.

  2. Go to the Services tab.

  3. Change to "POST" Single Logout Service and Manage NameID Service options.

  4. Change parameters in Assertion Consumer Service:

    1. Set default HTTP-POST.

    2. Change value to http://<BPSPhostname>/agentdesktop/sso/redirect

  5. Change index to 0.

After you have created the identity provider in your ForgeRock instance, you are ready to Export Metadata.

< Previous | Next >