Creating OpenSSO Java Fedlet SAML2 configuration for InCommon Federation

Federation Metadata Manager for Open SSO Fedlets (femmo) is a script that parses a
(Shibboleth) federation metadata XML content and creates a pool
of metadata files a in order to configure Open SSO Fedlets.

One of the easiest way to create SAML2 Service Provider implementation for Java and .Net applications is to use Fedlets. Fedlets is a small software package with a simple file-based configuration, embeddable into a service provider’s Java or .NET application. The Fedlet establishes single sign-on (SSO) between an identity provider instance and the service provider application without requiring a fully-featured federation product on the service provider side.
Fedlets was developed by highly regarded OpenSSO team at Sun. After Sun’s acquisition by Oracle, Fedlets became part of Oracle offering, branded Oracle OpenSSO Fedlets. Open source version of Fedlet, named OpenFM also available from ForgeRock – European company which took over OpenSSO source code.
You can choose to download either open source version of fedlet from Forge Rock or, if you an Oracle customer, directly from Oracle’s OpenSSO Enterprise download.
One of the most popular federation in US are InCommon Federation which provides trust fabric for research and higher education institutions, and their partners, in the United States. They support Shibboleth software package for SAML as IDP and SP and provide SAML metadata file where all registered IDP and SP listed.
Problem: Fedlets configuration consist of several SAML metadata files for each federated Identity provider we want to communicate to: idp.xml, idp-extended.xml and list of identity providers in fedlet.cot file. So we have to parse monolitic InCommon SAML metadata file into small separate files for each identity provider and then put it into default fedlet configuration directory.
We will use python to to parse Incommon metadata and generate Fedlet files. The script should run as a cron job on schedule to keep up with InCommon metadata changes. InCommon recomment to check their file once a day.
Download Federation Metadata Manager for Fedlets python script from GitHub repository.
The python script based on FEMMA – Federation Metadata Manager for ADFS written by Cristian Mezzetti of the University of Bologna, a Python script that parses Shibboleth federation metadata XML content and creates (a) a pool of metadata files (one for each partner entity). I have modified it according to fedlet requirements.
Configuration:

  1. Download and install Python 2.6
  2. Install lxml
  3. Download Federation Metadata Manager for Fedlets
  4. Unzip the script. In this lab, the install folder is C:\famf
  5. run the script python femma.py –m http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
    you may copy inCommon metadata to your local server to improve performance

  6. Copy generated files into fedlet configuration directory
  7. Start you Fedlet enabled application

Those simple steps allow you application to talk to any InCommon IDP given your SP an InCommon participant.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>