• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • Explaining configuration files in Fedlet

    Posted by "" in "idm" on 2013-06-17

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone

    This is in continuation of series of posts on exploring Fedlet. Check my previous posts for setup, use cases. I will explain various configuration files in a fedlet instance and its significance.

    Once the fedlet is setup, you will find all configuration files under feldet configuration directory. In any environment, by default the fedlet instance is created under User’s home directory.

    Files present in configuration directory:

    sp.xml: This is the Service Provider metadata that get’s created by default when you install and configure fedlet. For implementing signing and encryption, one would need to do embed Signing and Encryption blocks. You can refer the SAML standards or any other Federation product metadata for getting the Signing and Encryption blocks.

    If the Identity provider is expecting SAML Authentication requests to be signed then change the value of AuthnRequestsSigned element to true in sp.xml. Save the file and restart the application server.

    If the Fedlet is expecting Identity provider to send signed SAML assertion then change the value of WantAssertionsSigned element to true in sp.xml. Save the file and restart the application server.

    Observe the element entityID having the Fedlet ID which is provided while running the ConfigureFedlet command.

    For providing the supported NameIDs by Fedlet, one can update this sp.xml to add element under SPSSODescriptor tag. For example, see below:


    AssertionConsumerService is the element to define the fedlet file processing the SAML response. When you install fedlet, fedletSampleApp.jsp processes the SAML response. This file can be renamed to anything and placed in your custom application or one can extract the logic from this jsp and place it in your custom application. In such case, that custom application page should be specified for Location. For example, see below:

    <AssertionConsumerService isDefault=”true” index=”0″ Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=”https://www.myserver.com/fedletSSO.jsp”/>


    This file gets generated automatically when you install Fedlet. This file contains the supplements of SP metadata configurations. Observe that entityID field contains the same value as it is defined in sp.xml. There will be one-to-one mapping between sp.xml and sp-extended.xml using entityID. Some of the features that can be configured in this file are:

    1. Specify whether Assertion needs to be encrypted by IDP
    2. Specify whether attributes in assertion needs to be encrypted by IDP
    3. Specify whether SAML response needs to be signed
    4. Specify whether Logout request and response needs to be signed
    5. Specify Fedlet Logout URL.
    6. Specify encryption alias
    7. Default authentication and mapper classes.

    It will be continued in next post.

    One Response to “Explaining configuration files in Fedlet”

    1. […] Explaining configuration files in Fedlet…. contd… Posted in June 18th, 2013 byMahendra in idm This is in continuation of my previous post. […]

    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP