Access Management 7.3.2

Implement SAML v2.0 service providers by using Fedlets

An AM Fedlet is a small Java web application that can act as a service provider for a specific identity provider without requiring that you install all of AM.

When your organization acts as the identity provider and you want to enable service providers to federate their services with yours, you can generate configuration files for a Fedlet.

Fedlets are easy to integrate into Java web applications; they do not require an entire AM installation alongside your application, but instead can redirect to AM for single sign-on, and to retrieve SAML assertions.

Fedlet Support for SAML v2.0 Features
Fedlet support for SAML v2.0 features
SAML v2.0 Feature Java Fedlet

IDP and SP-initiated single sign-on (HTTP Artifact)

Supported

IDP and SP-initiated single sign-on (HTTP POST)

Supported

IDP and SP-initiated single logout (HTTP POST)

Supported

IDP and SP-initiated single logout (HTTP Redirect)

Supported

Sign requests and responses

Supported

Encrypt assertion, attribute, and NameID elements

Supported

Export SP Metadata

Supported

Multiple IDPs

Supported

External IDP discovery service

Supported

Bundled IDP reader service for discovery

Supported

After receiving the configuration files for the Fedlet, the service provider administrator installs them, and then obtains the Fedlet web application from the AM distribution and installs it in the application web container.

The following table summarizes the high-level tasks required to configure Fedlets:

Task Resources

Create and configure the Fedlet

Configure the Fedlet files and its keystore for your environment, add the metadata from the IDPs to it, and share the Fedlet’s metadata with the IDPs.

Ensure the Fedlet is secure

By default, signing and encryption are not configured. You should configure them to sign and encrypt data, such as assertions.

Test the Fedlet

You can test the Fedlet as a standalone application, or by integrating it inside one of your applications.