ForgeRock OpenAM Provider Setup¶
This document describes the steps to configure OpenAM as an Identity Provider to integrate with Cyderes. Cyderes will as as the SAML Service Provider or "SAML SP".
Configuring SSO¶
Registering Remote SP¶
- Log into the OpenAM console as an administrator.
- On the dashboard under the "Common Tasks" click on "Register Remote Service Provider".
- Complete the wizard to import the provided Cyderes SAML metadata file.
- Ensure the added Cyderes SP is part of the necessary Circle of Trust (COT) in order to authenticate users appropriately against OpenAM.
-
Under the SP Entity Provider configuration for the newly added Cyderes SP, we need to add additional attributes in the SAML assertion returned to Cyderes. This is done by defining mappings in the Assertion Processing > Attribute Mapper configuration. The following attributes are required:
Email=mail
FirstName=givenName
LastName=sn
-
Click Save to apply the changes to the SP configuration.
Gather Information¶
The SAML metadata as well as the Signing Certificate from OpenAM must be sent to Cyderes in order to allow Cyderes to add the OpenAM instance as an IdP. Both pieces of information can be downloaded from the OpenAM console by browsing to the appropriate metadata URL.
Note that the URL, port, realmName, and entityId values will need updated in the URL below to match the configuration/environment.
http://<URL>:<port>/openam/saml2/jsp/exportmetadata.jsp?realm=<realmName>&entityid=<entityIDName>