Novell Documentation: SAML Extension for Novell iChain - Creating and Configuring the Identity Provider Site Object

Creating and Configuring the Identity Provider Site Object

The SAMLExtensionServer object provides basic information to iChain that allows iChain to communicate with the SAML extension server. You create it by right-clicking on the organization or organizational unit you want to create it in, then clicking New > SAML extension server..., as shown in Figure 34:

Figure 34
Creating a New Provider Site

After you create the SAMLExtensionServer object, right-click it and select Properties to display the Properties page. For the SAMLExtensionServer only, this page contains a single custom tab, called the General tab, which displays the page shown in Figure 35:

Figure 35
General Page

The General page contains settings that allow the iChain servers to communicate with the SAML extension for iChain server. iChain communicates with the SAML extension similarly to how it communicates with back-end Web servers. When iChain receives traffic with the URL prefix of /cmd/ext or /cmd/mutExt, the HTTP request is sent to the SAML extension server specified here (rather than to the accelerator Web server). In order to do this, iChain must know the IP address and HTTP listening PORT that the SAML extension server is running, just as it needs to know this information for its back-end Web servers. The following are the properties available on this tab:

IP Address: The IP address of the SAML extension server.
Port: The port on which the SAML extension server host HTTP service is running.
Secure the SAML Extension Server Network Connection: Selecting this option causes iChain to make SSL connections with the SAML extension server. In order do this, you must import the public key or trusted root certificate corresponding to the SAML extension server's SSL server certificate into the iChainServiceObject's trusted roots container.

When enabling SSL between iChain and the SAML server, any accelerator handling incoming SAML Posts and Artifacts needs to have Secure Exchange enabled between the browser and the iChain proxy. If Secure Exchange is not enabled, the user receives a 504 Gateway timeout error from iChain.
Refresh Server: Causes the SAML extension to reread the configuration information from the directory.