Setting Up the eMartian Site

To set up the www.emartian.com SAML demo application with the loopback SAML Trusted Affiliate, you must complete the following general steps:

  1. Configure iChain with the www.emartian.com accelerator.
  2. Configure the ISO with the www.emartian.com protected resources and OLAC parameters.
  3. Deploy the www.emartian.com sample application.
  4. Test the www.emartian.com sample application.
  5. Install the SAML extension schema and snap-ins.
  6. Create SAML extension configuration objects in the directory.
  7. Create the loopback SAML Trusted Affiliate site.
  8. Install SAML extension server components.
  9. Test the SAML extension service.


Configuring the iChain Accelerator

In order to run the sample, you must first create a new accelerator using the iChain GUI. See Configuring a Typical Accelerator in the Novell iChain 2.3 Administration Guide for more information. You should name the accelerator www.emartian.com. Figure 29 shows a basic www.emartian.com accelerator configuration:

Figure 29
eMartian Accelerator Configuration


Defining the iChain Protected Resource and OLAC

Using ConsoleOne®, you must define both a protected resource for the eMartian application, as well as the OLAC parameters to pass to the application. To do these operations:

  1. Select the iChainServiceObject you are using in the directory.

  2. Click the Protected Resources page.

    Figure 30 shows the protected resource definitions for the eMartian application:

    Figure 30
    Protected Resource Definitions for the eMartian Application

  3. Define OLAC parameters for the eMartian_application protected resource.

    Figure 31 shows all of the OLAC parameters required by the eMartian demo application:

    Figure 31
    OLAC Parameters Required by the eMartian Application

    It is important that the parameter names (Name) match those in Figure 31. The eMartian demo application relies on these name values, and if they are different, the application does not work. The LDAP value names (Value) do not need to match as long has you have the appropriate LDAP attribute set on the test user objects. You can use different LDAP values than fullName for MemberLevel and mail for Email.


Deploying the eMartian Sample Application

Because the eMartian application uses simple Java server pages to display its content, you must deploy it into a Java servlet container. If you are running the Apache Tomcat server engine, you can simply take the entire eMartian directory and place it into the tomcat_home/webapps directory. After deploying the application, enter the following URL to access the eMartian portal:http://www.emartian.com/emartian.

After you authenticate to iChain, a page as shown in Figure 32 is displayed:

Figure 32
Authentication to iChain

You should verify that the LDAP properties are being passed correctly. In the example shown in Figure 32, the user is logged in as Admin and has a fullName (MemberLevel) of gold. By selecting the Martian Travel link on the right-hand side of the page, you access the eMartian application. A page should display as shown in Figure 33:

Figure 33
Accessing the eMartian Application

You can again validate that the proper OLAC attributes are being sent. Different content is displayed, depending upon the MemberLevel of the user accessing the application. If you were to access the eMartian application with a user whose MemberLevel (fullName) were set to silver, you should see a page as shown in Figure 34:

Figure 34
MemberLevel Set to Silver

As shown in Figure 34, a user named r_ravi accessed this page. R_ravi has a MemberLevel of silver.


Installing the SAML Extension for Novell iChain Software

Install the SAML extension for Novell iChain components. For detailed instructions on how to install this software, see the SAML Extension for Novell iChain Administration Guide.

The SAML extension installer installs three components: