To set up the www.emartian.com SAML demo application with the loopback SAML Trusted Affiliate, you must complete the following general steps:
In order to run the sample, you must first create a new accelerator using the iChain GUI. See Configuring a Typical Accelerator in the Novell iChain 2.3 Administration Guide for more information. You should name the accelerator www.emartian.com. Figure 29 shows a basic www.emartian.com accelerator configuration:
Figure 29Using ConsoleOne®, you must define both a protected resource for the eMartian application, as well as the OLAC parameters to pass to the application. To do these operations:
Select the iChainServiceObject you are using in the directory.
Click the Protected Resources page.
Figure 30 shows the protected resource definitions for the eMartian application:
Figure 30Define OLAC parameters for the eMartian_application protected resource.
Figure 31 shows all of the OLAC parameters required by the eMartian demo application:
Figure 31It is important that the parameter names (Name) match those in Figure 31. The eMartian demo application relies on these name values, and if they are different, the application does not work. The LDAP value names (Value) do not need to match as long has you have the appropriate LDAP attribute set on the test user objects. You can use different LDAP values than fullName for MemberLevel and mail for Email.
Because the eMartian application uses simple Java server pages to display its content, you must deploy it into a Java servlet container. If you are running the Apache Tomcat server engine, you can simply take the entire eMartian directory and place it into the tomcat_home/webapps directory. After deploying the application, enter the following URL to access the eMartian portal:http://www.emartian.com/emartian.
After you authenticate to iChain, a page as shown in Figure 32 is displayed:
Figure 32You should verify that the LDAP properties are being passed correctly. In the example shown in Figure 32, the user is logged in as Admin and has a fullName (MemberLevel) of gold. By selecting the Martian Travel link on the right-hand side of the page, you access the eMartian application. A page should display as shown in Figure 33:
Figure 33You can again validate that the proper OLAC attributes are being sent. Different content is displayed, depending upon the MemberLevel of the user accessing the application. If you were to access the eMartian application with a user whose MemberLevel (fullName) were set to silver, you should see a page as shown in Figure 34:
Figure 34As shown in Figure 34, a user named r_ravi accessed this page. R_ravi has a MemberLevel of silver.
Install the SAML extension for Novell iChain components. For detailed instructions on how to install this software, see the SAML Extension for Novell iChain Administration Guide.
The SAML extension installer installs three components: