The Federation service is configured by modifying the OpenIG
config.json and Federation specific XML files located
in the home directory of the effective user running the web application
container housing OpenIG. The home directory of this user is referred to as
$HOME_DIR in this document. By default, the
Federation service looks in $HOME_DIR/.ForgeRock/OpenIG/
for config.json and
$HOME_DIR/.ForgeRock/SAML/ for the Federation XML
configuration.
The following is a description of the files:
$HOME_DIR/.ForgeRock/OpenIG/config.json-
This is the core configuration file for OpenIG. You must configure both this file and the XML files specific to the Federation Service. The reason there are two sets of configuration files is the Federation Service is based on the openFed library from the OpenAM open source project. The openFed library and the Federation configuration files are taken directly from the OpenFM release. In order to get the Federation Service configured you must tag swap the XML files. If you are familiar with the workflow in the OpenAM console you can generate a Fedlet and directly copy the configuration files into
$HOME_DIR/.ForgeRock/SAML/. $HOME_DIR/.ForgeRock/SAML/FederationConfig.properties-
Advanced features of the openFed library. The defaults suffice in most deployments.
$HOME_DIR/.ForgeRock/SAML/gateway.cot-
Circle of trust for OpenIG and the Identity Provider.
$HOME_DIR/.ForgeRock/SAML/idp.xml-
This file is not included with the Federation Service XML. It must be generated by the Identity Provider and copied into the configuration directory.
$HOME_DIR/.ForgeRock/SAML/idp-extended.xml-
Standard extensions for the Identity Provider.
$HOME_DIR/.ForgeRock/SAML/sp.xml,$HOME_DIR/.ForgeRock/SAML/sp-extended.xml-
These are the standard metadata and metadata extensions for the OpenIG Federation Service.
