3.1.  Changing IdP Domain Names and Port Numbers

The default domain name and port number for the IdP is samlidp.identia.net:4443. To change the domain name and port numbers go to the bin directory of the IdP server (i.e. /opt/idp-tomcat7/bin) and edit the idp-param.properties file.

This file specifies the path to the WEB-INF directory of the IdP, the password for the keystore containing the server cert of the IdP, the IdP domain name, and the IdP port number.
 
idp-param.properties

Figure 1

 
After editing the idp-param.properties file, run the idp-config script. This script will create a new key, certificate and keystore for the new IdP domain name in the IdP server (i.e. /opt/idp-tomcat7/idp-resources/credentials/idp.jks). It will also replace all default domain name and port number with the new values in configuration files.



3.2.  Modifying RP with New IdP Domain Names and Port Numbers

After changing the domain name and port numbers for the IdP, you will also need to make some modifications to the RP.

The samlKeystore.jks located in the RP application (i.e. /opt/sp2-tomcat7/sp2_webapps/identia-rp-demo/WEB-INF/classes/security) contains the IdP signing key. After you created a new IdP key for the new domain name, you need to import the key into the samlKeystore.jks.

Keytool –importkeystore –srckeystore “path to idp.jks” –destkeystore “path to samlKeystore” –srcalias “new idp domain name” –destalias “new idp domain name”

Next, open the securityContext.xml file and go to the keyManager section. Edit the key name and password for the new IdP domain name. you can also modify the password for the samlKeystore.jks
 
keystore_config

Figure 2

 
After modifying the keyManager section, go to the metadata section and modify the URL for the IdP with new domain name and port number, and the trustetKeys.
 
idp_config

Figure 3



3.3.  Changing RP Domain Names and Port Numbers

The default domain name and port number for the RP is samlsp2.identia.net:6423. To change the domain name and port number, edit the server.xml of the RP. You will also need to create a new server cert for the new RP domain name. After the new server cert is created, import the key to the sp.jks located in the conf directory (i.e. /opt/sp2-tomcat7/conf/) and import the certificate to the idp.jks located in the IdP server.

Next, open the securityContext.xml file and go to the metadataGeneratorFilter section. Change the entityId to the new RP domain name.
 
rp_config

Figure 4



<< Integrating Existing Application(s)