3.1. Overview

IDentia-RP-Demo, the default demo RP included in the package, is located in the RP server’s sp2_webapps directory (i.e. /opt/sp2-tomcat7/sp2_webapps). To test the demo RP, you need to start the ApacheDS service first, followed by starting up the IdP tomcat server and then the RP tomcat server. Once all three servers are started, you may access the IDentia RP Demo at https://[spdomain]:[spportnumber]/identia-rp-demo. For instance, using the default configuration, the RP page is at https://samlsp2.identia.net:6423/identia-rp-demo/

3.2.  Authentication

Once you’ve navigated to the RP page, you will be able to select the IdP for authentication (Figure 1).   Make sure to register the RP with the IDP through the RP Register function. Details on how to register RPs are included in the IDentia Administrator’s Guide. After selection, the IdP will prompt you to provide either your X.509 certificate or your username/password, depending on the type of IdP you installed.

Figure 1

3.3.  Access Control

Access Control for IDentia RP Demo is configured in the securityContext.xml located in the RP application (i.e. /opt/sp2-tomcat7/sp2_webapps/identia-rp-demo/WEB-INF/classes/security).

Open the securityContext.xml file and look for the secured pages section. The default setting specifies that only users with the role ADMIN will have access to test1.jsp and only users with the role USER will have access to test2.jsp.

Next, look for the userDetails section. The default setting specifies that users with the title manager have the roles ADMIN and USER, and users with the title associate have the role USER.

To see how access control works, log in to the demo RP with user Steven, who has a title of manager. Steven will be able to view both the manager page (test1.jsp) and the associate page (test2.jsp). Next, log in as user Charlie, who has a title of associate. Charlie will be able to view the associate page but not the manager page. Finally, try logging in as user Jennifer, who has a title of intern. Jennifer will get an access denied on both the manager and the associate page.

<< Getting Started

Integrating Existing Application(s) >>