RSA IOP Endpoints
From Project Concordia
Participants, please document your endpoints for the RSA Concorda Interop Scenarios and any ancillary/related information relevant to working with them.
Contents |
Microsoft
WS-Federation RP endpoint: https://relyingparty.federatedidentity.net/FedPassiveRP
WS-Federation IP endpoint (protected as Infocard RP): https://ipsts.federatedidentity.net/passiveSts/Saml2.aspx
WS-Federation IP Realm URI: https://relyingparty.federatedidentity.net
IP Certificate:
BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIKYYCX1gAEAACc4TANBgkqhkiG9w0BAQUFADCBizETMBEG CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMSowKAYD VQQDEyFNaWNyb3NvZnQgU2VjdXJlIFNlcnZlciBBdXRob3JpdHkwHhcNMDcxMDEz MTQ0MTU2WhcNMDgxMDEyMTQ0MTU2WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0 MQwwCgYDVQQLEwNDU0QxJDAiBgNVBAMTG2lwc3RzLmZlZGVyYXRlZGlkZW50aXR5 Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAluY3LnwdYwS8esYbgCt3 80c6wbmSD66Jlyf/tqvsbrkxMdvAfDzCh38rp5cZulvOaIyRI1T8CfpOC6TPsAoT 70aFAI4g2vx0tosJCgMmXGslrGoyvvu/Ud/4Ybe75SqAaxhTIaJ/zPEDq/THPMvt ZBHyutGGQu+Zg6wrKapbiSECAwEAAaOCAvAwggLsMAsGA1UdDwQEAwIFoDBEBgkq hkiG9w0BCQ8ENzA1MA4GCCqGSIb3DQMCAgIAgDAOBggqhkiG9w0DBAICAIAwBwYF Kw4DAgcwCgYIKoZIhvcNAwcwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB MB0GA1UdDgQWBBTRBRoHbqjPVQknuWwRlvsqkt3LBTAfBgNVHSMEGDAWgBSZj6X3 HoFv+nnC8BY/slSxCGhHVTCCAQoGA1UdHwSCAQEwgf4wgfuggfiggfWGWGh0dHA6 Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUy MFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg0KS5jcmyGVmh0dHA6Ly9jcmwu bWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUl MjBTZXJ2ZXIlMjBBdXRob3JpdHkoNCkuY3JshkFodHRwOi8vY29ycHBraS9jcmwv TWljcm9zb2Z0JTIwU2VjdXJlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDQpLmNybDCB vwYIKwYBBQUHAQEEgbIwga8wXgYIKwYBBQUHMAKGUmh0dHA6Ly93d3cubWljcm9z b2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUy MEF1dGhvcml0eSg0KS5jcnQwTQYIKwYBBQUHMAKGQWh0dHA6Ly9jb3JwcGtpL2Fp YS9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoNCkuY3J0 MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SB T4PC7YUIjqnShWMCAWQCAQUwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAK BggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAnqOVkLVA0EeCZcjXK8IA7Dit KQoAdGxWJ8Sxj2uP52K/cnWTDHyif581P4AxSnk/N0WOev0Xdyj90bMXhtNxfusy 41j3BvxamnCzaAx5ALhNPfsoBfuiqO1PUqm5EpWU/fzSOw7qWu+3qB6tjBRMTfDV Xfqu1V6axOC6zEdCorKEdn2wlum0PKAGzfT6mjmgw2nPUGBTlL++6ESrRaMUwKlG 5kAss/FFzhTHsKr1i6d6EHj0IXU2d0LnpQI8EzzbfKPJWx1uwYmzdq5sHFVSruLe kNLjHsihZ0mOAUhSCID82JWRopvVRiXO1V4DEWSPn2kTMZvy6uQ1WteWj/fHbw==
END CERTIFICATE-----
Oracle
SAML 2.0 IDP Metadata: https://saml.oracle.com/fed/idp/metadata
WS-Fed IDP Realm URI: https://saml.oracle.com/fed/idp
WS-Fed IDP Endpoint: https://saml.oracle.com/fed/idp/wsfed11
WS-Fed IDP Certificate:
MIIB7zCCAVigAwIBAgIBADANBgkqhkiG9w0BAQQFADAsMRAwDgYDVQQKDAdPSFNf
T0lGMRgwFgYDVQQDEw9zYW1sLm9yYWNsZS5jb20wHhcNMDgwMzE4MTgxMDI1WhcN
MTMwMzE3MTgxMDI1WjAsMRAwDgYDVQQKDAdPSFNfT0lGMRgwFgYDVQQDEw9zYW1s
Lm9yYWNsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALQwkTXnbW/4
DgN9NHr6lPux+DfW/FZ1WB7GaAgsNDiZj0jGrovsTBHckx5c/t8unc5jC8uu1TzN
8gi1rRfvUrMGWZp+44aGxHP2MKp9WOwwC95rDq8wsnu3qhofL1I1VEUEVkKN5LV+
zXIRlrrygqonD4zxqtYLqPOVTqrAnpWHAgMBAAGjITAfMB0GA1UdDgQWBBRMVKlQ
mjfRwrwdhlYQl5t6IVG4YDANBgkqhkiG9w0BAQQFAAOBgQAghOa3YnE26kLKsBnM
wBa8F87Cg885W6HyOpJCXdGmVuitKNDdQeJhN8vsgmRbQDSAPBzArTzoFjzqUe/F
rE49Y/ZORQv/GahXaTyoPTQlbyqlMeyh0e+orGb21vSfBnsID/LQpkIjGfdODk2d
Nu2rDI8NUuZ9VKnXqIm40EyxqQ==
SAML 2.0 SP Metadata: https://saml.oracle.com/fed/sp/metadata
WS-Fed RP Realm URI: https://saml.oracle.com/fed/sp
WS-Fed RP Endpoint: https://saml.oracle.com/fed/sp/wsfed11
To test RP Initiated SSO:
- Go to https://saml.oracle.com/fed/user/testspsso
- Select the IDP to use
- Select the Authentication Mechanism to request
- Select the Authentication Mechanism Comparison if testing SAML 2.0
- Start SSO
Internet2
SAML 2.0 SP Metadata: https://authdev.it.ohio-state.edu/shibboleth
SAML 2.0 Entity ID / WS-Fed RP Realm URI: https://authdev.it.ohio-state.edu/shibboleth
WS-Fed RP Endpoint: https://authdev.it.ohio-state.edu/Shibboleth.sso/ADFS
To test RP Initiated SSO:
- Go to https://authdev.it.ohio-state.edu/cgi-bin/concordia
- Select the vendor IdP to use and a login method.
Ping Identity
SAML 2.0 IDP Metadata: https://labs.pingidentity.com:9031/metadata/ping-idp-metadata.xml
SAML 2.0 SP Metadata: https://labs.pingidentity.com:9031/metadata/ping-sp-metadata.xml
SAML 2.0 SP Endpoint: https://labs.pingidentity.com:9031/quickstart-app-sp/go
To test SP Initiated SSO:
- Go to https://labs.pingidentity.com:9031/quickstart-app-sp/go
- Click on the 'Advanced SSO Options' (menu at the top).
- Select the 'IdP Partner'. Default is 'Demo IdP' which is Ping's IdP.
- Select the 'Requested Authentication Context'. Default is 'Personal'.
- Click 'Single Sign-On'.
- It will redirect to the SAML IdP/Infocard RP. (if you have selected Ping's IdP, it should be https://labs.pingidentity.com/idpsample).
- Authenticate using an Infocard.
- You should be redirected back to the SAML SP with the claims from the submitted infocard.
WS-Fed IdP
WS-Fed Realm URI: https://labs.pingidentity.com:9031/wsfed
WS-Fed IdP Endpoint: https://labs.pingidentity.com:9031/idp/prp.wsf
WS-Fed SP Endpoint: https://labs.pingidentity.com:9031/sp/prp.wsf
BEGIN CERTIFICATE-----
MIICVTCCAb6gAwIBAgIGARHDU6iPMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYTAlVTMQswCQYD VQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRYwFAYDVQQKEw1QaW5nIElkZW50aXR5MRUwEwYDVQQL EwxQaW5nRmVkZXJhdGUxEjAQBgNVBAMTCWRlbW8gZHNpZzAeFw0wNzA0MDUxOTU4MzFaFw0xMjA0 MDMxOTU4MzFaMG4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRYw FAYDVQQKEw1QaW5nIElkZW50aXR5MRUwEwYDVQQLEwxQaW5nRmVkZXJhdGUxEjAQBgNVBAMTCWRl bW8gZHNpZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqp3n70+zHzniZuv+c2RPAi/maOTQ ERjA1Nd8a4Cq62EkkUruU5abYF3og3FbbOlAW3Fb/dD6d5cbjuyKEEmkHRy+ZjXjH4ZeP9McQPhY 3h+WCDWjIr9xE05f1YkWJhKBjEA4HYvfPSNe6udgBUrsJG1XM8tqGNS/A7H4zYgcva0CAwEAATAN BgkqhkiG9w0BAQUFAAOBgQAf59McYBnyk+LNmd6H0AC2khiXHMOLWUfbpL0NUEgK4VDk9svVmyIj 4rcTOnT6ZNXlftiN0Y/zUd1OMXD9biLqyDn03doymvEZiclxXknqyMRp8YmXujDYslfc78Zdql8N zz1mUooTgfmYgb/gqMTE2ACjZt1IBJdlxEu2Yu/V9A==
END CERTIFICATE-----
Symlabs
SAML2 & WS-Fed SP
SAML2 Metadata: https://cardspace-sp.symlabs.net:8001/sp.xml
WS-Fed Realm URI: https://cardspace-sp.symlabs.net:8001/sp.xml
WS-Fed Endpoint: https://cardspace-sp.symlabs.net:8001/SP-P
Home Page: https://cardspace-sp.symlabs.net:8001/E
SAML2 & WS-Fed IDP
SAML2 Metadata: https://cardspace-idp.symlabs.net:8002/idp.xml
WS-Fed Realm URI: https://cardspace-idp.symlabs.net:8002/idp.xml
WS-Fed Endpoint: https://cardspace-idp.symlabs.net:8002/IDP-F
WS-Fed Certificate: Same as signing certificate in SAML2 metadata
Credentials: microsoft/microsoft, oracle/oracle, internet2/internet2, ping/ping, fugen/fugen
Managed Card STS
Home Page: https://sts.symlabs.net:8003/N
Credentials: microsoft/microsoft, oracle/oracle, internet2/internet2, ping/ping, fugen/fugen
FuGen Solutions
FuGen MISP SAML 2.0 SP
- End-Point -
https://socialphotos.federationportal.com/ConcordiaInterop/SAML2RequestGenerator.aspx
- MetaData -
https://socialphotos.federationportal.com/ConcordiaInterop/SocialPhotos-MetaData.xml
- FuGen MISP WS-Fed RP End-Point -
https://socialphotos.federationportal.com/ConcordiaInterop/WS-FedRequestGenerator.aspx
FuGen MISP STS Managed Card
Backed with Uid / Pwd - https://fugenmisp.federationportal.com/FuGenIdPSite/LDAPBasedCard.aspx Backed with Self-Issued - https://fugenmisp.federationportal.com/FuGenIdPSite/SelfLogin.html
Root CA (for EV cert @ fugenmisp.federationportal.com ) -
- http://fugenmisp.federationportal.com/FuGenIdPSite/hacert1.sst
- http://fugenmisp.federationportal.com/FuGenIdPSite/FuGenLab-RootCA.crt
FuGen MISP InfoCard RP / SAML 2.0 IdP / WS-Fed IdP
- SAML 2.0 MetaData - https://sym-idp.fugenmisp.federationportal.com/idp.xml
- WS-Fed IdP Realm URI
- https://socialphotos.federationportal.com/rsa2008demo
- WS-Fed IdP Endpoint
- https://sym-idp.fugenmisp.federationportal.com/IDP-F
- FuGen MISP WS-Fed IdP Certificate
BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIDQ9sNMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UE ChMRR29EYWRkeS5jb20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0 ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2Vj dXJlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzAe Fw0wODAzMTgxNjUxMjJaFw0wOTAzMTgxNjUxMjJaMIGFMS8wLQYDVQQKEyZzeW0t aWRwLmZ1Z2VubWlzcC5mZWRlcmF0aW9ucG9ydGFsLmNvbTEhMB8GA1UECxMYRG9t YWluIENvbnRyb2wgVmFsaWRhdGVkMS8wLQYDVQQDEyZzeW0taWRwLmZ1Z2VubWlz cC5mZWRlcmF0aW9ucG9ydGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAsNDyaIguenPWuWlJIECbHbiveNohY0VFib4E7h3ZZardUcAsNKpMBX1AilUf 0UJwADogml42tpO5OJb/nDZwIOuHyV63pybBXUQlcyM3n8o0F2V8yslIqqaUAtZK qNwRTKXlS4PvYIlhLxDhBTMRLyNWrcAwzGAoizo2a2Tp3sUCAwEAAaOCAggwggIE MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjBXBgNVHR8EUDBOMEygSqBIhkZodHRwOi8vY2VydGlmaWNhdGVzLmdv ZGFkZHkuY29tL3JlcG9zaXRvcnkvZ29kYWRkeWV4dGVuZGVkaXNzdWluZzMuY3Js MFIGA1UdIARLMEkwRwYLYIZIAYb9bQEHFwEwODA2BggrBgEFBQcCARYqaHR0cDov L2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5MH8GCCsGAQUFBwEB BHMwcTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wSgYIKwYB BQUHMAKGPmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9y eS9nZF9pbnRlcm1lZGlhdGUuY3J0MB0GA1UdDgQWBBQmM6dnEUI8mwGPcuYr06ge AYOi0TAfBgNVHSMEGDAWgBT9rGEyk2xF1uLuhV+auud2mWjM5zBdBgNVHREEVjBU giZzeW0taWRwLmZ1Z2VubWlzcC5mZWRlcmF0aW9ucG9ydGFsLmNvbYIqd3d3LnN5 bS1pZHAuZnVnZW5taXNwLmZlZGVyYXRpb25wb3J0YWwuY29tMA0GCSqGSIb3DQEB BQUAA4IBAQCka8J/AA2NcFprkiLddUfODRZTArFhceIzQo0p4JjUPDiKW0oXoMun 4PLsNtb9UNW7bIC/DgEwCji6mreyG1VIRHdAa4bosnxHo5nysBBsctly3XxowLnu mpaoqaSq89t5EvdOuyddQ5Sr3RSPPijzf+BlzjkNpPov6HjHsu8S6J9n4xvzvoA1 ++0O27oo3ak+hdwM4zRtDyQwGigG8KMIPB+6/gpRUXMu+Xza4afgoRd0lSUW36Bu 4nZLN+rZ46/d5Sglk8849fYEsmHipc+mpc+81iihUpnfE0069oV7BH7gqKMBQjVU TkqniW0Nt/58Jhkm3gFzOzCVf1UJm/KS
END CERTIFICATE-----
Sun Microsystems
SAML 2.0
IdP
SP
Demo Page: https://identity.planetinterop.org:3621/opensso/concordia.jsp
To test SP Initiated SSO:
- Go to https://identity.planetinterop.org:3621/opensso/concordia.jsp
- Click an infocard login link. (The first link is a test with 'straight' SAML 2.0 username/password.)
- Authenticate using a suitable Infocard.
- You should be redirected back to the SAML SP with the claims from the submitted infocard.
WS-Federation
IP
Endpoint: https://wsinterop.sun.com:3611/opensso/WSFederationServlet/metaAlias/wsfedidp
Realm URI: urn:federation:wsinterop
Cert:
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIQVmLVGsnzHfIyIlygnDqVcjANBgkqhkiG9w0BAQUFADCB
jjEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxHzAdBgNVBAsTFlZlcmlT
aWduIFRydXN0IE5ldHdvcmsxJjAkBgNVBAsTHUNsYXNzIDMgTVBLSSBTZWN1cmUg
U2VydmVyIENBMSQwIgYDVQQDExtTdW4gTWljcm9zeXN0ZW1zIEluYyBTU0wgQ0Ew
HhcNMDgwNDAzMDAwMDAwWhcNMDkwNDAzMjM1OTU5WjCBrDELMAkGA1UEBhMCVVMx
FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEzARBgNVBAcUCkJ1cmxpbmd0b24xHTAb
BgNVBAoUFFN1biBNaWNyb3N5c3RlbXMgSW5jMSMwIQYDVQQLFBpDaGllZiBUZWNo
bm9sb2dpc3RzIE9mZmljZTEQMA4GA1UECxQHQ2xhc3MgQjEaMBgGA1UEAxQRd3Np
bnRlcm9wLnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyI1CZD
lob9xgUmh5kjV5HiWa9s3KaUmkMUOWiIN3YiwG9wEKn73t243V3QWTd0KmRuYh/m
8TB+W2E9AzSzkcjW7Qu/6Rh8sNelD9uENFBeGnUhcI7zMcdJgUjv8bqYiLAQTrRW
2gViOhPYTaBetRZ8vTM8vUjnDsyVP40y8mjXAgMBAAGjggHnMIIB4zAJBgNVHRME
AjAAMB0GA1UdDgQWBBRus8pBmjC+aZl864RfKZw4rBZ/JzAfBgNVHSMEGDAWgBTX
3V6Bvs9c49zS8o3tBLisF/kB+jAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMIG1BgNVHSAEga0wgaowOQYLYIZIAYb4RQEHFwMw
KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTBtBgtg
hkgBhvcAg32cPzBeMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5zdW4uY29tL3Br
aS9jcHMwMwYIKwYBBQUHAgIwJxolVmFsaWRhdGVkIEZvciBTdW4gQnVzaW5lc3Mg
T3BlcmF0aW9uczB5BgNVHR8EcjBwMG6gbKBqhmhodHRwOi8vU1ZSQzNTZWN1cmVT
dW5NaWNyb3N5c3RlbXMtTVBLSS1jcmwudmVyaXNpZ24uY29tL1N1bk1pY3Jvc3lz
dGVtc0luY0NsYXNzQlVuaWZpZWQvTGF0ZXN0Q1JMU3J2LmNybDA0BggrBgEFBQcB
AQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkq
hkiG9w0BAQUFAAOCAQEAP8AX3Y1Z3uXXwMRYRo1BAh9G8IvMrXncTQe5wVq3F6Bg
WDo+54sEgKtZTPEpGnaK5jNNnDQ3N9DOr9Sg6R2Nh13+D+/NCZHaupNf+n+b+oRk
yo1KO/7RJuekrTNVxgOJHKkTMLUPu6jYdLg+fCIulrkQ+YHO2u8OjyBbt7FIc+rG
7SK/cztk9tmFJbQ1zc1WV6Youb5YA5JOMU83l1tUFsM/AmAN0CmO2d6XHUFNp9od
0OMCIUC6PA/FqK+4d4vnzXgeLlUadRWBrqRt0pp8Rx8PbndPR956fcc7WFredWEh
1NcD3jkAlTOW4pjabyt5cAWt1ypA/IHnZUJ1lAk09w==
-----END CERTIFICATE-----
RP
Endpoint: https://identity.planetinterop.org:3621/opensso/WSFederationServlet/metaAlias/wsfedsp
Realm URI: urn:federation:identity
Managed Card STS
Sun Intermediate CA Cert: http://www.sun.com/pki/certs/ca/SSL_Server_CA-cert.der
(You will need to install this in your intermediate CA cert store before downloading a card)
Download card from https://wsinterop.sun.com:3611/opensso/GetCard
Card supports both SAML 1.1 and SAML 2.0 tokens
Credentials: TestUser/TestUser
Information Card RP
You can login with any SAML 1.1 token at https://wsinterop.sun.com:3611/opensso/UI/Login?module=Infocard
You can associate your card with TestUser/TestUser. There is a known issue in registering a new user - you must type something (anything) in the password field before clicking 'New User'.
Login with SAML 2.0 token, require InfoCard/Managed/Password
