Deepak Dubey on Cloud, Big Data Analytics, Data Science, Machine Learning, DevOps, Full Stack, Java: OIF

Showing posts with label OIF. Show all posts

Sunday, May 11, 2014

OAM 11g R2 PS2 (11.1.2.2.0) Federation Setup

In this post I will cover the federation setup with in the oracle access manager latest version

Beginning with the 11g Release 2 (11.1.2), the Oracle Access Management Access Manager server (OAM Server) has been integrated with an Oracle Access Management Identity Federation server. All configuration for the Identity Federation server is performed using the Oracle Access Management Console.

Benefits of using the new Identity Federation 11g Release 2 (11.1.2.2) server integrated with Access Manager include:

Eliminating the need to install and maintain separate servers.
Simplifying post-install configuration of the federation features, particularly when accessing those features through the Oracle Access Management Console.
Improving the scalability of the two services working together.
Providing enhanced diagnostics and troubleshooting.

Enable Identity Federation within the Available Services.

Go to Configuration->Federation Settings

Click Export SAML 2.0 Metadata

Go to Service Provider Administration -> Click Create Identity Provider Partner

Create a IdP with the exported metadata file.

Click "Create Authentication Scheme and Module"

This will create Authentication Scheme configured to be used with above IdP.

Similarly Go to Identity Provider Administration -> Click Create Service Provider Partner ->

Referral Auth Scheme

Referral Auth Module

Use the Authentication Scheme in the Authentication Policy of the Application Domain.

Go to App Domain -> Domain Name -> Authentication Policies -> Protected Resource Policy -> Change Authentication Scheme -> IdP1FederationScheme

Now we are ready to test

Access the protected resource

you will be redirected to identity provider SAML credential collector page

SAML GET Request

After Successful Login

SAML POST Response

Referral IdP and SP "https___Deepak-PC.mydomain.com_14101_oam_fed.xml" File :-

It contains metadata for both IdP and SP

<?xml version="1.0" encoding="UTF-8"?>

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:enc="http://www.w3.org/2001/04/xmlenc#" xmlns:ns7="urn:oasis:names:tc:SAML:profiles:v1metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="id-0G95cJmk6LYZcGQEqYuHtrUHzJkKkXQCRCfamW-3" cacheDuration="P30DT0H0M0S" entityID="https://Deepak-PC.mydomain.com:14101/oam/fed" validUntil="2014-06-03T17:32:57Z">

<dsig:Signature>

<dsig:SignedInfo>

<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

<dsig:Reference URI="#id-0G95cJmk6LYZcGQEqYuHtrUHzJkKkXQCRCfamW-3">

<dsig:Transforms>

<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

</dsig:Transforms>

<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

<dsig:DigestValue>xLWmnQkPI7hMhUFE784zWsj3Bo0=</dsig:DigestValue>

</dsig:Reference>

</dsig:SignedInfo>

<dsig:SignatureValue>bKOcap2cBPpRAQs8YuBF0q4VTHgiXWZQP3ZOgACVc7eqxjOg08dHSAXSp1hrLuHUoCkmDRAJOi09uorb+YNvdtqAWUV+WUcjfm0Ge6jJaqJIrf6ADmzKY01ueGVelN2qS7SSviyug3uPmiDENYdCDIvM1UbPloaDpVPEiiq+O3g=</dsig:SignatureValue>

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509Certificate>MIIB+DCCAWGgAwIBAgIBCjANBgkqhkiG9w0BAQQFADAhMR8wHQYDVQQDExZEZWVwYWstUEMubXlkb21haW4uY29tMB4XDTE0MDQxOTE0MTE1MFoXDTI0MDQxNjE0MTE1MFowITEfMB0GA1UEAxMWRGVlcGFrLVBDLm15ZG9tYWluLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv26VHEabPL0pg/18fASQ9lgkE7d7WGDBeTmqcPcMh+/lAv/j0ISZLA1SPk25Z9q03AyrnY49darO3zA8gQt5gymP5G+tr66SCtZc4IZFj7r6e1YlrLXivpTttROMAOxtZQRJVHQl9sT3dApeL2wxNaYxEPcqWiYvoU45jsfSfx0CAwEAAaNAMD4wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMB0GA1UdDgQWBBResQZp6WGrudaKwj2qoq2LCgJA7DANBgkqhkiG9w0BAQQFAAOBgQCDfN+jRHA+4F5SmVG1Gw7lLAGzzMweCgcxz/o0r8KBGdDSZTssI/m7isLuumaSCS98G22Hfr4Qadh+pcHwlaNFOcip4WwII9ag22afaqqXphRKFPUYFxrHCTFGzTOFMNXI3tyPZ6e1L2QCjeM2SHl8omDciSipdID7DmyqW4N2gQ==</dsig:X509Certificate>

</dsig:X509Data>

</dsig:KeyInfo>

</dsig:Signature>

<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<md:KeyDescriptor use="signing">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

</md:KeyDescriptor>

<md:KeyDescriptor use="encryption">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

</md:KeyDescriptor>

<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/soap" index="1" isDefault="true" />

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/soap" />

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://Deepak-PC.mydomain.com:14101/oamfed/idp/samlv20" />

</md:IDPSSODescriptor>

<md:AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<md:KeyDescriptor use="signing">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

</md:KeyDescriptor>

<md:KeyDescriptor use="encryption">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

</md:KeyDescriptor>

<md:AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://Deepak-PC.mydomain.com:14101/oamfed/aa/soap" />

<md:AttributeProfile>urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic</md:AttributeProfile>

</md:AttributeAuthorityDescriptor>

<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<md:KeyDescriptor use="signing">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

</md:KeyDescriptor>

<md:KeyDescriptor use="encryption">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

</md:KeyDescriptor>

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" />

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" ResponseLocation="https://Deepak-PC.mydomain.com:14101/oamfed/sp/samlv20" />

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://Deepak-PC.mydomain.com:14101/oam/server/fed/sp/sso" index="0" isDefault="true" />

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://Deepak-PC.mydomain.com:14101/oam/server/fed/sp/sso" index="1" />

</md:SPSSODescriptor>

<md:RoleDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<md:KeyDescriptor use="signing">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

</md:KeyDescriptor>

<md:KeyDescriptor use="encryption">

<dsig:KeyInfo>

<dsig:X509Data>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com</dsig:X509IssuerName>

<dsig:X509SerialNumber>10</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

</md:KeyDescriptor>

</md:RoleDescriptor>

</md:EntityDescriptor>

OIF 11g R2 : Self Federation Configuration and Testing

In this post I will cover the configuration of Oracle Identity Federation (OIF) which will act as Service Provider (SP) as well as Identity Provider (IdP).
This will let us understand the federation concepts and some of the configurations involved in all kind of federation setup.

First export your SP and IdP metadata. This can be done by logging into em console.

Go to Farm_IDMDomain-> Identity and Access -> OIF -> Administration -> Security and Trust -> Provider Metadata

Click on Generate once for Service Provider and again for Identity Provider

You will have 2 files now one for each SP and IdP.

Import back these into OIF by going to

OIF->Administration -> Federations.

Edit and enable the settings as below

Go Administration -> Service Provider-> Common -> Select Default SSO Identity Provider

Go Administration -> Service Provider-> SAML 2.0

Make the below settings if not already enabled.

Go to Administration -> Identity Provider -> SAML 2.0 Settings

Go to Administration -> Data Store. Create a User Data Store as below

Go to Administration -> Authentication Engines. Create Default Authentication Engine of type LDAP as below

Check out the Administration -> Server Properties in case you want change port numbers etc.

Now we are ready to test

Go to http://oif-server:7499/fed/user/testspsso. Click Start SSO

The Final Response

Below is the output from SAML Tracer plugin

Referral Identity Provider File Deepak-PC.mydomain.com_7499_idp_saml20.xml

<?xml version="1.0" encoding="UTF-8"?>

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="id-mvX-tZlC7JzjmZ-je5q2XHsvFRo-" cacheDuration="P0Y0M30DT0H0M0.0S" entityID="http://Deepak-PC.mydomain.com:7499/fed/idp" validUntil="2014-06-03T11:27:46Z">

<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

<md:KeyDescriptor use="signing">

<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

<dsig:X509Data>

<dsig:X509Certificate>MIICIzCCAYygAwIBAgIBOjANBgkqhkiG9w0BAQQFADA1MTMwMQYDVQQDEypEZWVw

YWstUEMubXlkb21haW4uY29tIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTQwNDI3

MTQxOTI1WhcNMTUwNDI3MTQxOTI1WjA1MTMwMQYDVQQDEypEZWVwYWstUEMubXlk

b21haW4uY29tIFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQAD

gY0AMIGJAoGBAN0o44CFVvoz/nR5jVhpkMwEWgRiVMVp1SrOVVsXQXNdnj5DJgUz

hD9OYa2FgpUuFwXkzUic8TpEghy0wSG0DAXp7/oBcJxhl8MhP69yuyz+TCyFlY0h

IwW3HKXMVEp3xpJcCjVK0S21QeoRFoxs6l8aZdmfFHRqZiaHieQf8vwjAgMBAAGj

QzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwfwADAdBgNVHQ4EFgQU

SIPyoWDDisc1gn3kHIzApTXD1kIwDQYJKoZIhvcNAQEEBQADgYEAbWw2xiTvoKbc

8C+fIAqJc0ZKYmnRYIia15YbcUjpoy81p2VGeExW6RInXF3Wg2Xf8Iuw8IPt7uUO

4JDgVS8Uc8598etMd9b7GLZYK13B7hqBYLalP2pG5z3g02OvglX0lTFirssbG+Vf

xN5kLD4dOS25LIQMqsqSaQC6sNVd2Jo=</dsig:X509Certificate>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com Signing Certificate</dsig:X509IssuerName>

<dsig:X509SerialNumber>58</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com Signing Certificate</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

</md:KeyDescriptor>

<md:KeyDescriptor use="encryption">

<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

<dsig:X509Data>

<dsig:X509Certificate>MIICKTCCAZKgAwIBAgIBKzANBgkqhkiG9w0BAQQFADA4MTYwNAYDVQQDEy1EZWVw

YWstUEMubXlkb21haW4uY29tIEVuY3J5cHRpb24gQ2VydGlmaWNhdGUwHhcNMTQw

NDI3MTQxOTI1WhcNMTUwNDI3MTQxOTI1WjA4MTYwNAYDVQQDEy1EZWVwYWstUEMu

bXlkb21haW4uY29tIEVuY3J5cHRpb24gQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcN

AQEBBQADgY0AMIGJAoGBAKk3sadHJeSrDwtsuHYjfYWdm5ZtmkAk0ihPVryxZDZu

Pf5xwCBv7/sUBV00enS7PZvUQKY1TMN5V0a4yc/zYa9SF8s9449ludb56mBFBS2P

gfkLsSwJD4fCNR39n/0+2R9lWFuAT77Lcd6jaq9Jwiky2iLZL9Agn5foQZSdgmzX

AgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwfwADAdBgNV

HQ4EFgQUuxZu/+HWIsLRwOilkArnaikxcRMwDQYJKoZIhvcNAQEEBQADgYEAKufG

6RoDd7zjKaiojFdzfT5XQBwL2pK9npLHwUDSHuFeHXvDp1SUNDkApCEg2KOGiJU8

vfxrN+ql/yDYXzWGylY7wljFFvynMN+74WgSplrHjZMQvZCuwaoLwyr+bF3cx5f0

YTKRROysyMHbojmB1JfZWdqLpl2FvzzS1ljEh4o=</dsig:X509Certificate>

<dsig:X509IssuerSerial>

<dsig:X509IssuerName>CN=Deepak-PC.mydomain.com Encryption Certificate</dsig:X509IssuerName>

<dsig:X509SerialNumber>43</dsig:X509SerialNumber>

</dsig:X509IssuerSerial>

<dsig:X509SubjectName>CN=Deepak-PC.mydomain.com Encryption Certificate</dsig:X509SubjectName>

</dsig:X509Data>

</dsig:KeyInfo>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

</md:KeyDescriptor>

<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/soap" index="1" isDefault="true" />

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" ResponseLocation="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" />

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" ResponseLocation="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" />

<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20ss" ResponseLocation="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20ss" />

<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" ResponseLocation="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" />

<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" ResponseLocation="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" />

<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20ss" ResponseLocation="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20ss" />

<md:ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/soap" />

<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>

<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>

<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" />

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20" />

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="http://Deepak-PC.mydomain.com:7499/fed/idp/samlv20ss" />

</md:IDPSSODescriptor>

</md:EntityDescriptor>

Referral Service Provider File Deepak-PC.mydomain.com_7499_sp_saml20.xml

<?xml version="1.0" encoding="UTF-8"?>

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="id-axAAa-6iuRyEYMIDzRbAEX1afIU-" cacheDuration="P0Y0M30DT0H0M0.0S" entityID="http://Deepak-PC.mydomain.com:7499/fed/sp" validUntil="2014-06-03T11:29:23Z">