Formatted: Font: Century Gothic, 12 pt

Similar documents
DOCUMENT DESCRIPTION...

Using VMware Horizon Workspace to Enable SSO in VMware vcloud Director 5.1

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Configuring Alfresco Cloud with ADFS 3.0

Configure ISE 2.3 Guest Portal with OKTA SAML SSO

Morningstar ByAllAccounts SAML Connectivity Guide

RSA SecurID Access SAML Configuration for Datadog

April Understanding Federated Single Sign-On (SSO) Process

SAML-Based SSO Solution

SAML-Based SSO Solution

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

McAfee Cloud Identity Manager

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

RSA SecurID Access SAML Configuration for StatusPage

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Configuration Guide - Single-Sign On for OneDesk

RSA SecurID Access SAML Configuration for Kanban Tool

Implement SAML 2.0 SSO in WLS using IDM Federation Services

Single Sign-On Administrator Guide

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Single Sign-On Administrator Guide

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Add OKTA as an Identity Provider in EAA

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

SAML-Based SSO Configuration

Introduction to application management

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Integration Guide. SafeNet Authentication Service. Protecting Syncplicity with SAS

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

ArcGIS Enterprise Administration

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Oracle Access Manager Configuration Guide

SAML 2.0 SSO Implementation for Oracle Financial Services Lending and Leasing

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

This section includes troubleshooting topics about single sign-on (SSO) issues.

Centrify for Dropbox Deployment Guide

Website Administration Manual, Part One

RSA SecurID Access SAML Configuration for Samanage

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Okta Integration Guide for Web Access Management with F5 BIG-IP

Setting Up Resources in VMware Identity Manager

Okta Embedded-OCC Implementation Guide

Configuring ServiceNow

SAML Authentication with Pulse Connect Secure and Pulse Secure Virtual Traffic Manager

Manage SAML Single Sign-On

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Integrating YuJa Active Learning with ADFS (SAML)

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Google SAML Integration

Version 7.x. Quick-Start Guide

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

CA SiteMinder Federation

Microsoft ADFS Configuration

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

ServiceNow Okta Identity Cloud for ServiceNow application Deployment Guide Okta Inc.

1z0-479 oracle. Number: 1z0-479 Passing Score: 800 Time Limit: 120 min.

Quick Connection Guide

Contents Overview... 5 Upgrading Primavera Gateway... 7 Using Gateway Configuration Utilities... 9

All about SAML End-to-end Tableau and OKTA integration

Time Machine Web Console Installation Guide

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

About Configuring Oracle Access Manager

Building Block Installation - Admins

Configuring Confluence

Integrating YuJa Active Learning into Google Apps via SAML

CA CloudMinder. SSO Partnership Federation Guide 1.51

Entrust Connector (econnector) Venafi Trust Protection Platform

Single Sign-On for PCF. User's Guide

Oracle Fusion Middleware

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

PBwiki Basics Website:

CA CloudMinder. SSO Partnership Federation Guide 1.53

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Setting Up the Server

Google SAML Integration with ETV

Five9 Plus Adapter for Agent Desktop Toolkit

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Identity Provider for SAP Single Sign-On and SAP Identity Management

Version Installation Guide. 1 Bocada Installation Guide

IBM Atlas Policy Distribution Administrators Guide: IER Connector. for IBM Atlas Suite v6

Oracle Fusion Middleware

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

DigitalPersona Pro Enterprise

Leave Policy. SAML Support for PPO

Integrating YuJa Active Learning into ADFS via SAML

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

Advanced Configuration for SAML Authentication

CA SiteMinder Federation

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Transcription:

Formatted: Font: Century Gothic, 12 pt

Contents 1 Document Description... 1 1.1 Overview... 1 1.2 Glossary... 1 1.3 Prerequisites... 2 2 Architecture... 3 3 IdP Configuration... 44 3.1 Creation of the IdP using OIF... 44 3.2 Generation of IdP SAML 2.0 Metadata... 1313 3.3 Configuring your IdP to Work with your Trusted Partner... 1919 4 Create Users in OID... 2829 5 Verify that OIF is Communicating with OID... 3233 Appendix A Metadata XML Schema... 3637

Superior Court of Orange County 1 Document Description 1.1 Overview The Superior Court of California, County of Orange (SCOC) Court Technology Services (CTS) in association with the Administrative Office of the Courts (AOC) under the supervision of the Global Justice Information Sharing Initiative has been conscripted to create a proof of concept of the Global Federated Identity and Privilege Management (GFIPM) security technology using the Oracle Middleware product suite. In this proof of concept the Court will use Oracle WebLogic Server (WLS), Oracle Identity Federation (OIF), Oracle Internet Directory (OID) and Oracle Database (ODB) to establish a trust between IdP (The Court) and SP (The AOC) using X.509 certificates.. These certificates exchanged via XML to identify which systems to trust. Once a partner is trusted, it will be configured as an SP. When a Court user attempts to access a resource on the SP (CCPOR) via the browser, the user's identity is then authenticated (asserted) by the Court s IdP across security domains in the federation. The table below describes the steps to setting up an IdP using the Oracle Middleware Suite and how these correlate with GFIPM requirements. SETTING UP A GFIPM SAML 2.0 Identity Provider using Oracle WebLogic Server and (WLS) and OIF Oracle Product Specific Configuration Steps Overview TOC Table of Contents Cross Reference Section 2.1 Creation and Configuration of IdP Using OIF GFIPM Architecture Functions OIF allows you to create and configure the IdP and enable the use of x.509 certificate Section 2.2 Generation of SAML 2.0 Assertion Generate the SAML 2.0 Assertion with the configuration set up in 2.2. In this step, the Orange County Court IdP sends the digitally signed Saml Assertion to the CCPOR AOC partner must deliver the public key, agreed upon information and SAML 2.0 schema to the Service Provider (SP) partner Section 2.3 Configuring your IdP to Work with Your Trusted Partner Once you ve received the SP partner s certificate, you must use OIF to add the partner public key to your IDP Federation partner trust file 1.2 Glossary The table describes the terms used in the document: Term Description 1

Superior Court of Orange County Term Field Drop-down Check box Radio button Table Column Row Cell Button Path OAS OAM ODB OCA OIF GFIPM Permission Policy PDP PEP XACML SP Description A field describes an area in which a user can enter information A drop-down describes a box which allows the user to choose from a list of selections A check box allows you to select multiple items in a list A radio button allows you to select a single item from a list A table is a group of data organized into columns, rows and cells A column is a vertical list of information usually used to describe cell type A row is a horizontal list of information usually used to describe related cells A cell is a single piece of information in a table A button allows a user to perform an action The full location of a file or folder e.g. C:\WINDOWS\system Oracle Application Server Oracle Access Manager Oracle Database Oracle Application Server Certificate Authority Oracle Identity Federation (provides IdP capability and/or SP capability) Global Federated Identity and Privilege Management Permission refers to rights given to a user on an application A policy is any guide that establishes the parameters for decision making or actions Policy Decision Point Policy Enforcement Point extensible Access Control Markup Language GFIPM enabled SAML 2.0 Service Provider 1.3 Prerequisites Component Microsoft Windows Oracle Internet Directory Oracle Identity Federation Version / Specification Windows 2003 R2 10g 11g Java 2 SDK Oracle WebLogic Server Oracle Database Chip Architecture and Minimum Processor Speed RAM 11g 10g AMD64 (1.3 GHz) 64-bit Xeon (1.3 GHz) 4 GB 2

2 Architecture Diagram 2a gives a high level view of the federation used and the flow of data for Phase II of the project. Comment [de1]: Remove OAM and database Reference. If you want, you could associate the database to CCPOR. Also, don t forget to remove from the Glossary. Diagram 2a Comment [JR2]: In step 4 please replace Weblogic with AOC Weblogic SP and in step 5 please replace Weblogic with AOC Weblogic SP 3

3 IdP Configuration This section will detail the creation and configuration of the Court s IdP which will access the AOC s CCPOR application. It contains the following sections: Creation of the IdP Using OIF Generation of IdP SAML 2.0 Metadata Configuring your IdP to Work with your Trusted Partner 3.1 Creation of the IdP using OIF Initially we will need to create an Identity Provider (IdP) using OIF. To open OIF we must first log into the WLS Admin Console. Open IE and navigate to the URL of Oracle WebLogic Server. 4

You will now see the WLS Admin Console screen. Under the Help section click Oracle Enterprise Manager. Comment [de3]: Need to tell user to click the OEM link. Comment [de4]: Your are studdering. You will now see the Enterprise Manager login screen. Enter the User Name and Password and click Login. You now see the OEM main screen. In the navigation panel expand the Identity and Access folder. 5

6

Now we will need to enter OIF and begin creating the IdP. Right click on OIF and click Administration then click Identity Provider. You now see the Identity Provider screen. We will begin by configuring the IdP. 7

Click the SAML 2.0 tab. 8

Superior Court of Orange County OIF will automatically generate the SAML Assertion for you, but it is necessary to make sure it is configured correctly. First, make sure the following are checked under assertion settings: X509 Subject Name Send Encrypted Attributes Send Encrypted NameIDs Send Encrypted Assertions Send Signed Assertion 9

There are considerable more settings that appear in the SAML 2.0 tab. Scroll down to Protocol Settings. Make sure the following are checked: Enable SAML 2.0 Protocol This informs the SP that SAML 2.0 protocol will be used by the IdP Enable Single Sign-On Protocol This informs the SP that SSO willl be used by the IdP Enable NameID Management Protocol: Register (Default) Enable NameID Management Protocol: Terminate (Default) 10 Comment [JR5]: Ok to leave in but the AOC isn t using Account Linking to allow the IDP to register and terminate user-accounts in the SP as the IDP employee changes roles/jobs.

Under Enable Protocol Bindings select the following: SSO HTTP POST Authentication Request HTTP POST (You must scroll down in the Enable Protocol Bindings window to see this.) In the Default Binding drop-down list select HTTP POST 11

In the Default SSO Response Binding drop-down select HTTP POST To insure that the message authorization requirements are met, under Messages to Send/Require Signed check the following: Responsee HTTP POST: Send Signed Responsee HTTP POST: Require Signed Request HTTP POST: Send Signed Request HTTP POST: Require Signed 12

AuthnRequest: Require Signed Once you ve selected all of these, click Apply. 3.2 Generation of IdP SAML 2.0 Metadataa Once you have created and configured your IdP, you will need to export the encrypted SAML 2.0 assertionmetadataa file. This process can easily be done in OIF. 13

From the SAML 2..0 tab, click the navigation drop-down arrow. Click Administration then click Security and Trust. 14

You now see the Security and Trust screen. Click the Provider Metadata tab. You now see the Provider Metadata tab. As we have configured OIF as an IdP under General Metadata make sure that Provider Type selected is Identity Provider. 15

As SAML 2.0 is the GFIPM standard, under Protocol make sure that SAML 2 is selected. Click Generate to generate SAML 2.0 Metadata filecertificate. 16

A pop-up box will appear asking you to save or open the file, click Save. This is the SAML data which you will need deliver to your Service Provider, so navigate to a folder you will remember and click Save. Note: if you receive an error or nothing happens, be sure to check your browser to ensure you are allowing pop-up windows. 17

Once the file has finished saving, click Close. 18

Note: If you wish to view the data, you may open the XML in a text editor or other programming environment. 3.3 Configuring your IdP to Work with your Trusted Partner Once you have received your SP s Metadata XML file which includes their x.509 (To view the metadata generated, please refer to Appendix A XML Metadata) public key and certificate you must incorporate it into your IdP SAML Metadata 2.0 Federation trust file. From the Generatee Metadata screen, click the arrow to the right of the Oracle Identity Federation click Administration then click Federations. 19

You now see the Federations screen. From here you will add the partner certificate to the IdP. In cases where you have multiple partners in your federation, you would do this for each partner. To do this click the Addd tab. You will now see the Add Trusted Provider popup window. To begin adding your trusted partner, check Enable Provider and click Browse. Note: This step cannot be completed unless you have received the Metadata XML file (The x.509 certificate and identifying information) from your trusted partner. 20

Navigate to wheree you have saved the file, and select the data provided by your trusted partner, then click Open. 21

Enter a description that will allow you to identify the partner (For this example we use CCPOR). Click OK. A confirmation message appears, and you can now see the provider information from the file you just added. Now you will need to adjust the provider settings to work with your IdP. Select your Provider ID and click edit. 22

You now see the Edit Trusted Provider screen. Leave the settings on the main screen and the Trusted Provider Settings tab as default. You now see the OIF Settings tab. Click the Oracle Identity Federation Settings tab. 23

Scroll down to Assertion Settings, and make sure Send Signed Assertion is checked. Select X509 Subject Name in the Default Name ID Format. 24

Scroll down to Protocol Settings and make sure the following are selected: Enable NameID Management Protocol: Register (Default) Enable NameID Management Protocol: Terminate (Default) Use Identity Federation for Attribute Response Default Binding HTTP POST Default SSO Response Binding HTTP POST 25

Scroll down to Enable Protocol Bindings. Select HTTP POST from the drop-down list. If the drop-down list does not appear, click the lock icon to the left of SSO Bindings HTTP POST. This will unlock the setting. Repeat this process with all of the bindings. 26

Scroll down to Messages to Send/Require e Signed, and make sure the following are selected: Responsee HTTP POST Request HTTP POST Responsee with Assertion HTTP POST AuthnRequest Click Apply Your SP should now be part of the trusted federation. (We will check the connection after creating users in OID, please refer to Section 4 of this document.) 27

4 Createe Users in OID Now we are going to go over how to create a user in Oracle Internet Directory (OID). This will allow you to add users to the federation and we will then use this user to verify our connection between OID and OIF. To create users we will user OID Delegated Administration Services (oiddas). This is a simple browser interface that allows us to manage users and other OID information. When you install OID, oiddas is included in the installation. Launch IE and navigate to the location of oiddas (By default the url will be http://<hostname>:7777/oiddas/ /). Click the Directory Tab. You now see the oiddas Sign In screen. Enter the Oracle Directory Root Admin User Name and Password. If you chose the default user during installation, the user name will be (Defaults to orcladmin. )/ 28

Click OK. You now see the Users screen. Creating and managing users in this application is very simple. Click Create. 29

You now see the Create User screen. Enter the required user information (For this example we will use the Basic Information). Click Submit. 30

You are now brought back to the Users screen. To verify that the user was successfully created click Go. You will now see the search results. Scroll down to verify that the user was added. 31

5 Verify that OIF is Communicating with OID Now we are going to verify that OIF is communicating correctly with OID. To do this Launch WLS Admin Console and Click Oracle Enterpriseitlements Manager. You will now see the OEM Log In screen. Log into OEM. You now see the OEM main screen. In the navigation panel expand the Identity and Access folder. 32

Now we will need to enter OIF and begin creating the IdP. click the navigation drop-down arrow. Click Administration then click Identities. You now see the Identities screen. To verify communication between the two products, we will check to see if the user we created is part of the federation. 33

Click the Local Users tab. Formatted: Font: (Default) Arial, 10 pt, Bold, Font color: Auto You now see the Local Users tab. Click Search. 34

You now see the search results. If your IdP is working properly, you should see the user we added. 35

Formatted... [1] Superior Court of Orange County Appendix A Metadata XML Schema <md:entitydescriptor xmlns:md="urn:oasis:names:tc:saml:2.0:metadata" ID="id-4asq- C0WJxmsB8r-vOayaLk385g-" entityid="http://oifserver1.ocsuperior.occourts.org:7778/fed/idp" validuntil="2010-07-04t21:01:08z"> <md:idpssodescriptor WantAuthnRequestsSigned="true" protocolsupportenumeration="urn:oasis:names:tc:saml:2.0:protocol"> <md:keydescriptor use="signing"> <dsig:keyinfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:x509data> <dsig:x509certificate>miic6tccaqegawibagies2ncljalbgcqhkjooaqdbqawwdelmakga1uebhmcvvmx GTAXBgNVBAoTEENvdW50eSBvZiBPcmFuZ2UxFzAVBgNVBAsTDlN1cGVyaW9yIENv dxj0mruwewydvqqdewxeyw5uesbfagxlcnmwhhcnmtawmjazmjaynzi2whcnmjmx MDEzMjAyNzI2WjBYMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ291bnR5IG9mIE9y YW5nZTEXMBUGA1UECxMOU3VwZXJpb3IgQ291cnQxFTATBgNVBAMTDERhbm55IEVo bgvyczccabcwggesbgcqhkjooaqbmiibhwkbgqd9f1obhxuskvlfspwu7otn9hg3 UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQ pasfn+geexaiwk+7qdf+t8yb+dtx58aophupbpud9tpfhsmcnvqtwharmvz1864r Ydcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3e y7yrxda4v7l5lk+7+jrqgvlxtas9b4jnuvlxjrruwu/mcqcqgyc0srzxi+hmkbyt t88jmozipue8fnqlvhynkocjrh4rs6z1kw6jfwv6itvi8ftiegeko8yk8b6ouzcj qipf4vrlnwasi2zeghtvjwqbtdv+z0kqa4geaakbgb7o2raybj39vw7l5ucs2/py O/i4Kk7c2R6+Rm5d2h+fp3Q+k6Vv8wn5N2yBB2gxMNfdRCzhloAJ0xoHZ5tzrFis 3P54PvaWZfgt97DPfIzUrcQXKP1NEb5ygBkrL+0ybN0YmA+bJ2FagOz47AbS6kCY UHj5WDd+BGLSeI5LTc2EMAsGByqGSM44BAMFAAMvADAsAhR2dOOmrRnLFM/KKgqY FF9dnrEahAIUT1MFkVuvPis4zGNFiOBfB9W4UG0= </dsig:x509certificate> <dsig:x509issuerserial> <dsig:x509issuername>cn=oifserver1.ocsuperior.occourts.org, OU=Superior Court, O=County of Orange, C=US</dsig:X509IssuerName> <dsig:x509serialnumber>1265228846</dsig:x509serialnumber> </dsig:x509issuerserial> <dsig:x509subjectname>cn=oifserver1.ocsuperior.occourts.org, OU=Superior Court, O=County of Orange, C=US</dsig:X509SubjectName> </dsig:x509data> </dsig:keyinfo> </md:keydescriptor> <md:keydescriptor use="encryption"> <dsig:keyinfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:x509data> <dsig:x509certificate>miic6tccaqegawibagies2ncljalbgcqhkjooaqdbqawwdelmakga1uebhmcvvmx GTAXBgNVBAoTEENvdW50eSBvZiBPcmFuZ2UxFzAVBgNVBAsTDlN1cGVyaW9yIENv dxj0mruwewydvqqdewxeyw5uesbfagxlcnmwhhcnmtawmjazmjaynzi2whcnmjmx MDEzMjAyNzI2WjBYMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ291bnR5IG9mIE9y YW5nZTEXMBUGA1UECxMOU3VwZXJpb3IgQ291cnQxFTATBgNVBAMTDERhbm55IEVo bgvyczccabcwggesbgcqhkjooaqbmiibhwkbgqd9f1obhxuskvlfspwu7otn9hg3 UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQ pasfn+geexaiwk+7qdf+t8yb+dtx58aophupbpud9tpfhsmcnvqtwharmvz1864r Ydcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3e y7yrxda4v7l5lk+7+jrqgvlxtas9b4jnuvlxjrruwu/mcqcqgyc0srzxi+hmkbyt t88jmozipue8fnqlvhynkocjrh4rs6z1kw6jfwv6itvi8ftiegeko8yk8b6ouzcj qipf4vrlnwasi2zeghtvjwqbtdv+z0kqa4geaakbgb7o2raybj39vw7l5ucs2/py O/i4Kk7c2R6+Rm5d2h+fp3Q+k6Vv8wn5N2yBB2gxMNfdRCzhloAJ0xoHZ5tzrFis 3P54PvaWZfgt97DPfIzUrcQXKP1NEb5ygBkrL+0ybN0YmA+bJ2FagOz47AbS6kCY UHj5WDd+BGLSeI5LTc2EMAsGByqGSM44BAMFAAMvADAsAhR2dOOmrRnLFM/KKgqY FF9dnrEahAIUT1MFkVuvPis4zGNFiOBfB9W4UG0= </dsig:x509certificate> <dsig:x509issuerserial> <dsig:x509issuername>cn=oifserver1.ocsuperior.occourts.org, OU=Superior Court, O=County of Orange, C=US</dsig:X509IssuerName> <dsig:x509serialnumber>1265228846</dsig:x509serialnumber> 36 Formatted... [2] Formatted... [3] Formatted... [4] Formatted... [5] Formatted... [6] Formatted... [7] Formatted... [8] Formatted... [9] Formatted... [10] Formatted... [11] Formatted... [12] Formatted... [13] Formatted... [14] Formatted... [15] Formatted... [16] Formatted... [17] Formatted... [18] Formatted... [19] Formatted... [20] Formatted... [21] Formatted... [22] Formatted... [23] Formatted... [24] Formatted... [25] Formatted... [26] Formatted... [27] Formatted... [28] Formatted... [29] Formatted... [30] Formatted... [31] Formatted... [32] Formatted... [33] Formatted... [34] Formatted... [35] Formatted... [36] Formatted... [37] Formatted... [38] Formatted... [39] Formatted... [40] Formatted... [41] Formatted... [42] Formatted... [43] Formatted... [44] Formatted... [45] Formatted... [46] Formatted... [47] Formatted... [48] Formatted... [49] Formatted... [50] Formatted... [51] Formatted... [52] Formatted... [53]

Superior Court of Orange County </dsig:x509issuerserial> <dsig:x509subjectname>cn=oifserver1.ocsuperior.occourts.org, OU=Superior Court, O=County of Orange, C=US</dsig:X509SubjectName> </dsig:x509data> </dsig:keyinfo> <md:encryptionmethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <md:encryptionmethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/> <md:encryptionmethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <md:encryptionmethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> </md:keydescriptor> <md:singlelogoutservice Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://oifserver1.ocsuperior.occourts.org/fed/idp/samlv20" ResponseLocation="https://oifserver1.ocsuperior.occourts.org/fed/idp/samlv20"/> <md:managenameidservice Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://oifserver1.ocsuperior.occourts.org/fed/idp/samlv20" ResponseLocation="https://oifserver1.ocsuperior.occourts.org/fed/idp/samlv20"/> <md:nameidformat>urn:oasis:names:tc:saml:1.1:nameidformat:x509subjectname</md:nameidformat> <md:singlesignonservice Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://oifserver1.ocsuperior.occourts.org/fed/idp/samlv20"/> </md:idpssodescriptor> </md:entitydescriptor> Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: Formatted: 37

Page 36: [1] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [1] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [2] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [2] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [3] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [3] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [4] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [4] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [5] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [5] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [6] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [6] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [7] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [7] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [8] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [8] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [9] Formatted sfaulkner 10/18/2010 10:26:00 AM

Page 36: [10] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [10] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [11] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [11] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [12] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [12] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [13] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [13] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [14] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [14] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [15] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [15] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [16] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [16] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [17] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [17] Formatted sfaulkner 10/18/2010 10:26:00 AM

Page 36: [18] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [19] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [19] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [20] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [20] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [21] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [21] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [22] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [22] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [23] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [23] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [24] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [24] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [25] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [25] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [26] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [26] Formatted sfaulkner 10/18/2010 10:26:00 AM

Page 36: [27] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [28] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [28] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [29] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [29] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [30] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [30] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [31] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [31] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [32] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [32] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [33] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [33] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [34] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [34] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [35] Formatted sfaulkner 10/18/2010 10:26:00 AM

Page 36: [36] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [36] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [37] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [37] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [38] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [38] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [39] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [39] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [40] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [40] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [41] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [41] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [42] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [42] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [43] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [43] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [44] Formatted sfaulkner 10/18/2010 10:26:00 AM

Page 36: [45] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [45] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [46] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [46] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [47] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [47] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [48] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [48] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [49] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [49] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [50] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [50] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [51] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [51] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [52] Formatted sfaulkner 10/18/2010 10:26:00 AM Page 36: [52] Formatted sfaulkner 10/18/2010 10:26:00 AM

Page 36: [53] Formatted sfaulkner 10/18/2010 10:26:00 AM

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback