Fedlets .NET This chapter explains how to use the Fedlet in your .NET application. You must configure the OpenAM .NET Fedlet to work with the identity provider. Before creating the Fedlet, therefore, set up a Hosted Identity Provider in OpenAM. Before you start, create the hosted identity provider, and the Circle of Trust to which you plan to add the Fedlet. You can perform these steps using the Create Hosted Identity Provider wizard on the Common Tasks page of the OpenAM console. The .NET Fedlet demo requires a signing key for the Identity Provider. For evaluation, use the test certificate installed with OpenAM. Follow these steps to configure and install the .NET Fedlet demo application. Unzip the Fedlet-unconfigured.zip file, and copy the contents of the Fedlet-unconfigured\asp.net\ folder to a working directory. bin\ This folder contains the Fedlet.dll library, that you copy to your application's bin\ folder. conf\ This folder contains the templates you edit to prepare your Fedlet configuration, including the identity provider and Fedlet (SP) metadata for federation. The completed configuration files belong in your application's App_Data\ folder. readme.txt This file describes how to set up and configure .NET Fedlets. SampleApp\ This folder contains the demo application. Edit the template files in the SampleApp\App_Data\ folder based on where you deploy the Fedlet demo application, and on how your identity provider is configured. Edit fedlet.cot to set cot-name to the name of the Circle of Trust, and to set sun-fm-trusted-providers to include the entity ID of the identity provider, and the entity ID of the Fedlet service provider. Edit sp.xml and sp-extended.xml to configure the entity IDs, URLs, and Circle of Trust names to correspond to your sample application. Export the identity provider metadata from OpenAM, and copy the resulting idp.xml and idp-extended.xml metadata to the Fedlet SampleApp\App_Data\ folder. $ ssoadm create-metadata-templ --entityid "http://idp.example.com:8080/openam" --adminid amadmin --password-file /tmp/pwd.txt --identityprovider /idp --meta-data-file idp.xml --extended-data-file idp-extended.xml --idpscertalias test Hosted entity configuration was written to idp-extended.xml. Hosted entity descriptor was written to idp.xml. Register the Fedlet with OpenAM as a remote service provider using the sp.xml and sp-extended.xml metadata. $ ssoadm import-entity --adminid amadmin --password-file /tmp/pwd.txt --cot fedlet-cot --meta-data-file sp.xml --extended-data-file sp-extended.xml Import file, sp.xml. Import file, sp-extended.xml. Deploy the demo application in Internet Information Server. IIS must be installed with ASP.NET and additional application support necessary for web applications beyond static web sites. The additional support is not necessarily installed by default when you activate IIS as a Windows feature. Try the demo application links to run Fedlet initiated single sign on using HTTP POST binding and HTTP Artifact binding. If you are using the embedded directory as a user store, you can authenticate to OpenAM using the demo user whose password is changeit.