I want to do a small test setup for configuring
Configure CA SSO to act as an SAML 2.0 Identity Provider
Configure CA SSO to act as a SAML 2.0 service provider
Just thinking aloud how many boxes I will need?
2 Policy servers - One to act as Identity Provider and one as Service Provider?
Both need to connected to same policy store/user store?
I have one policy server which has SQL Server as Policy Store. When I try to configure SAML Service Provider it does not show any affiliated domain. Looks like configuring user store from CA Directory or Active Directory is a must to move forward with Service Provider.
Any advice will be very helpful and appreciated.
To keep things clean, I prefer to have two isolated envrionment for my IDP and SP.
So each IDP and SP will have their own Policy server/Policy Stores/User Stores etc.
However, you can always use the same environment to act as both SP and IDP.