Oracle® Fusion Middleware Tutorial for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E10276-01 |
|
|
PDF · Mobi · ePub |
In this series of exercises, you use Fusion Middleware Control to create a trusted provider in Oracle Identity Federation. The exercises include:
In this exercise, the service provider administrator exports SAML 2.0 metadata to a file:
Access Oracle Enterprise Manager Fusion Middleware Control as described in "Accessing Fusion Middleware Control".
Select the Oracle Identity Federation instance in the navigation pane on the left.
Navigate to Oracle Identity Federation, then Administration, then Security and Trust.
Click the Provider Metadata tab.
Under Metadata Settings:
check the Require Signed Metadata box
check the Sign Metadata box
Click Apply.
In the Generate Metadata area of the page:
in the Provider Type drop-down, select Service Provider
in the Protocol drop-down, select SAML 2.0
Click Apply.
Click Generate.
In the file dialog box, click Save.
Click Open to view the generated XML file.
Note the service provider URL in the entity ID and Location tags in the file.
In this exercise, an administrator adds a new service provider to the Oracle Identity Federation server's trusted providers.
Access Oracle Enterprise Manager Fusion Middleware Control as described in "Accessing Fusion Middleware Control".
Select the Oracle Identity Federation instance in the navigation pane on the left.
Review key statistics for the server on the home page, including:
SOAP Requests
SOAP Responses
Navigate to Oracle Identity Federation, then Administration, then Federations.
Click Add.
In the Add Trusted Provider dialog:
check Enable Provider
select Load Metadata
Click the Browse button next to the Metadata Location field.
In the browse dialog box, navigate to the folder that contains the service provider metadata.
Service provider metadata was generated .
Select the XML file containing the metadata. Click Open.
In the Add Trusted Provider dialog, the Metadata Location field now fills in the path of the metadata file you selected.
Click OK. The Federations page appears.
Note that the newly added provider is listed in the Trusted Provider table, with the correct protocol version.
This exercise demonstrates a user performing an SP-initiated single sign-on operation using HTTP Redirect/Artifact processing.
Before You Begin
This exercise assumes that:
the IdP and SP have exchanged metadata as demonstrated in a previous exercise.
the IdP administrator has added the SP to its trusted providers as demonstrated in a previous exercise.
The steps to perform the exercise are as follows:
Open a browser window.
Initiate an SSO flow using a URL of the form:
HTTP://OIF-SP-HOST:OIF-SP-PORT/fed/user/testspsso
The Federation SSO/authentication page appears.
Provide this information on the page:
From the IdP Provider ID drop-down, select the IdP URL.
Under Authentication Request Binding, select HTTP Redirect.
Check Allow Federation Creation.
From the SSO Response Binding drop-down, select Artifact.
Click Start SSO. A request is sent to the service provider to start single sign-on.
A login page appears. Enter your username and password.
Click Sign In.
The SSO operation completes and a results page is displayed.
Note the information displayed on the page, including the User ID, the IdP Provider ID, session start and end dates, and so on.