8 Configuring Oracle Identity Federation for Single Sign-On to Trusted Provider

8.1 Exporting Service Provider Metadata

In this exercise, the service provider administrator exports SAML 2.0 metadata to a file:

1. Access Oracle Enterprise Manager Fusion Middleware Control as described in "Accessing Fusion Middleware Control".

2. Select the Oracle Identity Federation instance in the navigation pane on the left.

3. Navigate to Oracle Identity Federation, then Administration, then Security and Trust.

4. Click the Provider Metadata tab.

5. Under Metadata Settings:

   • check the Require Signed Metadata box

   • check the Sign Metadata box

6. Click Apply.

7. In the Generate Metadata area of the page:

   • in the Provider Type drop-down, select Service Provider

   • in the Protocol drop-down, select SAML 2.0

8. Click Apply.

9. Click Generate.

10. In the file dialog box, click Save.

11. Click Open to view the generated XML file.

12. Note the service provider URL in the entity ID and Location tags in the file.

8.2 Creating a Trusted Provider

In this exercise, an administrator adds a new service provider to the Oracle Identity Federation server's trusted providers.

1. Access Oracle Enterprise Manager Fusion Middleware Control as described in "Accessing Fusion Middleware Control".

2. Select the Oracle Identity Federation instance in the navigation pane on the left.

3. Review key statistics for the server on the home page, including:

   • SOAP Requests

   • SOAP Responses

4. Navigate to Oracle Identity Federation, then Administration, then Federations.

5. Click Add.

6. In the Add Trusted Provider dialog:

   • check Enable Provider

   • select Load Metadata

7. Click the Browse button next to the Metadata Location field.

8. In the browse dialog box, navigate to the folder that contains the service provider metadata.

   Service provider metadata was generated .

9. Select the XML file containing the metadata. Click Open.

10. In the Add Trusted Provider dialog, the Metadata Location field now fills in the path of the metadata file you selected.

11. Click OK. The Federations page appears.

12. Note that the newly added provider is listed in the Trusted Provider table, with the correct protocol version.

8.3 Executing Single Sign-On to a Provider

This exercise demonstrates a user performing an SP-initiated single sign-on operation using HTTP Redirect/Artifact processing.

Before You Begin

This exercise assumes that:

• the IdP and SP have exchanged metadata as demonstrated in a previous exercise.

• the IdP administrator has added the SP to its trusted providers as demonstrated in a previous exercise.

The steps to perform the exercise are as follows:

1. Open a browser window.

2. Initiate an SSO flow using a URL of the form:

   HTTP://OIF-SP-HOST:OIF-SP-PORT/fed/user/testspsso
   

3. The Federation SSO/authentication page appears.

4. Provide this information on the page:

   • From the IdP Provider ID drop-down, select the IdP URL.

   • Under Authentication Request Binding, select HTTP Redirect.

   • Check Allow Federation Creation.

   • From the SSO Response Binding drop-down, select Artifact.

5. Click Start SSO. A request is sent to the service provider to start single sign-on.

6. A login page appears. Enter your username and password.

7. Click Sign In.

8. The SSO operation completes and a results page is displayed.

9. Note the information displayed on the page, including the User ID, the IdP Provider ID, session start and end dates, and so on.