Posted by on | Featured | No Comments

To implement single sign-on within your environment, please follow these steps in the Single Sign-on Configuration section of the Security Console. These settings allow you to enable a login page and specify the page users are redirected to after logging out of the application. If you wish to disable single sign-on in your environment, you can do so using the corresponding button. By default, this button is deactivated.

Prerequisite:

Before you can proceed with the configuration, users must have the IT security manager role.

To configure Oracle Applications Cloud as the service provider, follow these steps:

Step 1: Add an Identity Provider

  • Access the Security Console and select Single Sign-On > Create Identity Provider.
  • On the Identity Provider Details page, click Edit and enter the identity provider details, including a Name and Description.
  • Choose the appropriate Name ID Format. If your identity provider uses email as the name, select ‘Email’; otherwise, leave it as ‘Unspecified.’
  • Enter the Relay State URL, where users are directed to sign and authenticate for any desired application.
  • Select the ‘Default Identity Provider’ checkbox if you want to make this identity provider the default one.
  • Import the identity provider metadata. If it’s an XML file, click ‘Browse’ and select it. If it’s on a web page, select the ‘External URL’ checkbox and enter the URL. Note that the metadata XML file must be Base64 encoded.
  • Click ‘Save and Close.’

Step 2: Review the Service Provider Details

The Service Provider Details and the Diagnostics and Activation tabs will be enabled once you’ve entered the identity provider details. Click the Service Provider Details tab to review the following information:

  • ID of the service provider (in this case, it’s the ID of Oracle Applications Cloud).
  • Service provider metadata (a URL that references an XML file you can download and view).
  • Service provider signing certificate.
  • Service provider encryption certificate.

Share these details with the identity providers for configuring your application as the associated service provider.

Step 3: Test the Identity Provider

Navigate to the Diagnostics and Activation tab to verify the functionality of the added identity provider.

  • Click the ‘Test’ button to run diagnostics, which opens the Initiate Federation SSO page.
  • Click ‘Start SSO’ to enter user credentials registered with the identity provider. The test will determine whether federation single sign-on is successful and provide a result summary, including the status of authentication, the attributes passed in the assertion, and the assertion message in XML.

Review the log messages in the Federation Logs section to identify any configuration issues with the identity provider.

Step 4: Enable the Identity Provider

If everything appears to be working correctly, you can enable the identity provider. While on the Diagnostics and Activation page, click ‘Edit’ and select the ‘Enable Identity Provider’ checkbox. Note that you can enable an identity provider only after importing service provider metadata into the identity provider.

Once set up, you have two options to choose from:

  • Enable Chooser Login Page – Yes (Hybrid option, combining SSO and Fusion Credentials).
  • Enable Chooser Login Page – No (SSO only).

The login screen appearance varies depending on your choice.

SSO configuration screen overview:

By following the above steps, you can successfully establish a single sign-on system in your environment, offering a seamless and secure authentication experience for your users.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>