Oracle Identity Management - Federation
Oracle Identity and Access Managment 11gR2 PS2 provides Federation capability. If you are using OAM as the Service Provider then you need to configure a trusted Identity Provider. Below are the steps to configure a trusted Identity Provider.
Go to the Service Provider screen and click on Identity Provider. Choose to create a new Identity Provider- provide a name, for example TestADFS or adfs2 etc.
Once created you can see icon with your Identity Provider. Click on this icon to open the screen for configuring this Identity Provider.
Under General section, name is already populated, ensure to check the "Enable Partner" and "Default Identity Provider" if this is your only identity provider. If you have multiple then do not check this box.
Under Service information, you can either load metadata from a file or enter it manually. Preferred method is load metadata via file which is sent from your trusted Identity Provider. You have to contact your Identity Provider before hand to get this file or details in case you are entering manually. And click LoadMetadata. The metadata should load fine, with no errors.
Under User Mapping section provide your User Store and for most cases choose mail attribute as the User ID Store attribute to map assertion Name ID.
Once done, now click Create Authentication Scheme and Module. This will provide you the authentication scheme that you can use in OAM.
Your Identity Provider has now been created. (Fed settings to export metadata).
Identigral blog Federation
Go to the Service Provider screen and click on Identity Provider. Choose to create a new Identity Provider- provide a name, for example TestADFS or adfs2 etc.
Once created you can see icon with your Identity Provider. Click on this icon to open the screen for configuring this Identity Provider.
Under General section, name is already populated, ensure to check the "Enable Partner" and "Default Identity Provider" if this is your only identity provider. If you have multiple then do not check this box.
Under Service information, you can either load metadata from a file or enter it manually. Preferred method is load metadata via file which is sent from your trusted Identity Provider. You have to contact your Identity Provider before hand to get this file or details in case you are entering manually. And click LoadMetadata. The metadata should load fine, with no errors.
Under User Mapping section provide your User Store and for most cases choose mail attribute as the User ID Store attribute to map assertion Name ID.
Once done, now click Create Authentication Scheme and Module. This will provide you the authentication scheme that you can use in OAM.
Your Identity Provider has now been created. (Fed settings to export metadata).
Identigral blog Federation
Comments
Post a Comment