April Understanding Federated Single Sign-On (SSO) Process

Similar documents
Tutorial on How to Publish an OCI Image Listing

An Oracle White Paper November Primavera Unifier Integration Overview: A Web Services Integration Approach

Creating Custom Project Administrator Role to Review Project Performance and Analyze KPI Categories

Generate Invoice and Revenue for Labor Transactions Based on Rates Defined for Project and Task

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

Oracle Data Provider for.net Microsoft.NET Core and Entity Framework Core O R A C L E S T A T E M E N T O F D I R E C T I O N F E B R U A R Y

Oracle Secure Backup. Getting Started. with Cloud Storage Devices O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Service Registry - Oracle Enterprise Gateway Integration Guide

Loading User Update Requests Using HCM Data Loader

JD Edwards EnterpriseOne Licensing

Load Project Organizations Using HCM Data Loader O R A C L E P P M C L O U D S E R V I C E S S O L U T I O N O V E R V I E W A U G U S T 2018

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

Correction Documents for Poland

Automatic Receipts Reversal Processing

Installation Instructions: Oracle XML DB XFILES Demonstration. An Oracle White Paper: November 2011

Configuring Oracle Business Intelligence Enterprise Edition to Support Teradata Database Query Banding

An Oracle White Paper December, 3 rd Oracle Metadata Management v New Features Overview

Oracle Virtual Directory 11g Oracle Enterprise Gateway Integration Guide

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Technical Upgrade Guidance SEA->SIA migration

Using the Oracle Business Intelligence Publisher Memory Guard Features. August 2013

August 6, Oracle APEX Statement of Direction

October Oracle Application Express Statement of Direction

Oracle Enterprise Performance Reporting Cloud. What s New in September 2016 Release (16.09)

Oracle Enterprise Data Quality New Features Overview

Oracle Access Manager 10g - Oracle Enterprise Gateway Integration Guide

An Oracle White Paper September Security and the Oracle Database Cloud Service

Application Container Cloud

Benefits of an Exclusive Multimaster Deployment of Oracle Directory Server Enterprise Edition

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

Oracle Data Masking and Subsetting

Frequently Asked Questions Oracle Content Management Integration. An Oracle White Paper June 2007

WebCenter Portal Task Flow Customization in 12c O R A C L E W H I T E P A P E R J U N E

An Oracle Technical Article March Certification with Oracle Linux 4

Siebel CRM Applications on Oracle Ravello Cloud Service ORACLE WHITE PAPER AUGUST 2017

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 2, Memory Barriers and Memory Fences

Establishing secure connections between Oracle Ravello and Oracle Database Cloud O R A C L E W H I T E P A P E R N O V E M E B E R

Oracle Fusion Configurator

TABLE OF CONTENTS DOCUMENT HISTORY 3

Oracle Cloud Applications. Oracle Transactional Business Intelligence BI Catalog Folder Management. Release 11+

Deploy VPN IPSec Tunnels on Oracle Cloud Infrastructure. White Paper September 2017 Version 1.0

INTEGRATION CLOUD SERVICE. Accelerate Your Application Integration Across the Cloud and On Premises

Oracle Risk Management Cloud

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

TABLE OF CONTENTS DOCUMENT HISTORY 3

Oracle WebLogic Portal O R A C L E S T A T EM EN T O F D I R E C T IO N F E B R U A R Y 2016

Oracle Utilities Opower Solution Extension Partner SSO

See What's Coming in Oracle CPQ Cloud

Oracle Financial Consolidation and Close Cloud. What s New in the February Update (17.02)

Migration Best Practices for Oracle Access Manager 10gR3 deployments O R A C L E W H I T E P A P E R M A R C H 2015

StorageTek ACSLS Manager Software Overview and Frequently Asked Questions

TABLE OF CONTENTS DOCUMENT HISTORY 3

See What's Coming in Oracle Taleo Business Edition Cloud Service

APPLICATION BUILDER CLOUD. Application Creation Made Easy

Subledger Accounting Reporting Journals Reports

DATA INTEGRATION PLATFORM CLOUD. Experience Powerful Data Integration in the Cloud

An Oracle White Paper October The New Oracle Enterprise Manager Database Control 11g Release 2 Now Managing Oracle Clusterware

VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

An Oracle White Paper February Combining Siebel IP 2016 and native OPA 12.x Interviews

Oracle Web Service Manager 11g Component Level Role Authorization (in SOA Suite) March, 2012

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Working with Time Zones in Oracle Business Intelligence Publisher ORACLE WHITE PAPER JULY 2014

Oracle DIVArchive Storage Plan Manager

An Oracle White Paper July Oracle WebCenter Portal: Copying a Runtime-Created Skin to a Portlet Producer

Oracle Clusterware 18c Technical Overview O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Learn Cloud. Taleo Release 16B.1. Release Content Document

RAC Database on Oracle Ravello Cloud Service O R A C L E W H I T E P A P E R A U G U S T 2017

Pricing Cloud: Upgrading to R13 - Manual Price Adjustments from the R11/R12 Price Override Solution O R A C L E W H I T E P A P E R A P R I L

Bastion Hosts. Protected Access for Virtual Cloud Networks O R A C L E W H I T E P A P E R F E B R U A R Y

Oracle Social Network

Leverage the Oracle Data Integration Platform Inside Azure and Amazon Cloud

PeopleSoft Fluid Navigation Standards

CONTAINER CLOUD SERVICE. Managing Containers Easily on Oracle Public Cloud

An Oracle Technical Article August Certification with Oracle Linux 7

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

An Oracle White Paper September, Oracle Real User Experience Insight Server Requirements

Sun Fire X4170 M2 Server Frequently Asked Questions

Hard Partitioning with Oracle VM Server for SPARC O R A C L E W H I T E P A P E R J U L Y

October 14, SAML 2 Quick Start Guide

An Oracle Technical Article November Certification with Oracle Linux 7

Oracle Fusion Middleware 11g Oracle Access Manager Frequently Asked Questions June 2009

Oracle Service Cloud Agent Browser UI. November What s New

Transitioning from Oracle Directory Server Enterprise Edition to Oracle Unified Directory

Oracle Financial Consolidation and Close Cloud. What s New in the November Update (16.11)

Oracle Communications Interactive Session Recorder and Broadsoft Broadworks Interoperability Testing. Technical Application Note

NOSQL DATABASE CLOUD SERVICE. Flexible Data Models. Zero Administration. Automatic Scaling.

An Oracle White Paper. Released April 2013

An Oracle White Paper October Deploying and Developing Oracle Application Express with Oracle Database 12c

Oracle Financial Services Regulatory Reporting for US Federal Reserve Lombard Risk Integration Pack

Extreme Performance Platform for Real-Time Streaming Analytics

Oracle Utilities CC&B V2.3.1 and MDM V2.0.1 Integrations. Utility Reference Model Synchronize Master Data

Integrating Oracle SuperCluster Engineered Systems with a Data Center s 1 GbE and 10 GbE Networks Using Oracle Switch ES1-24

Oracle Forms Services Oracle Traffic Director Configuration

Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On

Oracle Best Practices for Managing Fusion Application: Discovery of Fusion Instance in Enterprise Manager Cloud Control 12c

An Oracle White Paper July Methods for Downgrading from Oracle Database 11g Release 2

Product Release Notes

SAML 2.0 SSO Implementation for Oracle Financial Services Lending and Leasing

Repairing the Broken State of Data Protection

SonicMQ - Oracle Enterprise Gateway Integration Guide

Transcription:

April 2013 Understanding Federated Single Sign-On (SSO) Process

Understanding Federated Single Sign-On Process (SSO) Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.

Introduction... 2 Scope of This Document... 2 Prerequisites... 2 Process Roadmap... 3 Appendix A... 7

Introduction Enterprises are rapidly moving from traditional on-premises environments to Oracle Cloud implementations. A majority of such customers want to use their current LDAP repositories for authenticating their employees in Oracle Cloud. They want to access Oracle Cloud services via Single Sign-On (SSO) by using their existing authentication methods and credentials, credentials, irrespective of the form factor or device type. Oracle Cloud implements a standards-based Federation solution, leveraging Security Assertion Markup Language (SAML) 2.0. Oracle Fusion SAML Service Provider integrated with the Fusion SSO Server acts as the Service Provider (SP). Customers must configure or deploy either Microsoft Active Directory Federation Server (ADFS) 2.0 or Oracle Identity Federation Server 11g as an Identity Provider (IdP) in their on-premises environments. Customers can also use their existing Microsoft Active Directory Federation Server (ADFS) 2.0 or Oracle Identity Federation Server 11g installations after incorporating some configuration changes. Currently, this Federated SSO solution is certified to support ADFS 2.0 and Oracle Identity Federation 11g Release 1 (11.1.1) only. Scope of This Document This document outlines the process for Oracle Cloud Fusion Applications customers to request Single Sign-On (SSO) enablement in their Fusion Applications cloud instances. This process includes steps to be completed by both customers and Oracle Cloud Operations personnel. This document does not describe how to configure Identity Providers (IdP) in customers onpremises environments. For information about configuring Microsoft Active Directory Federation Server (ADFS) 2.0 or Oracle Identity Federation Server 11g identity providers, see the support note ID 1484345.1 on My Oracle Support. For more information on configuring identity synchronization, see the document titled Configuring Identity Synchronization in Oracle Fusion Cloud Services, which is attached to the support note ID 1484345.1 on My Oracle Support. Prerequisites The following are the prerequisites for enabling SSO in Oracle Cloud Fusion Applications service instances: Page 2

Oracle requires the use of an SAML 2.0 certified implementation of the Federation protocol. Oracle requires the use of SAML 2.0 browser artifact SSO profile to connect to Oracle Cloud Fusion Applications service instances. The SAML 2.0 Assertion NameID element must contain one of the following: o o The user's email address with the NameID Format being Email Address The user's Fusion uid with the NameID Format being Unspecified All Federation ID Provider (IdP) endpoints must use SSL. Process Roadmap Figure 1-1 illustrates the process of enabling Federated Single Sign-On (SSO). Page 3

Figure 1-1 Federated SSO Process Page 4

Enabling Federated SSO in Oracle Cloud environments involves the following steps: 1. An Oracle Cloud customer expresses interest in using Federated SSO implementation by contacting Oracle representatives. The customer receives an SSO template from their Oracle representative. The customer sends the filled-in SSO template to Oracle and requests approval. 2. Oracle representatives review the customer s request. For on-premises identity providers other than ADFS 2.0 and OIF 11g, SSO enablement requests may require additional approvals. Note: It typically takes a minimum of two weeks or more to implement Federated SSO per POD (customer environment) after the necessary approval. For more information, see this support note on My Oracle Support. 3. Oracle notifies customer of request status. If a non-standard Identity Provider is being used, Oracle notifies the customer whether the solution can be supported. 4. The customer creates and submits a Service Request (SR) on My Oracle Support (http://support.oracle.com), for each Oracle Fusion Cloud Service instance. This SR is referred to as the Parent SR, which must use the following header: SSO Enablement To establish SSO between the customer s on-premises environment and the Oracle Fusion Cloud Service environment, the customer must specify which identity attribute (user name or email address) will be unique across all users in the customer s organization. This information is required for Oracle Cloud Operations personnel to identify the changes to be made in the customer s SaaS environment. Note: The filled-in questionnaire, which is shown in Appendix A, should be attached to the parent SR. 5. The customer receives a document that describes how to configure their on-premises IdP, based on their choice of IdP (Microsoft Active Directory Federation Server (ADFS) 2.0 or Oracle Identity Federation Server 11g). 6. The customer completes the procedures described in the document to configure Oracle Identity Federation (OIF) or Active Directory Federation Services (ADFS) as an IdP in their on-premises environment. Note: If the customer encounters any issues related to the on-premises Oracle Identity Federation IdP, the customer must file a separate product SR on My Oracle Support. If the customer encounters issues related to third-party IdP products, such as ADFS, the Page 5

customer should contact third-party vendors to resolve such issues. 7. Oracle Cloud Operations personnel set up a Fusion SAML Service Provider (SP) in your non-production SaaS environment. Subsequently, they will send a metadata.xml file, which contains SP configuration settings, to the customer via the parent SR. This metadata.xml file contains the information required to add Fusion Applications as a trusted partner to the customer s on-premises Identity Provider. The following information is included: The Assertion Consumer Service URL of the OIF/SP, where the user will be redirected from the Identity Provider with SAML Assertion. The Signing Certificate corresponding to the private key used by the SP to sign the SAML Messages, in case of SAML 2.0 protocol. The Encryption Certificate corresponding to the private key used by the SP to decrypt the SAML Assertion, if SAML 2.0 encryption is to be used. The Logout service endpoint, if SAML 2.0 is used. 8. The customer downloads the metadata.xml file. They import or configure the SP settings in their on-premises environment. 9. The customer then sends another metadata.xml file, which contains information about their on-premises IdP, to Oracle Cloud Operations personnel by attaching the metadata.xml file to the parent SR. 10. Oracle Cloud Operations personnel configure the IdP settings in the customer s nonproduction SaaS environment. They send a verification link to the customer. 11. The customer uses the verification link to test the features of Federated SSO in their on-premises environment. If the customer encounters problems during testing, the customer can request assistance from Oracle Cloud Operations personnel. Note: The customer cannot use the Fusion environment for other operations, during the testing phase. 12. After the testing is complete, the customer sends a confirmation to Oracle. On receiving this confirmation, Oracle Cloud Operations personnel complete the configuration procedures in the customer s production SaaS environment. At this stage, enabling Federated SSO means that the on-premises IdP is solely responsible for authenticating users. Note: By enabling Federated SSO, only those users whose identities have been synchronized between the on-premises IdP and Oracle Cloud will be able to log in to Fusion Application services in Oracle Cloud. For more information on configuring Page 6

identity synchronization, see the document titled Configuring Identity Synchronization in Oracle Fusion Cloud Services, which is attached to the support note ID 1484345.1 on My Oracle Support. Appendix A Note that the customer must have at least one valid user that is imported and synchronized between the on-premises environment and the non-production SaaS environment. This user is required to validate the SSO configuration. Questionnaire Customer Name: 1. Please check which of the following Federation Servers you are using On-Premise? a. Active Directory Federation Server (ADFS 2.0) b. OIF 11g c. Other Note For requests based on products other than ADFS 2.0 and OIF 11g, approvals will be on an exception basis. 2. Please check which of the following Fusion SaaS Application you are currently running? a. HCM b. CRM c. ERP d. Other 3. How many employees / users will be enabled upon go-live? 4. Do you wish to enable SSO for CRM Mobile Apps? a. Yes b. No 5. Which environment would you like to enable? a. URL for Non-Production? i. Approx Target Date: b. URL for Production? i. Approx Target Go-Live Date: 6. Technical Integration Contact Information a. Email: b. Phone numbers i. Office: ii. Cell: Page 7

Understanding Federated Single Sign-On (SSO) Process [April] 2013 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0113

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback