Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configure Oracle Access Manager for SAML Integration

Create a New Identity

...

Provider 

This section assumes that Oracle Access Manager federation services have been enabled.

  1. Sign to the Oracle Access Manager console as an Administrator.
  2. Click the Federation tab at the top of the console.
  3. In the Federation area of the Launch Pad tab, click Service Provider Management. For an explanation of why you select this option when creating an identity provider, see the OAM Federation: Identity Provider & Service Provider Management[ |http://www.ateam-oracle.com/oam-federation-identity-provider-service-provider-management/] blog post.


On the Service Provider Administration tab, click Create Identity Provider Partner.


In the General area, enter a name for the Identity Provider partner and select both the Enable Partner and Default Identity Provider Partner check boxes. Go to the next step before saving.

In the Service Information area:

  1. Select SAML2.0 as the protocol.
  2. Select the Load from provider metadata option.
  3. Click Browse (for Windows) or Choose File (for Mac) and select the Azure AD SAML metadata file that you saved previously.

D. Go to the next step before saving.

...


Important: This configuration defines the user mapping between Azure AD and Oracle Access Manager. Oracle Access Manager will take the value of the NameID element in the incoming SAML assertion and try to look up that value against the mail attribute across all user entries in the configured identity store. Therefore, it's imperative that the Azure AD user principal name (in the Azure AD configuration shown previously) is synchronized with the mail attribute in Oracle Access Manager's identity store.

  1. Click Save to save the identity provider partner.
  2. After the partner is saved, come back to the Advanced area at the bottom of the tab.

...

<?xml version="1.0"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:enc="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:x500="urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Destination="https://login.microsoftonline.com/4e39517e-7ef9-45a79751-6ef6f2d43429/saml2" ID="id-y5nmx61xB8QWXtDmYWcH7rPYs5zXtV-fcKRyyM9" IssueInstant="2019-04-23T17:01:25Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid- format:entity">http://myoamserver.mycompany.com:14100/oam/fedImage RemovedImage Added</saml:Is suer>
<dsig:Signature>
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xmlexc-c14n#"/>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#id-y5nmx61xB8QWXtDmYWcH7rPYs5zXtV-fcKRy-yM9">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms> <dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>pa00UWdqfywm4Qb59HioA6BhD18=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>X4eZRyFD6sznA0g3BJebU2c6ftunG2UvwbMptO+10wFky0aAL nnr0Na+5fF83U4Ut99OvAIZ41K3YMNaR4A8zr37SSlBrb72X7CTtxjh2mAphWDRPmkJx4v
S0HACzZh0MHimdwq+qVXuFRbSLBE+9XNSGWJzGAh//WqGBlNrKnw=</dsig:SignatureV alue>
</dsig:Signature>
</samlp:AuthnRequest>

...

    1. Click Apply to save the change.

...

This section provides simple steps to verify that federation authentication works when initiated from the service provider (SP) and the identity provider (IDP). The steps in this section assume that a user has been created in Azure AD and has been provisioned to the Oracle Access Manager LDAP server and the E-Business Suite database.

...

  1. In a browser, enter https://<ebs_portal_hostname>:<port>/OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE.
  2. When Azure AD prompts you for a username or to pick an account, enter the username.
  3. When you are prompted for a password, enter it and click Sign in.
  4. If you are prompted to Stay signed in?, click Yes.

If the login is successful, you are redirected to the E-Business Suite home page using your user credentials stored in Azure AD.

  1. To log out, click the power button icon in the top-right corner of the E-Business Suite portal.

You are redirected to the Oracle Access Manager host, your session is cleared, and a signed-out message appears.
Image Removed

...

  1. In a browser, enter https://<azure_portal_hostname>/.
  2. When Azure AD prompts you for a username or to pick an account, enter the username.
  3. When you are prompted for a password, enter it and click Sign in.
  4. If you are prompted to Stay signed in?, click Yes.

You are directed to your home page.

  1. Click the E-Business Suite application icon.

You are redirected to the E-Business Suite portal.

  1. To log out of E-Business Suite, click the power button icon in the top-right corner of the portal.

...

    1. .